UKG
Website:
ukg.com
Job details:
Why UKG
At UKG, the work you do matters. The code you ship, the decisions you make, and the care you show a customer all add up to real impact. Today, tens of millions of workers start and end their days with our workforce operating platform. Helping people get paid, grow in their careers, and shape the future of their industries. That’s what we do.
We never stop learning. We never stop challenging the norm. We push for better, and we celebrate the wins along the way. Here, you’ll get flexibility that’s real, benefits you can count on, and a team that succeeds together. Because at UKG, your work matters—and so do you.
About The Team
Proactive Security team is responsible for driving comprehensive security validation and maintaining strong cyber hygiene across the organization’s products, infrastructure, and applications. This includes continuous technical validation of security controls, assessment of control effectiveness, lifecycle management of critical assets, and proactive oversight of patching processes.
The team owns and manages key cyber hygiene initiatives such as application security (including JFrog and third-party library security), End-of-Life (EOL) tracking programs, third-party patching, attack surface management, and SaaS security governance.
Leveraging advanced Security Scanning and SaaS Security Posture Management (SSPM) tools, the team ensures robust security across SaaS environments. Additionally, Breach and Attack Simulation (BAS) platforms are utilized to continuously validate the effectiveness of security controls across both on-premises and cloud infrastructures.
In collaboration with development teams, the Proactive Security team drives DevSecOps practices, including SAST/DAST monitoring, secure software supply chain management, CI/CD pipeline security validation, and implementation of shift-left security principles.
The core focus of the team is proactive defense—identifying and mitigating infrastructure and application vulnerabilities before exploitation, while ensuring adherence to patching standards, lifecycle management policies, and secure development practices.
Role Summary
We are seeking a Proactive Security L3 to lead comprehensive security posture assurance across UKG's enterprise, spanning infrastructure and application security layers. This is a senior technical role combining infrastructure security expertise, application-level DevSecOps knowledge, and program-level ownership. You will manage EOL and patch compliance programs, oversee application security practices within development teams, coordinate with engineering and platform teams to ensure timely updates, and report on overall security posture to security leadership and stakeholders.
This role is not a vulnerability management position. Instead, you'll own the foundation that prevents vulnerabilities from becoming critical: ensuring infrastructure is current and patched, applications are built securely, and supply chain risks are understood and managed.
Key Responsibilities
Proactive Cyber Hygiene to increase security control effectiveness and coverage (30%)
- Maintain and continuously update cyber hygiene of all infrastructure components (OS, databases, network equipment, cloud services, third-party appliances) and their End-of-Life (EOL) and End-of-Support (EOS) dates, attack surface management.
- Monitor and track different cyber hygiene project status as above across both on-premises data centers and cloud environments (GCP, AWS, Azure)
- Partner with engineering, platform, and IT teams to develop and execute upgrade plans for components approaching EOL, Non- MFA , system not having right detections and alerting etc.
