View All Jobs 132371

Principal Cybersecurity Engineer - Remote Eligible

Build automated security risk assessment and mitigation systems at scale
Remote
Expert
yesterday
Workday

Workday

Provides cloud-based enterprise applications for finance, human resources, planning, and analytics to help organizations manage operations and workforce.
24 Similar Jobs at Workday

Principal Cybersecurity Engineer

We're obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we're shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you'll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We're in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you'll do meaningful work with Workmates who've got your back. In return, we'll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you've found a match in Workday, and we hope to be a match for you too.

We are seeking a highly skilled Principal cybersecurity engineer to architect the development of our internal suite of Cybersecurity Risk Management and Automation tools. This role requires a rare blend of deep domain expertise in security risk and the technical ability to bridge the gap between high-level strategy and robust software execution. As a Principle engineer, you will serve as the primary visionary for how our risk data is structured, analyzed, and automated, acting as the bridge between the Cybersecurity Risk organization and our Engineering teams.

About the Role

As a Principle engineer, you will serve as the primary visionary for how our risk data is structured, analyzed, and automated, acting as the bridge between the Cybersecurity Risk organization and our Engineering teams.

About You

Key Responsibilities & Focus Areas

  • Strategic Technical Translation: Architect high-level business and security "end-states" into sophisticated process designs and technical specifications. You will own the translation of risk philosophy into the logic used by our engineering squads.

  • Risk Domain Authority: Serve as the definitive Subject Matter Expert (SME) for defining risk metrics and calculation methodologies, specifically within:

    • Enterprise Risk (ERM): Designing and implementing data-driven risk frameworks (e.g., NIST, FAIR) through sophisticated automation.

    • Third-Party Risk (TPRM): Architecting systems for automated due diligence, continuous monitoring, and assessment scoring for our vendor ecosystem.

  • Technical Implementation Lead: While not managing people, you will lead the technical direction for software engineers focused on data pipelines (ELT) and tool development, ensuring the architectural integrity of the final product.

  • Process Engineering: Design and optimize automated internal processes, leveraging security telemetry to drive automated identification, prioritization, and remediation of risks at scale.

  • Cross-Functional Influence: Champion security risk automation across the organization, mentoring junior engineers and influencing stakeholders on best practices for data-driven risk modeling.

Essential Technical & Domain Qualifications

  • Software Engineering & Development: Strong background in software engineering principles (SDLC, version control, API design). Must be proficient in at least one programming or scripting language (e.g., Python, Go, or Java) and capable of performing code reviews or building proof-of-concept (PoC) scripts for risk models and automated workflows.

  • Mastery of Cybersecurity Risk: A proven track record of designing and implementing Enterprise and Third-Party Risk Management (TPRM) programs at scale.

  • Architectural Design: Demonstrated ability to take a blank slate and define complex security processes, translating them into technical user stories, functional specifications, and logic diagrams.

  • Technical Influence: Experience leading the technical roadmap for software engineering teams or data scientists without direct reporting authority (e.g., Lead, Principal, or Staff level experience).

  • Data & Automation Engineering: High proficiency in data pipeline logic, ELT/ETL processes, and data quality assurance, specifically as they apply to automating security telemetry.

  • Advanced Risk Modeling: Expertise in quantitative risk analysis (e.g., Monte Carlo simulations or FAIR methodology) and how to programmatically apply these models to software.

Bonus Qualifications

  • Experience building custom GRC (Governance, Risk, and Compliance) platforms.

Our Approach to Flexible Work

With Flex Work, we're combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.

Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!

At Workday, we value our candidates' privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.

Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.

In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.

+ Show Original Job Post
Suggest a correction
























Principal Cybersecurity Engineer - Remote Eligible
Remote
Engineering
Apply to job
About Workday
Provides cloud-based enterprise applications for finance, human resources, planning, and analytics to help organizations manage operations and workforce.