UKG (Ultimate Software Group)

Manager, Vulnerability Research & Management

General Information

Ref #:

20240037294

Travel Amount Required:

Up to 25%

Job Type:

Regular-Full Time

Location:

Atlanta - Georgia - United States, Lowell - Massachusetts - United States, Weston - Florida - United States

Company Overview

Here at UKG, our purpose is people™. Our HR, payroll, and workforce management solutions help organizations unlock happier outcomes for all. And our U Krewers, who build those solutions and support our business, are talented, collaborative, and innovative problem-solvers. We strive to create a culture of belonging and an employee experience that empowers our people – both at work and at home. Our benefits show that we care about the whole you, from adoption and surrogacy assistance to tuition reimbursement and wellness programs. Our employee resource groups provide a welcoming place to land, learn, and connect with those who share your passions and interests. What are you waiting for? Learn more at www.ukg.com/careers #WeAreUKG

Description & Qualifications

Description

About the Team:

The UKG Vulnerability Management Team deals with safeguarding the organization's digital assets by identifying, assessing, and mitigating potential security vulnerabilities. Primarily, we process vulnerability data from an array of sources and facilitate, track, and report on the remediation status of identified vulnerabilities. Sources include an array of automated tools, as well as findings from internal and 3rd party tests.

About the Role:

The Manager is responsible for leading all research and management of vulnerabilities across UKG. You will lead, manage, develop, and grow a highly skilled team who is responsible for understanding technical vulnerabilities, their risk and probability of impact to the organization, as well as tracking identified vulnerabilities throughout their lifecycle. Candidates must be able to prepare, analyze and present a variety of security metrics and reports and identify recommendations using a risk-based approach. If you enjoy working in a rapidly changing global organization, this position will provide you with a great opportunity to work with high performing skilled professionals and teams.

Primary/Essential Duties and Key Responsibilities:

• Lead enterprise-wide vulnerability research and management projects and initiatives.

• Continuously drive the coverage and visibility of the vulnerability research and management program.

• Direct and manage a team of vulnerability security researchers and analysts who research, map and provide impact assessments to identify, alert, prioritize and mitigate weaknesses in our technologies and environments.

• Identify areas of improvement, and sponsor projects to drive enhancements on automation, metrics quality and coverage.

• Serve as the functional subject matter expert for discussion of application, cloud and infrastructure vulnerabilities, prioritization, and remediation.

• Directs and oversees work activities of team; empowers staff in the successful performance of their tasks and responsibilities while encouraging innovation.

• Ensure all activities are properly documented and updated.

• Respond to any internal or external audit and security compliance initiatives that relate to vulnerability tracking.

• Clearly communicate vision, deliverables, and project status to management and key technical and business stakeholders.

• Influence change across the organization to continuously enhance our security posture.

Qualifications

About you:

Basic Qualifications:

• Bachelor’s Degree in Information Systems, Computer Science or related discipline or equivalent work experience.

• Minimum of five (5) years of experience in both security management and vulnerability management lifecycle

• Hands on knowledge of application and infrastructure vulnerability scanning tools (e.g., Rapid7, Nessus, Qualys, Checkmarx, Fortify, etc.)

• Working knowledge of OWASP Top 10

• Experience in driving discussion and consensus involving cross functional teams (including remote and offshore) over security recommendations and planned actions.

• Technical background required in systems administration or programming to understand the characteristics and exploitation vectors for vulnerabilities being reported.

• Previous experience in analyzing data to present relevant metrics to remediation stakeholders and leadership.

Preferred Qualifications:

• Previous experience with vulnerability management in Cloud environments.

• Preferred certifications: GMON, GXPN, GPEN, GWAPT, OSCP, GCIH or OSWE.

• Demonstrate knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices.

#LI-hybrid

EEO Statement

Equal Opportunity Employer

Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws.

View The EEO Know Your Rights poster (https://www.eeoc.gov/sites/default/files/2022-10/EEOC_KnowYourRights_screen_reader_10_20.pdf) and its supplement .

View the Pay Transparency Nondiscrimination Provision (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf)

UKG participates in E-Verify. View the E-Verify posters here (https://www.e-verify.gov/sites/default/files/everify/posters/EVerifyParticipationPoster.pdf) .

Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com.