Sr Cybersecurity Engineer

About The Position

Requirements

• 8+ years of progressive experience in a similar role
• 3+ yrs of experience leading PenTests in one or more areas such as public cloud infrastructure (AWS, Google Cloud), modern web applications, enterprise network assessments, API testing, AI Agentic Redteaming
• 3+ yrs of experience with one or more scripting languages for automation (python, Go, Bash, Ruby, etc.)
• Understanding of modern security best practices such as OWASP Top 10 & MITRE ATT&CK framework
• Knowledge of networking & technology fundamentals and how to attack their weaknesses (TCP/IP stack, Linux, Docker, Kubernetes, Microservice architectures)
• Must have experience with Web Proxy such as BurpSuite, Zap or others

Nice To Haves

• One or more industry leading certifications (OSCP, CRTE, CRTO, ARTE, CPTS, etc.)
• Bug Bounty submissions experience or have independent research e.g. GitHub projects
• The ability to triage findings and work on remediation plans with partner teams
• Excellent written & verbal communication skills

Responsibilities

• Perform security assessments and scale security at Workday.
• Perform vulnerability assessments against Workday applications, services, and networks.
• Develop security automation and tools.
• Research new threats and execute creative exploits.
• Conduct advanced offensive security operations including red teaming, purple teaming, vulnerability research, and credentials auditing to simulate real-world threats and identify weaknesses.
• Collaborate with dedicated Workmates globally.
• Manage Workday's external and internal bug bounty programs, fostering partnerships with our developers and external researchers to uncover and responsibly disclose vulnerabilities.
• Continuously improve Workday's security posture and ensure the highest level of protection for our users.

Benefits

• Workday Bonus Plan or a role-specific commission/bonus
• Annual refresh stock grants
• Comprehensive benefits