Security Engineer - Insider Threat

WorkdayAtlanta, GA
Hybrid

About The Position

We are seeking a Senior Insider Threat Investigator to join our Insider Threat organization to assist with monitoring, detecting, and mitigating insider risk. This role sits at the intersection of investigations, intelligence, and risk. You will help Workday identify patterns for detections and build out processes and controls to mitigate identified areas of opportunity. You will work closely with our Security Incident Response Team and Cyber Incident Management team to identify and mitigate enterprise threats to the confidentiality, integrity, and availability of Workday information systems and information. We are looking for a seasoned investigator who brings deep expertise in insider threat, counterintelligence, or complex corporate investigations, paired with technical expertise to navigate UEBA/SIEM platforms, interpret digital evidence, and leverage open source intelligence. This position will lead and conduct end-to-end insider threat investigations, spanning initial detection to triage and through resolution and closeout. This will involve interviewing subjects, witnesses, and stakeholders; manage document review and preservation; and execute investigative inquiries in alignment with company policies, establish investigative procedures, and law. The Insider Threat program coordinates with SIRT, IT, and Legal to collect, preserve, and analyze digital evidence in accordance with chain of custody requirements, industry best practices and legal hold requirements.

Requirements

  • 8+ years of progressive experience in insider threat investigations, counterintelligence, corporate investigations, incident response, intelligence analysis, or closely related discipline.
  • Bachelor’s degree in Criminal justice, Cybersecurity, Intelligence Studies, Law, or closely related field.
  • Demonstrated track record leading or materially contributing to insider threat programs and complex, sensitive, cross-functional investigations in a government, corporate, or law enforcement environment.
  • Functional proficiency with SIEM platforms (e.g., Splunk, QRadar, Sentinel) and UEBA tools (e.g., Exabeam, Proofpoint, DTEX, Purview); able to construct and execute queries, triage and prioritize alerts, and interpret behavioral analytics outputs.
  • Working knowledge of DLP tools, endpoint detection, and digital forensic concepts.
  • Familiarity with Insider threat framework, threat assessment principles, including CERT, CISA, and NTTF standards.
  • Strong interpersonal and communication skills; able to operate with discretion and credibility across Legal, P&P, and executive stakeholder groups on sensitive matters.
  • Sound judgment and integrity; able to navigate ambiguous situations, manage competing priorities, and make defensible decisions under pressure.

Nice To Haves

  • Background in federal law enforcement (FBI, NCIS, AFOSI, ACIC), the U.S. Intelligence Community, U.S. military or government intelligence, federal insider threat programs, and cybersecurity.
  • Experience building or maturing a formal insider threat program, including development of investigation processes, detection logic, and governance and documentation.
  • Experience with case management platforms and maintaining investigation documentation.
  • Exposure to behavioral threat assessment and threat management programs; participation in industry working groups and forums.
  • CERT Insider Threat Program Manager (ITPM), Global Counter-Insider Threat Professional (GCITP), Certified Counter-Insider Threat Professional – F/A(CCITP), Certified Protection Professional (CPP) Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CompTIA Certifications, GIAC certification, Certified Fraud Examiner (CFE)

Responsibilities

  • Lead and conduct end-to-end insider threat investigations, spanning initial detection to triage and through resolution and closeout.
  • Interview subjects, witnesses, and stakeholders.
  • Manage document review and preservation.
  • Execute investigative inquiries in alignment with company policies, establish investigative procedures, and law.
  • Coordinate with SIRT, IT, and Legal to collect, preserve, and analyze digital evidence in accordance with chain of custody requirements, industry best practices and legal hold requirements.
  • Identify patterns for detections and build out processes and controls to mitigate identified areas of opportunity.
  • Assist with monitoring, detecting, and mitigating insider risk.

Benefits

  • Workday Bonus Plan or a role-specific commission/bonus
  • Annual refresh stock grants
  • Comprehensive benefits
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service