Do what you love. Love what you do.

At Workday, we help the world’s largest organizations adapt to what’s next by bringing finance, HR, and planning into a single enterprise cloud. We work hard, and we’re serious about what we do. But we like to have fun, too. We put people first, celebrate diversity, drive innovation, and do good in the communities where we live and work.

About the Team

Performs security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities. Designs and develops security features for products including systems, applications and/or solutions. Integrates new security features and updates into existing products and ensures the security of all products is maintained throughout the product lifecycle. Provides product security engineering recommendations and resolves integration and testing issues. Builds a standardized set of security product requirements and produces metrics to report performance against those requirements. Reviews and defines security diagnostics and tools to facilitate the analysis and reporting of security events. Detects and mitigates security risks, responds to product security incidents, and works with customers regarding product security related issues. Leads or participates in security architecture and design review meetings.

About the Role

This role’s charter is to develop, build, deploy, and support security tools, systems and frameworks with the goal of incorporating security best practice into the day-to-day workflow of all application service teams at Workday. The successful candidate will have a demonstrated ability to work with application development and pipeline teams. You will be working in a rapid iteration, resilience and scalability are key non-functional requirements. This will require you to work effectively within your own team but also to coordinate with others in teams both locally and in other time zones.

What you will do:

• Design, develop, deploy and maintain an ecosystem of security tools, systems and frameworks that will allow development teams to weave security controls into their SDLC.
• Partner with our development teams to envision new ways to deliver “secure-by-default” experiences for all of our products and services.
• Collaborate with our security review teams to develop secure solutions, patterns and frameworks to address security risks and threats
• Embed secure-by-design and secure-by-default into standard working practices and the daily workflows of developers.
• Develop continuous monitoring and metrics for security tools
• Stay ahead of industry technology and business trends. Actively drives product technology and engineering process innovation to help Workday be a leader in Security

About You

• You are an exceptionally strong individual contributor that can make a meaningful impact to Workday's technical security controls. 
• You approach challenges with sense of optimism and positivity
• You are able to successfully work with a team of dedicated security professionals to implement projects from design to delivery
• You are capable of engaging with the wider development organisation to further security goals as well as representing Workday externally
• You love to innovate and will drive and support purposeful innovation in your team
• You hold yourself accountable for the solutions you deliver and are always willing to help others

What you should have:

• Bachelor's degree in computer science or equivalent combination of education and experience.
• 5+ years of experience in security engineering, DevOps or pipeline development.
• Strong interest in Security and DevSecOps
• Experience developing in at least one modern programming language e.g. Golang, Ruby, Python, Java 8+, Scala, Rust, JavaScript
• Working knowledge of pipeline automation in CI / CD system e.g. Jenkins, Bamboo, Teamcity
• Practical Experience with at least one cloud platform e.g. AWS, Azure, GCP
• Experience with at least one of the major Infrastructure as Code languages e.g. Terraform, Chef, Ansible, CloudFormation etc.
• Ability to communicate effectively to different stakeholders (senior management, peers, junior colleagues, external teams using our platform);
• Knowledge of deploying applications using containers and/or Kubernetes
• Experience working in an Agile environment / with Agile development methodologies

What we hope you have:

• Experience with deployment of one or more of the security tools commonly used in development pipelines e.g. SAST, DAST or IAST tools, Fuzzing tools, Twistlock, Snyk, Hashicorp Vault
• Experience in developing, deploying, and supporting security specific solutions including the automation of repeatable security tasks and controls.
• Experience with cloud platforms: OpenStack, VMWare.
• Knowledge of authentication and encryption fundamentals.
• Practical knowledge of Linux systems

What we offer:

• Career & Capability Growth
• Wellness Program
• Pension
• Health Insurance & Dental Plan
• Employee Assistance Program
• Tax Saver Scheme
• Stock Schemes
• 27 Days Annual Leave

Our values:

• Employees
• Customer Service
• Innovation
• Integrity
• Fun
• Profitability

#LI-GS

• Bachelor's degree in computer science or equivalent combination of education and experience.
• 5+ years of experience in security engineering, DevOps or pipeline development.
• Strong interest in Security and DevSecOps
• Experience developing in at least one modern programming language e.g. Golang, Ruby, Python, Java 8+, Scala, Rust, JavaScript
• Working knowledge of pipeline automation in CI / CD system e.g. Jenkins, Bamboo, Teamcity
• Practical Experience with at least one cloud platform e.g. AWS, Azure, GCP
• Experience with at least one of the major Infrastructure as Code languages e.g. Terraform, Chef, Ansible, CloudFormation etc.
• Ability to communicate effectively to different stakeholders (senior management, peers, junior colleagues, external teams using our platform);
• Knowledge of deploying applications using containers and/or Kubernetes
• Experience working in an Agile environment / with Agile development methodologies