Your work days are brighter here.
At Workday, it all began with a conversation over breakfast. When our founders met at a sunny California diner, they came up with an idea to revolutionize the enterprise software market. And when we began to rise, one thing that really set us apart was our culture. A culture which was driven by our value of putting our people first. And ever since, the happiness, development, and contribution of every Workmate is central to who we are. Our Workmates believe a healthy employee-centric, collaborative culture is the essential mix of ingredients for success in business. That’s why we look after our people, communities and the planet while still being profitable. Feel encouraged to shine, however that manifests: you don’t need to hide who you are. You can feel the energy and the passion, it's what makes us unique. Inspired to make a brighter work day for all and transform with us to the next stage of our growth journey? Bring your brightest version of you and have a brighter work day here.
At Workday, we value our candidates’ privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.
Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.
In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.
About the Team
In support of the phenomenal growth in the number of Workday customers and Workmates, we are growing our cybersecurity response program to continue to deliver world class capabilities. Our team is building the Security Center of the future to further our customer’s confidence in our platform. This means we are continually innovating our investigative capabilities in the areas of incident response, digital forensics (DFIR), threat hunting, and security automation. We respond quickly, efficiently and regain control by minimizing the threat of damage caused by malicious activities. We are a highly visible global security function that collaborates closely with multiple Workday teams. We work hard and push each other to constantly improve, but in an environment that is fun and considered the best company to work for.
About the Role
About The Role
Workday is looking for a passionate and experienced security professional to join our SIRT. This is an opportunity to contribute to a highly visible team involved in all major cybersecurity events, where your skills and experience will be used to inspire confidence and trust in Workday.
This is a highly technical role with the understanding that you are already conversant in incident response, security automation, system security, network security, and threat hunting. This role will push you to understand the inner workings of our SaaS platform and couple that with traditional security practices on premise. We have resources in every cloud, including our own.
You will engage in the following activities:
Workday is looking for a passionate and experienced security professional to join our SIRT. This is an opportunity to contribute to a highly visible team involved in all major cybersecurity events, where your skills and experience will be used to inspire confidence and trust in Workday.
This is a highly technical role with the understanding that you are already conversant in incident response, security automation, system security, network security, and threat hunting. This role will push you to understand the inner workings of our SaaS platform and couple that with traditional security practices on premise. We have resources in every cloud, including our own.
You will engage in the following activities:
- Experience responding to operational queue work as part of a follow-the-sun model
- Lead cyber security incident response and investigation efforts. This includes digital forensics and cloud security events
- Improve threat detection capability by performing gap analyses and remediation
- Identify where we can apply AI/LLM tech to extend the coverage, quality and speed of the security monitoring and response capabilities
- Collaborate with incident responders, threat hunters, and other internal teams to understand their AI/LLM needs, gather requirements, and deliver effective engineering solutions to support the work of the SIRT.
- Actively participate in incident response activities, including digital forensic investigations and security event analysis, leveraging and enhancing security tools to support these efforts.
- Contribute to the team's technical growth by mentoring colleagues on AI/LLM best practices, tooling, scripting and processes.
About You
Basic Qualifications
- Bachelor’s Degree in Computer Science, Data Science, Cybersecurity, or a related STEM field, or equivalent demonstrable practical experience and engineering excellence.
- 3+ years of hands-on experience in a security engineering, data science, or security operations role with a strong focus on applying AI and machine learning to security challenges.
Other Qualifications
- Ability to drive multiple projects and priorities while managing operational responsibilities
- Demonstrated knowledge of adversary TTPs (Tactics, Techniques and Procedures)
- Deep understanding of network and application security threats, attack techniques, and mitigation options and network related protocols (e.g. TCP/IP, IPSEC, routing protocols, etc.)
- Python, Ruby and other scripting languages is essential, as is a strong understanding of Linux/OSX and Windows
- Understanding of how AI can be applied to threat detection, incident analysis, and response, including knowledge of common attack vectors (MITRE ATT&CK Framework).
- Experience with prompt engineering, fine-tuning large language models (LLMs) for security-specific tasks, and understanding the security risks associated with LLMs (e.g., prompt injection, data poisoning).
- Experience participating in incident response processes where AI/ML tools were used to accelerate investigation, analysis, and containment.
- Excellent verbal and written communication skills
- Experience in some or all of the following:
- Experience with cloud security concepts, solutions, and automation
- Experience in incident response and incident management
- Experience with threat hunting techniques
- Experience with SIEM and SOAR security technologies and solutions
- Experience in performing digital forensics and securely acquiring data from various sources
Our Approach to Flexible Work
With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.
Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!