About the RoleWe are seeking a Senior Insider Threat Investigator to join our Insider Threat organization to assist with monitoring, detecting, and mitigating insider risk. This role sits at the intersection of investigations, intelligence, and risk. You will help Workday identify patterns for detections and build out processes and controls to mitigate identified areas of opportunity. You will work closely with our Security Incident Response Team and Cyber Incident Management team to identify and mitigate enterprise threats to the confidentiality, integrity, and availability of Workday information systems and information.
We are looking for a seasoned investigator who brings deep expertise in insider threat, counterintelligence, or complex corporate investigations, paired with technical expertise to navigate UEBA/SIEM platforms, interpret digital evidence, and leverage open source intelligence.
This position will lead and conduct end-to-end insider threat investigations, spanning initial detection to triage and through resolution and closeout. This will involve interviewing subjects, witnesses, and stakeholders; manage document review and preservation; and execute investigative inquiries in alignment with company policies, establish investigative procedures, and law. The Insider Threat program coordinates with SIRT, IT, and Legal to collect, preserve, and analyze digital evidence in accordance with chain of custody requirements, industry best practices and legal hold requirements.
About YouBasic Qualifications
- 8+ years of progressive experience in insider threat investigations, counterintelligence, corporate investigations, incident response, intelligence analysis, or closely related discipline.
- Bachelor's degree in Criminal justice, Cybersecurity, Intelligence Studies, Law, or closely related field.
- Demonstrated track record leading or materially contributing to insider threat programs and complex, sensitive, cross-functional investigations in a government, corporate, or law enforcement environment.
- Functional proficiency with SIEM platforms (e.g., Splunk, QRadar, Sentinel) and UEBA tools (e.g., Exabeam, Proofpoint, DTEX, Purview); able to construct and execute queries, triage and prioritize alerts, and interpret behavioral analytics outputs.
- Working knowledge of DLP tools, endpoint detection, and digital forensic concepts.
- Familiarity with Insider threat framework, threat assessment principles, including CERT, CISA, and NTTF standards.
- Strong interpersonal and communication skills; able to operate with discretion and credibility across Legal, P&P, and executive stakeholder groups on sensitive matters.
- Sound judgment and integrity; able to navigate ambiguous situations, manage competing priorities, and make defensible decisions under pressure.
Other Qualifications
- Background in federal law enforcement (FBI, NCIS, AFOSI, ACIC), the U.S. Intelligence Community, U.S. military or government intelligence, federal insider threat programs, and cybersecurity.
- Experience building or maturing a formal insider threat program, including development of investigation processes, detection logic, and governance and documentation.
- Experience with case management platforms and maintaining investigation documentation.
- Exposure to behavioral threat assessment and threat management programs; participation in industry working groups and forums.
- CERT Insider Threat Program Manager (ITPM), Global Counter-Insider Threat Professional (GCITP), Certified Counter-Insider Threat Professional - F/A(CCITP), Certified Protection Professional (CPP) Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CompTIA Certifications, GIAC certification, Certified Fraud Examiner (CFE)
Workday Pay Transparency StatementThe annualized base salary ranges for the primary location and any additional locations are listed below. Workday pay ranges vary based on work location. As a part of the total compensation package, this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus, as well as annual refresh stock grants. Recruiters can share more detail during the hiring process. Each candidate's compensation offer will be based on multiple factors including, but not limited to, geography, experience, skills, job duties, and business need, among other things. For more information regarding Workday's comprehensive benefits, please click here.
Primary Location: USA.GA.Atlanta
Primary Location Base Pay Range: $152,000 USD - $228,000 USD
Additional US Location(s) Base Pay Range: $144,400 USD - $258,000 USD
Additional Considerations:
If performed in Colorado, the pay range for this job is $152,000 - $228,000 USD based on min and max pay range for that role if performed in CO.
The application deadline for this role is the same as the posting end date stated as below:
07/25/2026
Our Approach to Flexible WorkWith Flex Work, we're combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply
spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.