security
Posted 3 weeks agoSr Cybersecurity Engineer
at Workday
Auckland, New ZealandHybrid
Responsibilities
- Lead and coordinate technical investigations for all‑severity security incidents (e.g., endpoint compromise, account takeover, data exfiltration, insider threat).
- Conduct hypothesis‑driven threat hunting using available telemetry to identify previously undetected malicious activity.
- Design and implement improvements to IR tooling, including SOAR workflows, custom scripts, and integrations that reduce mean time to detect/respond, identify automation opportunities and where artificial intelligence can be leveraged for enhancement.
- Mentor and coach junior team members, sharing best practices and driving a culture of learning and operational excellence.
Requirements
- We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most.
- Consequently, we are committed to the continuous advancement of our investigative methodologies across the domains of incident response, digital forensics (DFIR), threat hunting, security automation, and data loss prevention, while integrating artificial intelligence into our operational workflows.
- This is a highly technical role with the understanding that you are already conversant in incident response, security automation, system security, network security, threat hunting, digital forensics, and artificial intelligence.
- We offer a hybrid/flexible schedule for employees. About You Basic
- experience as a security engineer/analyst in related domains Bachelor’s Degree or equivalent experience Other
- Qualifications Other relevant certification/s and training (e.g.
- Solid understanding of common attacker techniques and the threat landscape (e.g., MITRE ATT&CK, phishing, credential theft, lateral movement, data exfiltration). Deep hands‑on
- experience with security monitoring and incident response across cloud and/or hybrid environments (e.g., AWS, Azure, GCP, SaaS platforms).
- Python, Ruby and other scripting languages is essential, as is a strong understanding of Linux/OSX and Windows.
- Demonstrated capability to oversee multiple complex projects and competing priorities effectively while fulfilling core operational obligations.