Principal cybersecurity engineer

About the Team

We are seeking a highly skilled Principal cybersecurity engineer to architect the development of our internal suite of Cybersecurity Risk Management and Automation tools. This role requires a rare blend of deep domain expertise in security risk and the technical ability to bridge the gap between high-level strategy and robust software execution.

As a Principal engineer, you will serve as the primary visionary for how our risk data is structured, analyzed, and automated, acting as the bridge between the Cybersecurity Risk organization and our Engineering teams.

About the Role

As a Principal engineer, you will serve as the primary visionary for how our risk data is structured, analyzed, and automated, acting as the bridge between the Cybersecurity Risk organization and our Engineering teams.

About You

Basic Qualifications

• 9+ Years of Experience building custom GRC (Governance, Risk, and Compliance) platforms.
• Software Engineering & Development: Proficiency in Python, Go, or Java with strong background in version control (Git), API design, and ability to build complex PoCs for risk models.
• Full-Lifecycle Engineering Governance: Mastery of end-to-end SDLC including creation and oversight of SRS documentation, Project Plans, and Product Backlogs.
• Architectural & Quality Standards: Ability to define System Architectures, Data Models (ERDs), API specifications, and enforce QA standards through Test Plans, automated Build Scripts, and Production Operations manuals.
• Experience leading technical roadmap for software engineering teams or data scientists without direct reporting authority.
• Technical Influence: Proficiency in data pipeline logic, ELT/ETL processes, and data quality assurance for automating security telemetry.

Other Qualifications

• Strategic Technical Translation: Architect high-level business and security "end-states" into process designs and technical specifications.
• Risk Domain Authority: Subject Matter Expert for defining risk metrics and calculation methodologies within Enterprise Risk (ERM) and Third-Party Risk (TPRM).
• Cross-Functional Influence: Champion security risk automation, mentor junior engineers, and influence stakeholders on best practices.

Essential Domain Knowledge

• Mastery of Cybersecurity Risk: Proven track record designing and implementing Enterprise and Third-Party Risk Management programs at scale.
• Architectural Design: Ability to define complex security processes and translate them into technical user stories, functional specifications, and logic diagrams.
• Advanced Risk Modeling: Expertise in quantitative risk analysis (e.g., Monte Carlo simulations, FAIR methodology) and programmatic application to software.

Workday Pay Transparency Statement

The annualized base salary ranges for the primary location and any additional locations are listed below. Workday pay ranges vary based on work location. This role may be eligible for the Workday Bonus Plan or role-specific commission/bonus, as well as annual refresh stock grants.

Primary Location: USA.VA.Reston

Primary Location Base Pay Range: $184,800 USD - $277,200 USD

Additional US Location(s) Base Pay Range: $167,200 USD - $300,000 USD

Our Approach to Flexible Work

With Flex Work, we combine in-person time and remote work. Teams spend at least half (50%) of their time each quarter in the office or in the field with customers, prospects, and partners depending on role. This allows freedom to create flexible schedules while being intentional about time spent together.

Equal Opportunity

Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans. We are committed to providing an accessible and inclusive hiring experience. If you require assistance or accommodation, please email accommodations@workday.com.

Additional Information

Workday will never ask candidates to apply through non-Workday websites or pay recruiting fees or coaching services to apply.