Lead Product Security Engineer

Job Summary:
UKG is seeking a talented Product Security Engineer to join our internal Global Security Research & Architecture team chartered to drive remediation of application security vulnerabilities within the UKG product lines. The goal of this team is to ensure the security of software applications throughout the Software Development Life Cycle. This role will require a strong technical background and expertise in software development and security.

This is a rare opportunity for the right Application Security Engineer to join UKG's award winning team. You will be working alongside some of the best in the business. If you are qualified and want to join our top-rated team, apply online today.

Primary/Essential Duties and Key Responsibilities:

• Collaborate with development teams to integrate security best practices into the software development lifecycle.
• Conduct code reviews and security assessments to identify and mitigate vulnerabilities.
• Develop and maintain security tools and scripts to automate security tasks and improve efficiency.
• Analyze results from SAST, DAST, and Secret Scanners.
• Provide guidance and support to engineering teams on secure coding practices and threat modeling.
• Identify, report, and prioritize application security vulnerabilities and work with development teams to remediate them.
• Support and partner with UKG internal Security Champions program.
• Provide guidance on secure coding standards and conduct code reviews to ensure adherence.
• Create and maintain documentation for security processes, procedures, and guidelines.
• Participate in security audits and assessments.
• Continuously improve Secure Software Development Life Cycle (S-SDLC) processes and environments
• Assist in the investigation and resolution of security incidents related to applications.

Basic Qualifications:
• Bachelor's degree in computer science or software engineering.
• 5+ years of proven experience in application security and software development.
• Knowledge of cloud platforms such as GCP, AWS, and other cloud environments.
• Understanding of SaaS applications and mobile application security.
• Proven experience in application security, with a focus on secure SDLC practices.
• Proficiency in programming languages such as Python, Java, or C#.
• Strong scripting skills for automating security tasks.
• Hands-on experience with security testing tools like SAST, DAST, and Secret Scanners.
• Experience with application security tools and techniques (e.g., SAST, DAST, SCA, Secure Code Reviews).
• Strong understanding of security frameworks and standards (e.g., OWASP, NIST, SafeCode)
• Strong communication and collaboration skills.

Preferred Qualifications:
• Relevant security certifications (e.g., CISSP, CEH, OSCP).
• Experience with cloud security and DevSecOps practices.
• Knowledge of regulatory requirements and industry standards (e.g., GDPR, PCI-DSS).