[Hiring] Senior Staff Offensive Security Operator @UKG

Role Description

We are seeking a Sr. Staff Offensive Security Operator to lead and execute red team engagements across UKG's multi-cloud enterprise environment. This role combines deep technical expertise in offensive security with a strong emphasis on AI-powered automation, autonomous testing frameworks, and scalable attack simulation. You will design and execute complex attack scenarios, develop AI-enhanced offensive tooling, and deliver findings that drive measurable risk reduction across the organization.

Key Responsibilities

• Offensive Operations (30%)
  • Plan and execute full-scope red team engagements (network, application, cloud, social engineering) against UKG's production and corporate environments.
  • Conduct assume-breach exercises targeting multi-tenant infrastructure to validate cross-tenant isolation and breakout resistance.
  • Perform adversary emulation aligned with MITRE ATT&CK framework, simulating nation-state and criminal threat actor TTPs relevant to the HCM/payroll industry.
  • Execute purple team exercises with the SOC to validate detection coverage and response capabilities.
  • Conduct M&A security assessments for newly acquired companies and integrations.
  • Deliver executive-level readouts and technical reports that translate offensive findings into business risk language.
• AI-Powered Offensive Automation (40%)
  • Design, build, and maintain autonomous security testing frameworks that leverage AI/ML for vulnerability discovery, exploit chain generation, and attack path analysis.
  • Develop AI-assisted reconnaissance and target enumeration tools using LLMs (Claude) and custom agents for scalable attack surface analysis.
  • Build and operate continuous automated red teaming pipelines that test UKG's defenses without manual intervention.
  • Create AI-powered C2 frameworks, payload generators, and evasion tools that adapt to defensive controls in real-time.
  • Integrate offensive tooling with Claude, MCP servers, and enterprise AI infrastructure for AI-assisted security operations.
  • Develop automation that generates findings, routes tickets, and tracks remediation — reducing the gap between discovery and fix.
• Strategic Leadership (20%)
  • Drive the red team's technical strategy and roadmap, identifying high-value targets and emerging attack surfaces (Product, Custom AI, and cloud-native services).
  • Mentor and develop junior offensive security operators, building team capability in AI-augmented offensive techniques.
  • Represent the red team in cross-functional security initiatives, architecture reviews, and incident response when offensive expertise is needed.
  • Maintain awareness of emerging threats, zero-day vulnerabilities, and adversary tradecraft relevant to UKG's technology stack.
• Research & Knowledge Sharing (10%)
  • Publish internal research on novel attack techniques, AI-assisted exploitation, and cloud security assessment methodology.
  • Contribute to the team's Claude Code skills store and shared automation repositories.
  • Develop and maintain red team infrastructure (honeypots, C2, phishing platforms) using infrastructure-as-code.
  • Stay current on offensive security conferences, findings, etc - and incorporate new techniques into operations.

Qualifications

• 8+ years of experience in offensive security, red teaming, or penetration testing in enterprise environments.
• 5+ years conducting red team engagements against cloud environments including multi-tenant architectures.
• Deep expertise in at least 3: network exploitation, web application security, Active Directory attacks, cloud infrastructure attacks, social engineering, physical security.
• Strong proficiency in AI, Python, Go, or C/C++ for offensive tool development and automation.
• Demonstrated experience building automated security testing tools, frameworks, or pipelines.
• Experience with Kubernetes, container security, and cloud-native attack techniques.
• Experience with C2 frameworks and adversary simulation platforms.
• Knowledge of MITRE ATT&CK framework and adversary emulation methodology.
• Experience with AI/ML security — attacking AI systems, prompt injection, model poisoning, or building AI-powered offensive tools.
• Experience developing autonomous security testing agents using LLMs.
• Excellent written and verbal communication skills — ability to translate technical findings into business risk for executive audiences.
• Bachelor's degree in Computer Science, Cybersecurity, or equivalent experience.

Preferred Qualifications

• Published CVEs, security research papers, or conference presentations (DEF CON, Black Hat, etc.).
• Experience in SaaS/multi-tenant environments processing sensitive data (HCM, payroll, healthcare, financial).
• OSCP, OSCE, OSEP, CRTO, GXPN, or equivalent offensive security certifications.
• Familiarity with .NET, Java/Kotlin, and legacy application security assessment.
• Experience building infrastructure-as-code (Terraform, Pulumi) for red team operations.
• Prior experience in a Sr. Staff / Principal level role with cross-team technical leadership.

What Sets This Role Apart

This is not a traditional red team role. We are building the future of offensive security through AI-augmented automation. You will:

• Work on a team where all members build production automation — this is an engineering-first security team.
• Have access to enterprise AI infrastructure to build next-generation offensive tools.
• Operate against one of the largest HCM/payroll platforms in the world — protecting tens of thousands of customer organizations.
• Have direct impact — your findings directly prevent issues across UKG's entire customer base.
• Lead the integration of AI into offensive security operations, pioneering techniques that scale red team impact beyond headcount.

Compensation & Benefits

• UKG offers a comprehensive total rewards package including competitive base salary, annual bonus, equity, full medical/dental/vision, 401(k) match, unlimited PTO, and professional development budget.
• This role is eligible for remote work anywhere in the US.