Perform security assessments and scale security at Workday
Conduct vulnerability assessments against Workday applications, services, and networks
Develop security automation and tools
Research new threats and execute creative exploits

Requirements

8+ years of progressive experience in a similar role
3+ yrs of experience leading PenTests in one or more areas such as public cloud infrastructure (AWS, Google Cloud), modern web applications, enterprise network assessments, API testing, AI Agentic Redteaming
3+ yrs of experience with one or more scripting languages for automation (python, Go, Bash, Ruby, etc.)
Understanding of modern security best practices such as OWASP Top 10 & MITRE ATT&CK framework
Knowledge of networking & technology fundamentals and how to attack their weaknesses (TCP/IP stack, Linux, Docker, Kubernetes, Microservice architectures)
Must have experience with Web Proxy such as BurpSuite, Zap or others
Have one or more industry leading certifications (OSCP, CRTE, CRTO, ARTE, CPTS, etc.)
Have Bug Bounty submissions experience or have independent research e.g. GitHub projects
The ability to triage findings and work on remediation plans with partner teams
Excellent written & verbal communication skills

Benefits

Workday Bonus Plan
Role-specific commission/bonus
Annual refresh stock grants

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security assessmentsvulnerability assessmentssecurity automationscripting languagesAPI testingnetwork assessmentsOWASP Top 10MITRE ATT&CKTCP/IP stackLinux

Soft Skills

leadershipcommunicationtriageremediation planning

Certifications

OSCPCRTECRTOARTECPTS