Your work days are brighter here.At Workday, it all began with a conversation over breakfast. When our founders met at a sunny California diner, they came up with an idea to revolutionize the enterprise software market. And when we began to rise, one thing that really set us apart was our culture. A culture which was driven by our value of putting our people first. And ever since, the happiness, development, and contribution of every Workmate is central to who we are. Our Workmates believe a healthy employee-centric, collaborative culture is the essential mix of ingredients for success in business. That’s why we look after our people, communities and the planet while still being profitable. Feel encouraged to shine, however that manifests: you don’t need to hide who you are. You can feel the energy and the passion, it's what makes us unique. Inspired to make a brighter work day for all and transform with us to the next stage of our growth journey? Bring your brightest version of you and have a brighter work day here.About the TeamThe Workday Pentest Team is an internal team of hackers dedicated to improving the security posture of Workday and solidifying customers’ trust by identifying security gaps and risks, performing proactive research, enhancing our defense strategies, and developing tools. It's fun to work in a company where people truly believe in what they're doing. At Workday, we're committed to bringing passion and customer focus to the business of enterprise applications. We work hard, and we're serious about what we do. But we like to have a good time, too. In fact, we run our company with that principle in mind every day: One of our core values is fun.About the RoleAs a Sr. Cybersecurity Engineer, you will be part of an elite team of security professionals and ethical hackers with deep experience in security engineering. The Workday Pentest Team is looking for a seasoned penetration tester to help us perform security assessments and scale security at Workday. On our team, you will be performing vulnerability assessments against Workday applications, services, and networks, as well as developing security automation and tools. You will be researching new threats and executing creative exploits. We need a security engineer with at least 6 years of industry experience who can independently perform vulnerability testing with a high degree of accuracy, develop security threat models, and review network architectures and data flows for potential security risks. An in-depth knowledge of security issues (e.g. OWASP Top 10 as well as latest vulnerabilities) is required.About YouBasic Qualifications5+ years experience in performing penetration tests and/or vulnerability assessments on web, mobile applications and networks.Experience with security tools like Metasploit, Cobalt Strike, NMAP, Qualys etc.Experience with Web Proxy such as BurpSuite, Zap or othersDevelopment/scripting/automation experience in Java , Javascript, Python , Go, Bash.Other QualificationsBachelor’s in computer science, information security, or equivalent work experienceExperience performing security compliance assessments such as PCI. Experience administering bug bounty program and work with the engineering teams for remediation.Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, SSH, TLS, routing protocols)Passion to track the latest developments in vulnerability research and evaluate security impact.Experience with Red Team/Adversarial emulationsContributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.OSCP industry certification (or similar) is highly desired.Experience working with teams in multiple geographical locationsAs a federal contractor, Workday is requiring all new hires to verify that they are fully-vaccinated against COVID-19 within 72 hours of beginning employment with Workday, consistent with applicable law. Workday is an equal opportunity employer. Candidates who are not vaccinated due to a sincerely held religious belief, medical reasons, or other legally-protected reason should contact accommodations@workday.com to explore what, if any, reasonable accommodations or exemptions Workday is able to offer.Pursuant to applicable Fair Chance law, Workday will consider for employment qualified applicants with arrest and conviction records.Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!
View Original Job Posting