Identity Security Engineer

Your work days are brighter here.

At Workday, it all began with a conversation over breakfast. When our founders met at a sunny California diner, they came up with an idea to revolutionize the enterprise software market. And when we began to rise, one thing that really set us apart was our culture. A culture which was driven by our value of putting our people first. And ever since, the happiness, development, and contribution of every Workmate is central to who we are. Our Workmates believe a healthy employee-centric, collaborative culture is the essential mix of ingredients for success in business. That’s why we look after our people, communities and the planet while still being profitable. Feel encouraged to shine, however that manifests: you don’t need to hide who you are. You can feel the energy and the passion, it's what makes us unique. Inspired to make a brighter work day for all and transform with us to the next stage of our growth journey? Bring your brightest version of you and have a brighter work day here.

At Workday, we value our candidates’ privacy and data security.  Workday will never ask candidates to apply to jobs through websites that are not Workday Careers. 

  

Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.

  

In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.

About the Team

The Enterprise Identity team is passionate about securing Workday's identity landscape within our increasingly cloud-dependent environment. Our mission is to design and implement scalable identity security solutions that protect enterprise access, improve zero-trust strategies, and drive automation, compliance, and resilience. Our team specializes in the critical domains of non-human identity security (NHI) and identity threat protection (ITP)for the entire Workday organization. We are a collaborative and encouraging environment focused on proactively mitigating risks in these key areas, including the emerging landscape of Artificial Intelligence (AI).

About the Role

You will play a key role in the specialized areas of NHI security and ITP within Workday's evolving cloud environment, with a forward-looking perspective on the security implications of AI and Agentic AI. Your main focus will be on securing non-human entities, as well as implementing and managing solutions to proactively detect and respond to identity-based threats, including those potentially using or targeting AI agents. You will be instrumental in strengthening Workday's overall security posture and advancing our zero-trust initiatives in these critical domains, including but not limited to:

• Designing and implementing security frameworks and tools specifically for NHIs (e.g., service accounts, applications, APIs) within cloud and on-premise environments.

• Developing and deploying solutions for identity threat detection and response (ITDR) to proactively identify, analyze, and mitigate malicious activity targeting both human and non-human identities, including novel threats potentially involving AI agents.

• Architecting and maintaining secure AuthN (authentication) and AuthZ (authorization) mechanisms for non-human entities, ensuring least privilege and secure access to resources across diverse systems.

• Driving initiatives to implement just-in-time (JIT) access and eliminate standing privileges for machine identities, using ephemeral credentials where feasible.

• Developing and maintaining comprehensive documentation, including security policies, standards, procedures, and architectural diagrams.

• Contributing to the automation of security controls, provisioning processes, and threat response workflows for NHIs, exploring opportunities maximise AI and automation for enhanced security.

• Staying up-to-date with the latest threats, vulnerabilities, and standard processes related to NHI security, ITDR, cloud security, and the emerging AI landscape.

• Collaborating with multi-functional teams, including Business Technology, Product & Technology, Cyber Defense, and Infrastructure Engineering, to integrate security standard methodologies for non-human identities into applications, infrastructure as code (IaC), and cloud service deployments, as well as on broader related projects and initiatives.

• Partnering with Governance, Risk & Compliance and audit team members to ensure identity controls meet regulatory and compliance requirements (e.g., SOX, ISO 27001, NIST).

About You

Basic Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent experience.

• Experience in Identity and Access Management (IAM), API security, and security automation within cloud-native and hybrid environments is highly desirable.

• Solid understanding of security principles and standard methodologies, with a deep focus on IAM concepts.

Other Qualifications:

• Demonstrated knowledge and experience in one or more of the following areas:

  • Non-Human Identity Management (e.g. secrets management, API security, application identity management).

  • ITDR tools and techniques (e.g., anomaly detection, behavioral analytics).

  • Cloud IAM services (e.g., AWS IAM, Azure AD, GCP IAM).

  • Authentication and authorization protocols (e.g., OAuth 2.0, SAML, Kerberos).

  • Awareness of risks associated with LLM-based applications (e.g., secret leaks, identity impersonation, agent-to-agent chaining vulnerabilities).

  • IaC security considerations for identity management.

• Familiarity with Zero Trust security principles.

• Experience with security tools and technologies relevant to the specialisation (e.g., CI/CD, AWS Secrets Manager, HashiCorp Vault, Azure Key Vault, Okta Workflows, SIEM/SOAR platforms etc.).

• Strong analytical and problem-solving skills, with the ability to investigate and resolve complex security issues related to identity.

• Superb communication and collaboration abilities, with the capacity to explain technical concepts to both technical and non-technical audiences.

• Ability to work independently, run multiple tasks effectively, and prioritize in a dynamic environment.

• Experience with scripting languages (e.g., Python, PowerShell) for automation and analysis.

• Relevant security certifications (e.g., CISSP, Security+, CySA+, CEH, AWS/Azure Security certifications, vendor-specific IAM certifications) are a plus, as is any foundational knowledge of identity security principles.

• Experience contributing to open-source or internal tools, or publishing content (e.g., blogs, talks, or research) that advance identity security especially in areas like automation, observability, non-human identities (NHIs), or AI-related risks.

Our Approach to Flexible Work
 

With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.

Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!