Job Description

Lead Vulnerability Management Researcher

Join to apply for the Lead Vulnerability Management Researcher role at UKG

Lead Vulnerability Management Researcher

2 weeks ago Be among the first 25 applicants

Join to apply for the Lead Vulnerability Management Researcher role at UKG

Get AI-powered advice on this job and more exclusive features.

Company Overview

With 80,000 customers across 150 countries, UKG is the largest U.S.-based private software company in the world. And we’re only getting started. Ready to bring your bold ideas and collaborative mindset to an organization that still has so much more to build and achieve? Read on.

Company Overview

With 80,000 customers across 150 countries, UKG is the largest U.S.-based private software company in the world. And we’re only getting started. Ready to bring your bold ideas and collaborative mindset to an organization that still has so much more to build and achieve? Read on.

At UKG, you get more than just a job. You get to work with purpose. Our team of U Krewers are on a mission to inspire every organization to become a great place to work through our award-winning HR technology built for all.

Here, we know that you’re more than your work. That’s why our benefits help you thrive personally and professionally, from wellness programs and tuition reimbursement to U Choose — a customizable expense reimbursement program that can be used for more than 200+ needs that best suit you and your family, from student loan repayment, to childcare, to pet insurance. Our inclusive culture, active and engaged employee resource groups, and caring leaders value every voice and support you in doing the best work of your career. If you’re passionate about our purpose — people —then we can’t wait to support whatever gives you purpose. We’re united by purpose, inspired by you.

We are a rapidly scaling SaaS company serving a global customer base across diverse industries. Security is a top priority, and we are building a mature and proactive program to protect our platform, data, and customers. With a large and distributed engineering organization, we are looking for a Lead, Vulnerability Management Analyst, who can bridge the gap between security and development at scale.

Role Summary

As the Lead for vulnerability management, you will be responsible for shaping and advancing our comprehensive strategy for identifying and mitigating vulnerabilities across both application/product layers and infrastructure—whether in the cloud or on-premises. You’ll collaborate closely with engineering, DevOps, SRE, and product teams to ensure vulnerabilities are swiftly identified, evaluated, and resolved, all while maintaining the pace of innovation. Your role will also involve leveraging data to drive prioritization and integrating scalable security practices directly into our engineering processes.

Key Responsibilities

• Lead the vulnerability management program across SaaS application layers (code, APIs, containers, dependencies) and supporting infrastructure (cloud services, VMs, networks).
• Conduct security research on cloud and AI to ensure a strong code-level skillset around OWASP top 10 and similar vulnerabilities, and be comfortable presenting results.
• Work with the DevSecOps team to integrate vulnerability detection into CI/CD pipelines and development workflows, enabling shift-left security without friction.
• Collaborate with thousands of engineers across multiple teams to contextualize and prioritize vulnerabilities based on business impact and threat intelligence.
• Good understanding of the vulnerability management tool stack, including SAST, DAST, container scanning, dependency scanning, and infrastructure scanning tools (e.g., Checkmarx One, Rapid7, Wiz, etc.).
• Drive remediation SLAs and reporting in coordination with Product and Engineering leadership.
• Design and deliver clear, actionable dashboards and reports for engineers, executives, and risk/compliance stakeholders.
• Partner with DevSecOps, Security Architecture, Security Engineering, and GRC teams to align on enterprise risk and compliance goals.
• Mentor vulnerability analysts or engineers, while scaling the vulnerability management function through automation and self-service where possible.

Required Qualifications

• 7+ years of cybersecurity experience with deep knowledge of vulnerability management in SaaS or tech-native environments.
• Expertise in both application and infrastructure vulnerabilities, including hands-on familiarity with OWASP Top 10, CVEs, insecure cloud configurations, container risks, and supply chain vulnerabilities.
• Solid understanding of modern software development practices, CI/CD pipelines, micro services, and cloud-native infrastructure (GCP, AWS, Kubernetes, Terraform, etc.).
• Demonstrated experience working closely with large engineering organizations and influencing security culture in a fast-paced dev environment.
• Experience managing security tools and integrating them into automated engineering workflows.
• Strong analytical, communication, and project management skills.

