All jobs

Security Engineer - Insider Threat

Workday22h ago
United StatesHybridFull-timeSenior Level8+ yrs exp
H-1B sponsor

Top focus

Security EngineerCloud Security Engineer

Your work days are brighter here. We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most.

The minute you join, you’ll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We’re in this together, tackling big challenges with bold ideas and genuine care.

We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you’ll do meaningful work with Workmates who’ve got your back.

In return, we’ll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you’ve found a match in Workday, and we hope to be a match for you too.

About the Team At Workday, we help the world’s largest organizations adapt to what’s next by bringing finance, HR, and planning into a single enterprise cloud. We work hard, and we’re serious about what we do. But we like to have fun, too. We put people first, celebrate diversity, drive innovation, and do good in the communities where we live and work.

Workday's Cyber Defense team helps protect an ever-growing technology, global footprint. We are responsible for monitoring, detecting, and responding to threats to the company and keeping the trust of our customers. Functions like Security Response, Threat Intelligence, Detection Engineering, Secure Code Development and many others make up the fabric of who we are and what we do daily around the world.

About the Role We are seeking a Senior Insider Threat Investigator to join our Insider Threat organization to assist with monitoring, detecting, and mitigating insider risk. This role sits at the intersection of investigations, intelligence, and risk.

You will help Workday identify patterns for detections and build out processes and controls to mitigate identified areas of opportunity. You will work closely with our Security Incident Response Team and Cyber Incident Management team to identify and mitigate enterprise threats to the confidentiality, integrity, and availability of Workday information systems and information.

We are looking for a seasoned investigator who brings deep expertise in insider threat, counterintelligence, or complex corporate investigations, paired with technical expertise to navigate UEBA/SIEM platforms, interpret digital evidence, and leverage open source intelligence.

This position will lead and conduct end-to-end insider threat investigations, spanning initial detection to triage and through resolution and closeout. This will involve interviewing subjects, witnesses, and stakeholders; manage document review and preservation; and execute investigative inquiries in alignment with company policies, establish investigative procedures, and law.

The Insider Threat program coordinates with SIRT, IT, and Legal to collect, preserve, and analyze digital evidence in accordance with chain of custody requirements, industry best practices and legal hold requirements. About You Basic Qualifications 8+ years of progressive experience in insider threat investigations, counterintelligence, corporate investigations, incident response, intelligence analysis, or closely related discipline.

Bachelor’s degree in Criminal justice, Cybersecurity, Intelligence Studies, Law, or closely related field. Demonstrated track record leading or materially contributing to insider threat programs and complex, sensitive, cross-functional investigations in a government, corporate, or law enforcement environment.

Functional proficiency with SIEM platforms (e.g., Splunk, QRadar, Sentinel) and UEBA tools (e.g., Exabeam, Proofpoint, DTEX, Purview); able to construct and execute queries, triage and prioritize alerts, and interpret behavioral analytics outputs.

Working knowledge of DLP tools, endpoint detection, and digital forensic concepts. Familiarity with Insider threat framework, threat assessment principles, including CERT, CISA, and NTTF standards. Strong interpersonal and communication skills; able to operate with discretion and credibility across Legal, P&P, and executive stakeholder groups on sensitive matters.

Sound judgment and integrity; able to navigate ambiguous situations, manage competing priorities, and make defensible decisions under pressure. Other Qualifications Background in federal law enforcement (FBI, NCIS, AFOSI, ACIC), the U.S. Intelligence Community, U.S. military or government intelligence, federal insider threat programs, and cybersecurity.

Experience building or maturing a formal insider threat program, including development of investigation processes, detection logic, and governance and documentation. Experience with case management platforms and maintaining investigation documentation.

Exposure to behavioral threat assessment and threat management programs; participation in industry working groups and forums. CERT Insider Threat Program Manager (ITPM), Global Counter-Insider Threat Professional (GCITP), Certified Counter-Insider Threat Professional – F/A(CCITP), Certified Protection Professional (CPP) Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CompTIA Certifications, GIAC certification, Certified Fraud Examiner (CFE) Workday Pay Transparency Statement The annualized base salary ranges for the primary location and any additional locations are listed below.

Workday pay ranges vary based on work location. As a part of the total compensation package, this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus, as well as annual refresh stock grants. Recruiters can share more detail during the hiring process.

Each candidate’s compensation offer will be based on multiple factors including, but not limited to, geography, experience, skills, job duties, and business need, among other things. For more information regarding Workday’s comprehensive benefits, please click here .

Primary Location: USA.GA.Atlanta Primary Location Base Pay Range: $144,400 USD - $258,000 USD Additional Considerations: If performed in Colorado, the pay range for this job is $152,000 - $228,000 USD based on min and max pay range for that role if performed in CO.

The application deadline for this role is the same as the posting end date stated as below: 07/25/2026 Our Approach to Flexible Work With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work.

We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role).

This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.

Pursuant to applicable Fair Chance law, Workday will consider for employment qualified applicants with arrest and conviction records. Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans. At Workday, we are committed to providing an accessible and inclusive hiring experience where all candidates can fully demonstrate their skills.

If you require assistance or an accommodation at any point, please email accommodations@workday.com . Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process! At Workday, we value our candidates’ privacy and data security.

Workday will never ask candidates to apply to jobs through websites that are not Workday Careers. Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not. In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.

Required skills

insider threatcounterintelligenceincident responseintelligence analysisSIEMUEBADLPdigital forensics
Posted on JobRush — the end-to-end AI job-search platform.