Hiring.fm
Workday

Principal Threat Detection Engineer

Ireland, Dublin Full Time

Your work days are brighter here.

We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you’ll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We’re in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you’ll do meaningful work with Workmates who’ve got your back. In return, we’ll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you’ve found a match in Workday, and we hope to be a match for you too.

About the Team

Workday's Detection Engineering team operates on a "detections-as-code" philosophy. We are a team of dedicated engineers whose core mission is to generate high-fidelity, noteworthy alerts by developing and maintaining a full portfolio of security engineering projects.

Our work extends beyond writing high-efficacy detections; we are a multi-project engineering team that also builds and maintains automation frameworks, foundational data pipelines for alert enrichment and suppression, and innovative AI agents to assist with security tasks. We manage the full lifecycle of our security products as production code, shipping our work through a robust CI/CD pipeline.

About the Role

As a Principal Threat Detection Engineer, you will be the most senior technical member of the team and the engineering anchor for our Dublin presence. You will be a force multiplier, setting the technical direction for our most complex initiatives and mentoring other engineers.

This role is ideal for a candidate with a strong software engineering background who has applied those skills to the cybersecurity domain.

What you'll do:

  • Lead Platform Architecture & "Detections-as-Code" Strategy: Design foundational, scalable workflow patterns for integrating security tools (CSPM, EDR, DLP, etc.) and architect solutions for complex, restricted environments. You will own the "detections-as-code" strategy, which includes the full detection lifecycle from identifying the detection coverage needs, implementation, testing, and production deployment to ongoing tuning and coverage reporting. You will also lead the migration and modernization of critical CI/CD infrastructure, build comprehensive platform monitoring, and create integrated tools to visualize our defense posture.

  • Spearhead Advanced Detection Strategy: Pioneer the next generation of our detection capabilities. You will lead the advancement of our detection strategies, driving the production-readiness of Risk-Based Alerting (RBA) and applying advanced statistical and machine learning techniques (anomaly detection, classification, clustering) to our data.

  • Drive Alert Fidelity & Partner with SIRT: Act as a key technical partner to our Incident Response team (SIRT). You will lead deep, data-driven analysis of alert closure and fidelity data (TP/FP/NM) to identify systemic noise patterns and drive the engineering effort to remediate them, measurably improving the quality of our alert stream.

  • Mentor and Develop Talent: Act as a primary technical mentor for other engineers and interns. You will guide them in engineering best practices, perform deep code reviews, and be directly responsible for fostering team growth, knowledge sharing, and accelerating new hire onboarding.

  • Be a Prolific Detection Creator & Researcher: Lead proactive threat research by evaluating open-source detections and translating complex threat intelligence (e.g., nation-state TTPs) into high-efficacy, production-ready detections. We expect you to personally contribute a significant portion of the team's most critical and innovative detection rules.

About You

Basic Qualifications

  • 8+ years of experience in Detection Engineering, Cybersecurity, or a related SRE/DevOps role with a security focus.

  • 5+ years of expert-level, hands-on experience with Python (or a similar high-level language) used specifically for automation, data manipulation, and systems development.

  • Expert-level knowledge of large-scale SIEM platforms (e.g., Splunk, Elasticsearch), including deep query language expertise, data modeling, and performance optimization.

  • Demonstrable experience designing, building, and maintaining CI/CD pipelines and a "detections-as-code" or "infrastructure-as-code" workflow.

  • Deep expertise in public cloud security (AWS, GCP), including their native logging services and security architectures.

  • BS or MS degree in Computer Science, Engineering, or equivalent practical experience.

Other Qualifications

  • Proven, hands-on experience developing, testing, and responding to a wide range of threat actor TTPs and applying that knowledge to strategic detection development, threat hunting, and gap analysis.

  • Significant experience with the data and detection capabilities of modern security tools, such as EDR, CSPM, IDP, and Network Security platforms.

  • A proven track record of formally or informally mentoring junior- and mid-level engineers.

  • Experience in applying statistical analysis, machine learning, or Risk-Based Alerting (RBA) to solve detection problems.

  • Strong understanding of containerization and orchestration (Docker, Kubernetes) and their security considerations.

  • A proactive, solution-oriented mindset with a history of identifying a problem, designing an automated solution, and shipping production-quality code.



Our Approach to Flexible Work
 

With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.

Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!

At Workday, we value our candidates’ privacy and data security.  Workday will never ask candidates to apply to jobs through websites that are not Workday Careers. 

  

Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.

  

In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.