Principal Software Development Engineer (Cybersecurity Risk & Automation)

Your work days are brighter here.

We're obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we're shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you'll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We're in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you'll do meaningful work with Workmates who've got your back. In return, we'll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you've found a match in Workday, and we hope to be a match for you too.

About the Team

We are seeking a highly skilled Principal cybersecurity engineer to architect the development of our internal suite of Cybersecurity Risk Management and Automation tools. This role requires a rare blend of deep domain expertise in security risk and the technical ability to bridge the gap between high-level strategy and robust software execution.
As a Principle engineer, you will serve as the primary visionary for how our risk data is structured, analyzed, and automated, acting as the bridge between the Cybersecurity Risk organization and our Engineering teams.

About the Role

As a Principal Software Development Engineer you will serve as the primary visionary for how our risk data is structured, analysed, and automated, acting as the bridge between the Cybersecurity Risk organization and our Engineering teams.

About You

Must Have Qualifications :-

• 9+ Years of Experience building custom GRC (Governance, Risk, and Compliance) platforms.

• Software Engineering & Development: Proficient in Python, Go, or Java with a strong background in version control (Git), API design, and the ability to build complex PoCs for risk models.

• Full-Lifecycle Engineering Governance: Mastery of the end-to-end SDLC, including the creation and oversight of comprehensive SRS documentation, Project Plans, and Product Backlogs to ensure architectural alignment from initial planning through to deployment and maintenance.

• Architectural & Quality Standards: Expert ability to define System Architectures, Data Models (ERDs), and API specifications while enforcing rigorous QA standards through formalized Test Plans, automated Build Scripts, and Production Operations manuals.

• Experience leading the technical roadmap for software engineering teams or data scientists without direct reporting authority (e.g., Lead, Principal, or Staff level experience).

• Technical Influence: Data & Automation Engineering: High proficiency in data pipeline logic, ELT/ETL processes, and data quality assurance, specifically as they apply to automating security telemetry.

Good To Have :-

• Strategic Technical Translation: Architect high-level business and security end-states into sophisticated process designs and technical specifications. You will own the translation of risk philosophy into the logic used by our engineering squads.

• Risk Domain Authority: Serve as the definitive Subject Matter Expert (SME) for defining risk metrics and calculation methodologies, specifically within:

• Enterprise Risk (ERM): Designing and implementing data-driven risk frameworks (e.g., NIST, FAIR) through sophisticated automation.

• Third-Party Risk (TPRM): Architecting systems for automated due diligence, continuous monitoring, and assessment scoring for our vendor ecosystem.

• Cross-Functional Influence: Champion security risk automation across the organization, mentoring junior engineers and influencing stakeholders on best practices for data-driven risk modeling.

Essential Domain Qualifications

• Mastery of Cybersecurity Risk: A proven track record of designing and implementing Enterprise and Third-Party Risk Management (TPRM) programs at scale.

• Architectural Design: Demonstrated ability to take a blank slate and define complex security processes, translating them into technical user stories, functional specifications, and logic diagrams.

• Advanced Risk Modeling: Expertise in quantitative risk analysis (e.g., Monte Carlo simulations or FAIR methodology) and how to programmatically apply these models to software.

Our Approach to Flexible Work

With Flex Work, we're combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote home office roles also have the opportunity to come together in our offices for important moments that matter.

At Workday, we are committed to providing an accessible and inclusive hiring experience where all candidates can fully demonstrate their skills. If you require assistance or an accommodation at any point, please email .

Are you being referred to one of our roles If so, ask your connection at Workday about our Employee Referral process!

At Workday, we value our candidates privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.

Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.

In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.