Threat Hunting & Detection Engineer (us Federal)

Workday

McLean, VA, USA
Base: $159,600 - $239,400 usd primary; $144,400 - ...
Hybrid (minimum of 50% in-office time each quarter)
Splunk correlation searches and spl development
Aws cloudtrail guardduty inspector vpc flow logs
Fedramp high and dod il5 regulatory compliance
Workday is seeking a Threat Hunting & Detection Engineer to support U.S. Federal Government contracts. The role involves developing detection strategies and improving security posture across regulated cloud environments, specifically focusing on high-security SaaS environments

Job Summary

  • This role supports U.S. Federal Government contracts requiring United States citizenship and involves protecting enterprise and government SaaS environments.
  • The engineer is responsible for engineering high-fidelity detection logic using Splunk and cloud-native telemetry to reduce adversary dwell time.
  • Workday offers a competitive salary range of $159,600 to $258,000 USD along with flexible work arrangements requiring at least 50% time in-office or field.

Matching Summary

Match Score: 85

Workday is seeking a Threat Hunting & Detection Engineer to support U.S. Federal Government contracts. The role involves developing detection strategies and improving security posture across regulated cloud environments, specifically focusing on high-security SaaS environments.

Salary

Base: $159,600 - $239,400 USD primary; $144,400 - $258,000 USD additional locations; Bonus/Equity: Eligible for Workday Bonus Plan and annual refresh stock grants

Skills & Requirements

Must-have

  • Splunk correlation searches and SPL development
  • AWS CloudTrail GuardDuty Inspector VPC Flow Logs
  • FedRAMP High and DoD IL5 regulatory compliance
  • MITRE ATT&CK mapping and adversary tradecraft
  • NIST SP 800-61r3 incident response lifecycle

Nice-to-have

  • Hypothesis-driven threat hunting in SaaS architectures
  • Identity-based attack vector detection expertise
  • Container and workload-level attack detection
  • SOAR platform experience in constrained environments
  • Secure logging architecture in air-gapped settings

Key Requirements

  • 6+ years cybersecurity operations or detection engineering experience
  • Bachelor's degree in Cybersecurity, Computer Science, Engineering or equivalent
  • Ability to obtain and maintain TS/SCI w/CI Poly security clearance
  • Must be a United States citizen (naturalized or native)

Work Rights

Must have US citizenship

Tailored Resume

Cover Letter