Senior Security Operations Engineer

As a Senior Security Operations Engineer at Workiva, you will play a crucial role in protecting our SaaS platform and data across cloud environments such as AWS, Azure, and GCP. The Security Operations team is dedicated to continuously monitoring, detecting, and responding to security incidents throughout our infrastructure. You will use tools like Splunk SIEM to investigate and validate incidents to ensure a swift and effective response to potential threats.

With a focus on proactive security, you will engage in threat-hunting activities, develop new alerts for emerging threats, and update existing alerting mechanisms. You will work independently while receiving mentorship from senior staff members to enhance current security practices and mitigate risks. Although this position does not involve formal management responsibilities, you will have opportunities to mentor interns and core engineers as well.

What You’ll Do

• Develop and implement Security Operations Center (SOC) procedures and protocols to ensure clear remedial action plans and situational awareness

• Coordinate responses to incidents, including ransomware, host compromise, credential and account compromise, phishing, internal threats, third-party risks, and information spillage while collaborating closely with information security leadership, business stakeholders, and the response team

• Participate in incident response tabletop exercises to identify gaps, enhance skills, and engage stakeholders; review technical reports from vulnerability and penetration testing assessments to identify potential exposure to future incidents

• Refine, recommend, and maintain playbooks, policies, procedures, and guidelines, ensuring alignment with industry best practices

• Demonstrate creativity and initiative by actively pursuing new knowledge, ensuring a comprehensive understanding, and proactively driving incident response efforts forward

• Ensure that implemented security controls are effective and maintained to support performance, scalability, and stability

• Independently address technical and business risks across various hosting environments

• Prioritize areas for improvement and provide recommendations for remediating identified issues

• Conduct technical and analytical assessments and communicate effectively with both technical and non-technical colleagues

• Emphasize factual and data-driven assessments, avoiding reliance on fear or assumptions

What You'll Need

Recommended Qualifications 

• Undergraduate degree in Computer Science, Information Technology, or a related experience

• 2+ years working within a Security Operations Center or equivalent experience

​

Preferred Qualifications 

• Background in incident response management, digital forensics, and hands-on application of security principles and technologies  

• Proven track record with Splunk SIEM and/or SOAR tools, with the ability to develop and implement robust playbooks and procedures  

• Experience with major cloud platforms, including AWS, Azure, and/or Google Cloud  

• Strong working knowledge of Linux OS and MacOS and Windows 

• Specialization in at least one SOC core area: digital or network forensics, incident response, malware analysis, threat intelligence, vulnerability management, or another security-focused area  

• Interest in or experience with systems languages, such as Python, Java, or Go  

• Excellent verbal, written, and interpersonal communication skills  

• Self-driven professional with a results-oriented approach and commitment to continuous improvement  

• Adaptable to thrive in a high-energy, fast-paced environment characterized by rapid change and evolving priorities  

• Exceptional organizational and critical thinking skills, with the capacity to manage multiple processes, programs, and procedures concurrently while meeting deadlines under pressure

​

Travel Requirements & Working Conditions

• Willingness to travel up to 10% for team and corporate meetings, fostering relationships and representing company interests 

• Reliable internet access for any period of time working remotely, as we embrace flexible work arrangements

​

How You’ll Be Rewarded

✅ A discretionary bonus typically paid annually

✅ Restricted Stock Units granted at time of hire

✅ 401(k) match and comprehensive employee benefits package

The salary range represents the low and high end of the salary range for this job in the US. Minimums and maximums may vary based on location. The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience and other relevant factors.

Workiva is an Equal Employment Opportunity and Affirmative Action Employer.  We believe that great minds think differently.  We value diversity of backgrounds, beliefs, and interests, and we recognize diversity as an important source of intellectual thought, varied perspective, and innovation.  Employment decisions are made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression genetic information, marital status, citizenship status or any other protected characteristic.  We strongly encourage and welcome people from historically marginalized groups to apply.

Workiva is committed to working with and providing reasonable accommodations to applicants with disabilities. To request assistance with the application process, please email talentacquisition@workiva.com.
 

Workiva employees are required to undergo comprehensive security and privacy training tailored to their roles, ensuring adherence to company policies and regulatory standards.

Workiva supports employees in working where they work best - either from an office or remotely from any location within their country of employment.