Preferred Qualifications

• Previous experience in a SaaS company with a multi-cloud or cloud-native environment.
• Security certifications such as CISSP, CSSLP, or cloud-specific certs (e.g., AWS Security Specialty).
• Experience with vulnerability correlation, risk scoring models, or threat-based prioritization approaches.
• Familiarity with frameworks like NIST CSF, SOC 2, or ISO 27001.

Where we’re going

UKG is on the cusp of something truly special. Worldwide, we already hold the #1 market share position for workforce management and the #2 position for human capital management. Tens of millions of frontline workers start and end their days with our software, with billions of shifts managed annually through UKG solutions today. Yet it’s our AI-powered product portfolio designed to support customers of all sizes, industries, and geographies that will propel us into an even brighter tomorrow!

Equal Opportunity Employer

UKG is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, disability, religion, sex, age, national origin, veteran status, genetic information, and other legally protected categories.

View The EEO Know Your Rights poster

UKG participates in E-Verify. View the E-Verify posters here .

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Disability Accommodation in the Application and Interview Process

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com .

The pay range for this position is $112,300 to $161,400, however, base pay offered may vary depending on skills, experience, job-related knowledge and location. This position is also eligible for a short-term incentive and a long-term incentive as part of total compensation. Information about UKG’s comprehensive benefits can be reviewed on our careers site at

Seniority level

• Seniority level

  Not Applicable

Employment type

• Employment type

  Full-time

Job function

• Job function

  Information Technology

• Industries

  Computer Hardware Manufacturing, Software Development, and IT Services and IT Consulting

Referrals increase your chances of interviewing at UKG by 2x

Get notified about new Security Researcher jobs in San Francisco, CA .

Cyber Google Security Operations - Consultant

San Francisco, CA $128,000.00-$178,000.00 2 weeks ago

Security Control Assessor (SCA) II - Ramstein, Germany

Hayward, CA $129,835.00-$139,984.00 4 hours ago

Senior Security Engineer, Corporate Security

Senior Data Security Analyst - Data Classification & Governance

San Francisco, CA $162,000.00-$230,000.00 5 hours ago

Security Business Intelligence Analyst- Hybrid_Oakland, CA (Local Only)

Cyber Google Security Operations - Senior Consultant

Cyber Google Security Operations AI Focus - Senior Consultant

Senior Security Engineer, Hardware Detection

Microsoft 365 Security Senior Consultant

San Francisco, CA $118,700.00-$218,600.00 4 days ago

Sr Staff, InfoSec Engineer - Security Architecture

San Francisco, CA $174,400.00-$231,200.00 1 month ago

Manager, Information Security Innovation Engineer (Automation and Innovation)

Cyber Oracle Cloud Security - Consultant

San Francisco, CA $80,370.00-$155,100.00 1 day ago

Dynamics 365 Platform Security Senior Consultant

San Francisco, CA $118,700.00-$218,600.00 3 days ago

Sr Staff, Infosec Engineer - Selling Channel Security

San Francisco, CA $174,400.00-$231,200.00 1 month ago

Cyber Oracle Cloud Security - Senior Consultant

San Francisco, CA $84,000.00-$115,200.00 4 days ago

San Francisco, CA $120,000.00-$200,000.00 3 months ago

Walnut Creek, CA $150,000.00-$165,000.00 1 month ago

San Francisco, CA $108,000.00-$150,000.00 2 days ago

San Mateo, CA $156,720.00-$190,130.00 2 weeks ago

San Francisco, CA $241,300.00-$306,700.00 6 days ago

San Rafael, CA $105,00]]> <

Job Tags

Full time, Temporary work, Local area, Worldwide, Shift work,

Similar Jobs