Your work days are brighter here.
We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you’ll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We’re in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you’ll do meaningful work with Workmates who’ve got your back. In return, we’ll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you’ve found a match in Workday, and we hope to be a match for you too.
About the Team
We are growing our cybersecurity response program to continue to deliver world class capabilities. Our team is building the Security Center of the future to further our customer’s confidence in our platform. Consequently, we are committed to the continuous advancement of our investigative methodologies across the domains of incident response, digital forensics (DFIR), threat hunting, security automation, and data loss prevention, while integrating artificial intelligence into our operational workflows. We respond quickly, efficiently and regain control by minimizing the threat of damage caused by malicious activities. We are a highly visible global security function that collaborates closely with multiple Workday teams. We work hard and push each other to constantly improve, but in an environment that is fun and considered the best company to work for.
About the Role
Workday is seeking a dedicated and proficient security professional possessing extensive security engineering and response expertise. This is an opportunity to contribute to a highly visible team involved in all major cybersecurity events, where your skills and experience will be used to inspire confidence and trust in Workday.
This is a highly technical role with the understanding that you are already conversant in incident response, security automation, system security, network security, threat hunting, digital forensics, and artificial intelligence. This role will push you to understand the inner workings of our SaaS platform and couple that with traditional security practices on premise. We have resources in every cloud, including our own. We offer a hybrid/flexible schedule for employees.
About You
Basic Qualifications
- 6+ years of experience as a security engineer/analyst in related domains
- Bachelor’s Degree or equivalent experience
Other Qualifications
Other relevant certification/s and training (e.g. Offensive Security, SANS, CISSP, Specific Security Tooling, etc.).
Solid understanding of common attacker techniques and the threat landscape (e.g., MITRE ATT&CK, phishing, credential theft, lateral movement, data exfiltration).
Deep hands‑on experience with security monitoring and incident response across cloud and/or hybrid environments (e.g., AWS, Azure, GCP, SaaS platforms).
Python, Ruby and other scripting languages is essential, as is a strong understanding of Linux/OSX and Windows.
Demonstrated capability to oversee multiple complex projects and competing priorities effectively while fulfilling core operational obligations.
Excellent analytical and problem‑solving skills; able to reason about incomplete data and make pragmatic decisions under time pressure.
High level of ownership and accountability; comfortable taking the lead during high‑severity incidents.
Commitment to continuous learning and staying current with evolving attacker techniques, tools, and security technologies.
Clear written and verbal communication skills, with the ability to translate complex technical findings into language suitable for non‑technical stakeholders.
Experience in some or all of the following:
- Security alert triage and investigation
- Incident response and incident management
- Threat hunting and digital forensics
- SIEM and SOAR security technologies and solutions
- Leveraging artificial intelligence to enhance processes
- Secure Software Development Lifecycle (SSDLC)
You will engage in the following activities:
- Monitor and respond to security alerts and events from SIEM, EDR, network security tools, cloud platforms, and other telemetry sources as part of a follow-the-sun model.
- Lead and coordinate technical investigations for all‑severity security incidents (e.g., endpoint compromise, account takeover, data exfiltration, insider threat).
- Conduct hypothesis‑driven threat hunting using available telemetry to identify previously undetected malicious activity.
- Design and implement improvements to IR tooling, including SOAR workflows, custom scripts, and integrations that reduce mean time to detect/respond, identify automation opportunities and where artificial intelligence can be leveraged for enhancement.
- Contribute to the architecture and tuning of SIEM, EDR, logging pipelines, and security tooling to ensure high‑quality, actionable alerts.
- Work closely with security engineering and platform teams to embed response capabilities into core infrastructure and services.
- Mentor and coach junior team members, sharing best practices and driving a culture of learning and operational excellence.
Our Approach to Flexible Work
With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.
At Workday, we are committed to providing an accessible and inclusive hiring experience where all candidates can fully demonstrate their skills. If you require assistance or an accommodation at any point, please email accommodations@workday.com.
Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!
At Workday, we value our candidates’ privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.
Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.
In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.