Threat Hunting & Detection Engineer (us Federal)

Workday Inc

McLean, VA, USA
Base: $159,600 - $239,400 usd; bonus/equity: eligi...
Hybrid (at least 50% of the time in-office or with customers each quarter, with flexible scheduling)
Splunk correlation searches and spl development
Fedramp high and dod il5 compliance experience
Aws security services cloudtrail guardduty inspector
Workday Inc is seeking a Threat Hunting & Detection Engineer to support U.S. Federal Government contracts, focusing on cybersecurity operations, detection engineering, and threat hunting within regulated cloud environments. The role requires expertise in Splunk, AWS security services, and compliance with FedRAMP and DoD IL5 frameworks. ###

Job Summary

  • This role supports U.S. Federal Government contracts requiring United States citizenship and advanced security clearances.
  • The engineer will design detection strategies for high-security FedRAMP High and IL5 cloud-native SaaS environments including air-gapped regions.
  • Workday offers a culture of integrity and empathy with competitive compensation ranging from $159,600 to $258,000 annually.

Matching Summary

Match Score: 85

Workday Inc is seeking a Threat Hunting & Detection Engineer to support U.S. Federal Government contracts, focusing on cybersecurity operations, detection engineering, and threat hunting within regulated cloud environments. The role requires expertise in Splunk, AWS security services, and compliance with FedRAMP and DoD IL5 frameworks. ###

Salary

Base: $159,600 - $239,400 USD; Bonus/Equity: Eligible for Workday Bonus Plan and annual refresh stock grants; Benefits: Comprehensive benefits package described as linked

Skills & Requirements

Must-have

  • Splunk correlation searches and SPL development
  • FedRAMP High and DoD IL5 compliance experience
  • AWS security services CloudTrail GuardDuty Inspector
  • MITRE ATT&CK mapping and adversary tradecraft
  • NIST SP 800-61r3 incident response lifecycle

Nice-to-have

  • Hypothesis-driven threat hunting in SaaS architectures
  • Identity-based attack vector detection expertise
  • Container and workload-level attack detection
  • SOAR platform experience in constrained environments
  • Secure logging architecture in air-gapped settings

Key Requirements

  • 6+ years cybersecurity operations or detection engineering experience
  • Bachelor's degree in Cybersecurity, Computer Science, Engineering or equivalent
  • Active TS/SCI w/CI Poly security clearance preferred
  • Must be a United States citizen (naturalized or native)

Work Rights

Must have US citizenship (naturalized or native)

Tailored Resume

Cover Letter