- Define and enforce the cyber hygiene risk acceptance process for situations where upgrade timelines cannot be met, including stakeholder review and CISO approval
- Report quarterly on Cyber Hygiene posture, highlighting upcoming risks and compliance status
Patch Management Assurance (20%)
- Monitor patch compliance across the infrastructure estate, validating that critical, high-priority, and routine patches are applied according to SLA timelines
- Establish and track patch compliance metrics (deployment rate, SLA adherence, patch lag by severity)
- Coordinate with IT operations, platform teams, and application owners to remediate patching gaps and systemic failures
- Maintain patch status dashboards visible to leadership and engineering teams
- Escalate recurring patching failures to appropriate stakeholders for root cause resolution
Application Security & DevSecOps (25%)
- Oversee secure software supply chain practices, including dependency management, Software Bill of Materials (SBOMs), and open-source risk identification
- Validate CI/CD pipeline security controls and shift-left security practices; partner with platform teams to ensure security gates are effective
- Support container and Kubernetes security assessments; ensure container images are scanned and vulnerabilities are tracked
- Collaborate with development teams to establish and enforce secure coding standards and application-level security baselines
Security Controls Assessment (10%)
- Support periodic proactive security architecture assessments, SaaS services assessment using SSPM tools to review security posture across cloud and on-premises infrastructure, including application-layer controls (SAST, dependency scanning)
- Assist with Breach and Attack Simulation (BAS) exercises to validate the effectiveness of defensive controls across both infrastructure and application layers
- Document assessment findings and work with engineering and platform teams to remediate control gaps
- Track remediation progress and validate control improvements
Reporting & Governance (15%)
- Produce weekly, monthly, and quarterly reports on EOL status, patch compliance, application security, and overall control health for security leadership
- Maintain executive-facing dashboards showing infrastructure and application security posture trends
- Support audit and compliance requirements with evidence of patching, EOL management, application security practices, and control validation
- Translate technical infrastructure and application security risk into business-context language for both technical and non-technical stakeholders
- Identify systemic security gaps across infrastructure and applications, and propose program-level improvements
Required Qualifications
- 4+ years of experience in security operations, infrastructure security, IT security engineering, or closely related cybersecurity discipline
- Demonstrated experience managing EOL/EOS tracking programs across large, complex, multi-environment infrastructure estates
- Hands-on experience with enterprise patch management tooling (WSUS, SCCM, Tanium, or equivalent)
- Proven ability to coordinate across multiple engineering, platform, and operations teams to drive compliance and remediation outcomes
- Strong understanding of OS-level, middleware, database, and network infrastructure security principles
- Basic understanding of DevSecOps practices, CI/CD pipelines, and secure application development workflows
- Familiarity with SAST/DAST scanning concepts and vulnerability remediation workflows for applications
- Knowledge of software supply chain security principles, including dependency management and open-source risk
- Experience producing metrics, dashboards, and executive-level reporting on infrastructure health and compliance
- Familiarity with cloud environments (GCP, AWS, Azure) and cloud-native service EOL/update considerations
- Strong written and verbal communication skills—ability to clearly articulate infrastructure and application security risk to both technical teams and leadership
- Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or equivalent professional experience
Preferred Qualifications
- Experience with Security Scanning and Posture Management (SSPM) tools (e.g., Crowdstrike Falcon, Varonis, Obsidian, Tenable One, or similar platforms)
- Familiarity with Breach and Attack Simulation (BAS) platforms
- Knowledge of common EOL/lifecycle management standards and frameworks (NIST, CIS benchmarks)
- Experience working in SaaS, multi-tenant, or highly regulated enterprise environments handling sensitive data
- Background with Configuration Management Database (CMDB) or IT asset inventory tooling
- Experience in infrastructure or operations roles before transitioning to security
- Hands-on experience with SAST tools (SonarQube, Checkmarx, Snyk, GitHub Advanced Security, or similar)
- Familiarity with container security (Docker, container scanning, Kubernetes security)
- Experience with CI/CD platforms (GitHub Actions, GitLab CI, Jenkins, or similar)
- Knowledge of supply chain security practices
- Experience supporting or mentoring development teams on secure coding practices and shift-left security
- Security certifications: CompTIA Security+, CISSP, or equivalent
- Familiarity with developer and operations workflows (Jira, ServiceNow, GitHub, deployment pipelines)
- Experience integrating multiple tools and systems via APIs or automation
Company Overview
UKG is the Workforce Operating Platform that puts workforce understanding to work. With the world's largest collection of workforce insights, and people-first AI, our ability to reveal unseen ways to build trust, amplify productivity, and empower talent, is unmatched. It's this expertise that equips our customers with the intelligence to solve any challenge in any industry — because great organizations know their workforce is their competitive edge. Learn more at ukg.com.
UKG is proud to be an equal opportunity employer and is committed to promoting diversity and inclusion in the workplace, including the recruitment process.
Disability Accommodation in the Application and Interview Process
For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com
Click on Apply to know more.