About the Team

About the Role

As a Principal engineer, you will serve as the primary visionary for how our risk data is structured, analyzed, and automated, acting as the bridge between the Cybersecurity Risk organization and our Engineering teams.

About You

Basic Qualifications

9+ Years of Experience building custom GRC (Governance, Risk, and Compliance) platforms.

Software Engineering & Development: Demonstrable proficiency in Python, Go, or Java with a strong background in version control (Git), API design, and the ability to build complex PoCs for risk models.

Full-Lifecycle Engineering Governance: Proven mastery of the end-to-end SDLC, including the creation and oversight of comprehensive SRS documentation, Project Plans, and Product Backlogs to ensure architectural alignment from initial planning through to deployment and maintenance.

Architectural & Quality Standards: Validated expert ability to define System Architectures, Data Models (ERDs), and API specifications while enforcing rigorous QA standards through formalized Test Plans, automated Build Scripts, and Production Operations manuals.

Experience leading the technical roadmap for software engineering teams or data scientists without direct reporting authority (e.g., Lead, Principal, or Staff level experience).

Technical Influence: Data & Automation Engineering: Verifiable proficiency in data pipeline logic, ELT/ETL processes, and data quality assurance, specifically as they apply to automating security telemetry.

Other Qualifications

Strategic Technical Translation: Architect high-level business and security "end-states" into sophisticated process designs and technical specifications. You will own the translation of risk philosophy into the logic used by our engineering squads.

Risk Domain Authority: Serve as the definitive Subject Matter Expert (SME) for defining risk metrics and calculation methodologies, specifically within:

Enterprise Risk (ERM): Designing and implementing data-driven risk frameworks (e.g., NIST, FAIR) through sophisticated automation.

Third-Party Risk (TPRM): Architecting systems for automated due diligence, continuous monitoring, and assessment scoring for our vendor ecosystem.

Cross-Functional Influence: Champion security risk automation across the organization, mentoring junior engineers and influencing stakeholders on best practices for data-driven risk modeling.

Essential Domain Knowledge

Mastery of Cybersecurity Risk: A proven track record of designing and implementing Enterprise and Third-Party Risk Management (TPRM) programs at scale.

Architectural Design: Demonstrated ability to take a blank slate and define complex security processes, translating them into technical user stories, functional specifications, and logic diagrams.

Advanced Risk Modeling: Expertise in quantitative risk analysis (e.g., Monte Carlo simulations or FAIR methodology) and how to programmatically apply these models to software.

Workday Pay Transparency Statement

The annualized base salary ranges for the primary location and any additional locations are listed below. Workday pay ranges vary based on work location. As a part of the total compensation package, this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus, as well as annual refresh stock grants. Recruiters can share more detail during the hiring process. Each candidates compensation offer will be based on multiple factors including, but not limited to, geography, experience, skills, job duties, and business need, among other things. For more information regarding Workdays comprehensive benefits, please .

Our Approach to Flexible Work

With Flex Work, were combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means youll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.