Principal Cybersecurity Engineer - US Federal

WorkdayReston, VA
$184,800 - $300,000Hybrid

About The Position

This role supports one or more direct or indirect contracts with the U.S. Federal Government, which, due to federal government security requirements, mandates that all Workday personnel working on the contracts be United States citizens (naturalized or native). The Platform Security Engineering team is responsible for the architecture, engineering, and maintenance of the systems that protect the Workday product. Operating entirely within AWS, the engineer will treat "Security as Code," ensuring Vulnerability Management, SIEM, and SOAR tools are robust, scalable, and automated. This role is the primary engineering partner to the SOC, building the high-fidelity tools they rely on to keep customers safe.

Requirements

  • Must be a United States citizen (naturalized or native) due to federal government security requirements.
  • Ability to obtain and maintain a U.S. government issued security clearance.
  • AWS Mastery: Deep experience architecting and engineering across Compute, Storage, Networking, and Security.
  • Container Orchestration: Heavy hands-on experience with Kubernetes (K8s) and Docker, specifically regarding lifecycle management and security hardening.
  • Software Engineering: Advanced proficiency in Python.
  • Infrastructure as Code: Proven track record using Terraform (or equivalent IaC) to manage complex environments.
  • AI-Augmented Workflow: Proficient at leveraging AI tools to accelerate daily output and problem-solving.
  • Data Synthesis: Ability to distill complex technical data into clear, visual narratives for stakeholders.

Nice To Haves

  • An active TS/SCI w/CI Poly is preferred.
  • Preferred DoD 8570/8140 compliant with at least IAT Level II certification, including a current Computing Environment (CE) credential and one approved specialty certification (e.g., CompTIA CySA+, GICSP, CASP+).
  • CI/CD Expertise: Experience building or maintaining robust pipelines in GitLab CI, GitHub Actions, or Jenkins.
  • EKS Specialization: Specific experience managing production workloads on Amazon Elastic Kubernetes Service.
  • SaaS at Scale: A background in securing large-scale, high-traffic, customer-facing SaaS platforms.

Responsibilities

  • Design and maintain the lifecycle of our core security stack (Vulnerability Management, SIEM, and SOAR) in a native AWS environment.
  • Secure, manage, and monitor Kubernetes clusters and containerized workloads.
  • Ensure tooling scales alongside containerized infrastructure.
  • Use tools like Terraform, CloudFormation, or CDK to deploy and manage security infrastructure, ensuring environments are version-controlled and immutable.
  • Leverage Python to bridge the gaps between commercial tools, building integrations or custom logic when a tool hits its limit.
  • Actively use AI tools and LLMs as a "force multiplier" to accelerate development, optimize code, and automate repetitive tasks.
  • Transform complex security telemetry into actionable, visual insights by building dashboards that show partners exactly where we stand and where gaps remain.
  • Work to integrate security tooling into the developer workflow, ensuring engineering is as agile as the product it protects.

Benefits

  • Workday Bonus Plan or a role-specific commission/bonus
  • Annual refresh stock grants
  • Comprehensive benefits
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service