Your work days are brighter here.
We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you’ll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We’re in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you’ll do meaningful work with Workmates who’ve got your back. In return, we’ll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you’ve found a match in Workday, and we hope to be a match for you too.
About the Team
At Workday, the Authentication Security team is the cornerstone of our user trust and safety. We build and maintain the critical services that act as the front door to our entire ecosystem. Our mission is to provide secure, scalable, and seamless access for millions of users, protecting their data while enabling a frictionless experience. We are a team of passionate engineers dedicated to solving complex challenges in the authentication and identity space!
About the Role
Join our Identity & Authentication Security team as an experienced Senior Software Developer to design and build highly resilient identity and authentication systems. We’re looking for a hands-on technical leader who loves building scalable, distributed security infrastructure.
In this role, you will bridge the gap between Identity Lifecycle Management (provisioning/SCIM) and Authentication standards (OIDC, SAML, FIDO). You will thrive in ambiguity, turning abstract security requirements into concrete, robust solutions that remain resilient under heavy load. If you are a problem-solver who enjoys navigating complex security architecture and mentoring others to do the same, this is your opportunity to shape the future of our platform.
What You’ll Do
- Architect Identity Lifecycle Management: Design and implement robust SCIM (System for Cross-domain Identity Management) endpoints to automate the provisioning, updating, and de-provisioning of users across the Workday ecosystem.
- Modernize Authentication Services: Build and maintain high-performance services and APIs for secure, seamless access using OIDC, OAuth 2.0, SAML, and FIDO standards.
- Define Platform Strategy: Partner with engineering and product leadership to bridge the gap between security requirements and a concrete roadmap for our identity and access management (IAM) platform.
- Ensure Data Consistency: Solve complex synchronization challenges, ensuring user identity attributes remain consistent and secure across distributed microservices and external identity providers.
- Engineer for Resilience: Leverage design patterns like circuit-breaking, idempotency, and backpressure to ensure our identity services remain available under heavy load and during partial system failures.
- Champion Best Practices: Lead the adoption of clean code, scalable software design patterns, and comprehensive technical documentation within the team.
- Collaborate and Innovate: Work across engineering and support organizations to debug complex identity flows, resolve customer-facing authentication issues, and iterate on new security features.
- Operational Excellence: Participate in a shared on-call rotation, leading incident response and service restoration for the critical infrastructure that protects our users.
About You
Basic Qualifications
- 5+ years of software development experience, with a proven track record of designing, building, and maintaining scalable distributed systems in Java, Scala, or Kotlin.
- Deep expertise in Identity Lifecycle Management (ILM), specifically implementing and scaling SCIM 2.0 for automated user provisioning and de-provisioning.
- Strong command of Authentication protocols, including hands-on experience with OIDC, OAuth 2.0, and SAML 2.0.
- Architectural Maturity: Demonstrated experience applying patterns for resilient services, such as circuit-breaking, backpressure, and ensuring idempotency in distributed state changes.
- API-First Mindset: Expertise in RESTful API design and managing complex data schemas for user attributes and group memberships.
- Bachelor's degree in a computer-related field or equivalent work experience.
Other Qualifications
- Familiarity with modern security threats and mitigation strategies (e.g., token theft, session hijacking, or MFA via FIDO2/WebAuthn).
- Experience with relational databases (MySQL, PostgreSQL) and caching layers (Redis) to manage high-concurrency identity lookups.
- Experience with Docker, Kubernetes, and CI/CD pipelines (Jenkins/GitLab) in a microservices environment.
- Experience using Prometheus, Grafana, or OpenTelemetry to monitor the health and latency of critical path authentication flows.
- Lead complex technical initiatives, write clear design documents, and mentor peers through code reviews and architectural discussions.
Our Approach to Flexible Work
With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.
At Workday, we are committed to providing an accessible and inclusive hiring experience where all candidates can fully demonstrate their skills. If you require assistance or an accommodation at any point, please email accommodations@workday.com.
Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!
At Workday, we value our candidates’ privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.
Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.
In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.