Workday

Security Engineer - Insider Threat

Workday$152K — $228K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years' experience in insider threat investigations, counterintelligence, or related fields.
  • Bachelor's degree in Criminal Justice, Cybersecurity, Intelligence Studies, Law, or a similar area.
  • Proven experience leading insider threat programs and complex investigations in government or corporate settings.
  • Proficient with SIEM platforms and UEBA tools, capable of executing queries and interpreting analytics.
  • Knowledgeable in DLP tools and digital forensic concepts.
  • Understanding of industry standards like CERT, CISA, and NTTF on threat assessments.
  • Strong interpersonal skills; able to communicate effectively on sensitive issues with various stakeholders.

Responsibilities

  • Lead end-to-end insider threat investigations from detection through resolution.
  • Collaborate with Security Incident Response and Cyber Incident Management teams on enterprise threats.
  • Conduct interviews with subjects, witnesses, and stakeholders as part of investigations.
  • Manage document review and preservation in line with company policies.
  • Execute investigative inquiries ensuring compliance with legal standards and best practices.
  • Establish procedures for investigation processes and controls to mitigate insider risks.
  • Analyze digital evidence while adhering to chain of custody requirements.

Benefits

  • Flexible work schedule with an emphasis on in-person and remote collaboration.
  • Participation in the Workday Bonus Plan and potential role-specific incentives.
  • Access to annual stock grants as part of the total compensation package.
  • Comprehensive health and wellness benefits.
  • Opportunities for professional development and certifications.
Full Job Description
About the Role

We are seeking a Senior Insider Threat Investigator to join our Insider Threat organization to assist with monitoring, detecting, and mitigating insider risk. This role sits at the intersection of investigations, intelligence, and risk. You will help Workday identify patterns for detections and build out processes and controls to mitigate identified areas of opportunity. You will work closely with our Security Incident Response Team and Cyber Incident Management team to identify and mitigate enterprise threats to the confidentiality, integrity, and availability of Workday information systems and information.

We are looking for a seasoned investigator who brings deep expertise in insider threat, counterintelligence, or complex corporate investigations, paired with technical expertise to navigate UEBA/SIEM platforms, interpret digital evidence, and leverage open source intelligence.

This position will lead and conduct end-to-end insider threat investigations, spanning initial detection to triage and through resolution and closeout. This will involve interviewing subjects, witnesses, and stakeholders; manage document review and preservation; and execute investigative inquiries in alignment with company policies, establish investigative procedures, and law. The Insider Threat program coordinates with SIRT, IT, and Legal to collect, preserve, and analyze digital evidence in accordance with chain of custody requirements, industry best practices and legal hold requirements.

About You

Basic Qualifications
  • 8+ years of progressive experience in insider threat investigations, counterintelligence, corporate investigations, incident response, intelligence analysis, or closely related discipline.
  • Bachelor's degree in Criminal justice, Cybersecurity, Intelligence Studies, Law, or closely related field.
  • Demonstrated track record leading or materially contributing to insider threat programs and complex, sensitive, cross-functional investigations in a government, corporate, or law enforcement environment.
  • Functional proficiency with SIEM platforms (e.g., Splunk, QRadar, Sentinel) and UEBA tools (e.g., Exabeam, Proofpoint, DTEX, Purview); able to construct and execute queries, triage and prioritize alerts, and interpret behavioral analytics outputs.
  • Working knowledge of DLP tools, endpoint detection, and digital forensic concepts.
  • Familiarity with Insider threat framework, threat assessment principles, including CERT, CISA, and NTTF standards.
  • Strong interpersonal and communication skills; able to operate with discretion and credibility across Legal, P&P, and executive stakeholder groups on sensitive matters.
  • Sound judgment and integrity; able to navigate ambiguous situations, manage competing priorities, and make defensible decisions under pressure.


Other Qualifications
  • Background in federal law enforcement (FBI, NCIS, AFOSI, ACIC), the U.S. Intelligence Community, U.S. military or government intelligence, federal insider threat programs, and cybersecurity.
  • Experience building or maturing a formal insider threat program, including development of investigation processes, detection logic, and governance and documentation.
  • Experience with case management platforms and maintaining investigation documentation.
  • Exposure to behavioral threat assessment and threat management programs; participation in industry working groups and forums.
  • CERT Insider Threat Program Manager (ITPM), Global Counter-Insider Threat Professional (GCITP), Certified Counter-Insider Threat Professional - F/A(CCITP), Certified Protection Professional (CPP) Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CompTIA Certifications, GIAC certification, Certified Fraud Examiner (CFE)


Workday Pay Transparency Statement

The annualized base salary ranges for the primary location and any additional locations are listed below. Workday pay ranges vary based on work location. As a part of the total compensation package, this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus, as well as annual refresh stock grants. Recruiters can share more detail during the hiring process. Each candidate's compensation offer will be based on multiple factors including, but not limited to, geography, experience, skills, job duties, and business need, among other things. For more information regarding Workday's comprehensive benefits, please click here.

Primary Location: USA.GA.Atlanta

Primary Location Base Pay Range: $152,000 USD - $228,000 USD

Additional US Location(s) Base Pay Range: $144,400 USD - $258,000 USD

Additional Considerations:

If performed in Colorado, the pay range for this job is $152,000 - $228,000 USD based on min and max pay range for that role if performed in CO.

The application deadline for this role is the same as the posting end date stated as below:

07/25/2026

Our Approach to Flexible Work

With Flex Work, we're combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.

About Workday

Workday, Inc. is a provider of enterprise cloud applications for finance and human resources. The Company delivers financial management, human capital management and analytics applications designed for various companies, educational institutions and government agencies. As part of its applications, the Company provides embedded analytics that capture the content and context of everyday business events, facilitating informed decision-making from wherever users are working. Its applications include Workday Financial Management, Workday Human Capital Management (HCM) and Other Applications. It also provides open, standards-based Web-services application programming interfaces, and pre-built packaged integrations and connectors. Workday, Inc. is headquartered in Pleasanton, California.
Learn more about Workday
Size
15,932 employees
Market Cap
$42.2 billion
Industry
Net Income
-$282.4 million
Founded
2005
5 Year Trend
+26.7%
Revenue
$4.3 billion
NASDAQ

Similar Jobs

More Jobs at Workday

More Information Technology Jobs

Find similar Security Engineer - Insider Threat jobs: