Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy, and consent to receive emails from Rise
Jobs / Job page
Sr Associate Cybersecurity Engineer - PenTest image - Rise Careers
Job details

Sr Associate Cybersecurity Engineer - PenTest

Your work days are brighter here.

At Workday, it all began with a conversation over breakfast. When our founders met at a sunny California diner, they came up with an idea to revolutionize the enterprise software market. And when we began to rise, one thing that really set us apart was our culture. A culture which was driven by our value of putting our people first. And ever since, the happiness, development, and contribution of every Workmate is central to who we are. Our Workmates believe a healthy employee-centric, collaborative culture is the essential mix of ingredients for success in business. That’s why we look after our people, communities and the planet while still being profitable. Feel encouraged to shine, however that manifests: you don’t need to hide who you are. You can feel the energy and the passion, it's what makes us unique. Inspired to make a brighter work day for all and transform with us to the next stage of our growth journey? Bring your brightest version of you and have a brighter work day here.

At Workday, we value our candidates’ privacy and data security.  Workday will never ask candidates to apply to jobs through websites that are not Workday Careers. 

  

Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.

  

In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.

About the Team

Workday's PenTesting team is full of skilled cybersecurity engineers who are passionate about product security...and occasionally breaking things, so they can be fixed again! We are tasked with ensuring Workday's products, infrastructure, & internal applications are regularly assessed for security issues to the highest level.
We work alongside dedicated Workmates around the globe to conduct manual and automated PenTesting activities at all levels of the application stack. We also host Workday's external & internal bug bounty programs where we support our own developers and external researchers to uncover and responsibly disclose vulnerabilities across Workday.

About the Role

This exciting role would suit someone who is adventurous, early in their career, and looking for a new challenge. You can expect to conduct security assessments on Workday's public & private cloud infrastructure as well as Workday's products. If you are a passionate learner, an advocate for security, and are a highly skilled offensive security engineer, then this is the right job for you!

About You

You will be a great fit for this role if you have -

Basic Qualifications

  • 3+ years of progressive experience in a similar role

  • Led PenTests in one or more areas such as public cloud infrastructure (AWS, Google Cloud), modern web applications, enterprise network assessments, or API testing

  • A detailed understanding of modern security best practices such as OWASP Top 10 & MITRE ATT&CK framework

  • In-depth knowledge of networking & technology fundamentals and how to attack their weaknesses (TCP/IP stack, Linux, Docker, Kubernetes, Microservice architectures)

  • Proven track record with one or more scripting languages for automation (python, Go, Bash, Ruby, etc.)

Other Qualifications

  • One or more industry leading certification (OSCP, CRTE, CRTO, ARTE, CPTS, etc.)

  • A bonus is a track record of Bug Bounty submissions or independent research e.g. GitHub projects

  • Excellent written & verbal communication skills

  • The ability to triage findings and work on remediation plans with partner teams


Workday Pay Transparency Statement

The annualized base salary ranges for the primary location and any additional locations are listed below.  Workday pay ranges vary based on work location. As a part of the total compensation package, this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus, as well as annual refresh stock grants. Recruiters can share more detail during the hiring process. Each candidate’s compensation offer will be based on multiple factors including, but not limited to, geography, experience, skills, job duties, and business need, among other things. For more information regarding Workday’s comprehensive benefits, please click here.

Primary Location: USA.VA.McLean (Tyson's Corner)


 

Primary Location Base Pay Range: $105,000 USD - $157,500 USD


 

Additional US Location(s) Base Pay Range: $95,000 USD - $169,200 USD



Our Approach to Flexible Work
 

With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.

Pursuant to applicable Fair Chance law, Workday will consider for employment qualified applicants with arrest and conviction records.

Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.

Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!

Workday Glassdoor Company Review
4.2 Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon Glassdoor star icon
Workday DE&I Review
No rating Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon
CEO of Workday
Workday CEO photo
Aneel Bhusri | Carl Eschenbach
Approve of CEO
by Workday on Glassdoor

Average salary estimate

$132100 / YEARLY (est.)
min
max
$95000K
$169200K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Sr Associate Cybersecurity Engineer - PenTest, Workday

Are you ready to take your career to new heights? As a Sr Associate Cybersecurity Engineer - PenTest at Workday, you’ll join a team that thrives on collaboration and innovation in the cybersecurity space. Picture this: You’ll be part of a dynamic PenTesting team that is deeply passionate about product security, and your role will revolve around conducting thorough security assessments for Workday's cutting-edge products and cloud infrastructure. If you revel in the challenge of finding vulnerabilities and enjoy working with a variety of talented individuals across the globe, this is the fit for you! You will leverage your experience, including leading PenTests in public cloud environments and analyzing modern web applications, to keep our software secure. You will also be involved in our internal and external bug bounty programs, assisting developers and external researchers in uncovering and responsibly disclosing vulnerabilities. Your expertise in modern security best practices such as the OWASP Top 10 will allow you to triage findings effectively and work on remediation plans. Joining Workday means you’re not just filling a position; you are becoming part of a vibrant culture that puts people first, fosters professional growth, and encourages you to let your true self shine. If you’re an early career adventurer eager to make an impact in cybersecurity, Workday wants to hear from you. Join us on this journey to ensure security and innovation go hand in hand!

Frequently Asked Questions (FAQs) for Sr Associate Cybersecurity Engineer - PenTest Role at Workday
What responsibilities does a Sr Associate Cybersecurity Engineer - PenTest at Workday have?

As a Sr Associate Cybersecurity Engineer - PenTest at Workday, you will conduct security assessments on both public and private cloud infrastructures as well as Workday's innovative products. This includes leading penetration tests in a variety of environments, participating in bug bounty programs, and collaborating with developers to analyze and fix vulnerabilities. Ensuring the highest level of security for all applications and infrastructure is a key part of your job.

Join Rise to see the full answer
What qualifications are required for the Sr Associate Cybersecurity Engineer - PenTest position at Workday?

To be considered for the Sr Associate Cybersecurity Engineer - PenTest role at Workday, candidates should have at least 3 years of progressive experience in a similar role, as well as expertise in PenTesting public cloud infrastructure like AWS or Google Cloud. A solid understanding of security frameworks, networking fundamentals, and scripting languages is also crucial. Certifications such as OSCP or CRTE can also help strengthen your application.

Join Rise to see the full answer
How does Workday support career development for Sr Associate Cybersecurity Engineers - PenTest?

At Workday, we believe in the growth and development of our Workmates. As a Sr Associate Cybersecurity Engineer - PenTest, you will have numerous opportunities for professional growth, including mentorship from experienced team members, access to cutting-edge training resources, and participation in global cybersecurity events and conferences. Your journey is important to us, and we’re committed to helping you shine!

Join Rise to see the full answer
What is the work culture like for a Sr Associate Cybersecurity Engineer - PenTest at Workday?

The work culture for a Sr Associate Cybersecurity Engineer - PenTest at Workday is vibrant and inclusive, emphasizing collaboration and open communication. Our team thrives on a mix of in-person connections and remote flexibility, allowing you to cultivate relationships while maintaining work-life balance. You'll be surrounded by passionate individuals who all share a common goal: to ensure the security and integrity of our products.

Join Rise to see the full answer
How can a candidate prepare for the Sr Associate Cybersecurity Engineer - PenTest interview at Workday?

Preparing for an interview as a Sr Associate Cybersecurity Engineer - PenTest at Workday involves brushing up on your technical skills, particularly in PenTesting methodologies and cloud infrastructures. Familiarize yourself with recent vulnerabilities and remediation strategies, and be ready to discuss your past experiences in detail. As communication is key, practice articulating your thoughts clearly and confidently, emphasizing your passion for cybersecurity.

Join Rise to see the full answer
Common Interview Questions for Sr Associate Cybersecurity Engineer - PenTest
Can you describe your experience with penetration testing in cloud environments?

Speak about specific projects where you conducted penetration tests in cloud environments like AWS or Google Cloud. Highlight the methodologies you used, the outcomes of your tests, and any vulnerabilities you discovered, as well as how you managed remediation efforts with developers.

Join Rise to see the full answer
What tools do you use for penetration testing, and why?

Discuss the various tools you're familiar with, such as Burp Suite, Metasploit, or Nessus. Explain why you prefer these tools, focusing on their advantages, capabilities, and any particular scenarios where they proved most effective in your testing.

Join Rise to see the full answer
How do you stay updated on the latest security vulnerabilities and trends?

Mention resources such as cybersecurity blogs, forums, podcasts, or security conferences that you follow. Discuss your approach to continuously improve your knowledge in the cybersecurity field and how you apply that knowledge to your work.

Join Rise to see the full answer
Have you ever found a critical vulnerability during a test? How did you report it?

Share a specific example of a critical vulnerability you identified, detailing the steps you took to report it. Emphasize the importance of clear communication with both technical and non-technical team members when disclosing findings.

Join Rise to see the full answer
Explain the OWASP Top 10 and its significance.

The OWASP Top 10 is a collection of the ten most critical security risks to web applications. Explain how each item poses a threat and how familiar you are with addressing these vulnerabilities in your testing processes.

Join Rise to see the full answer
What is your approach to remediation after finding vulnerabilities?

Discuss how you prioritize vulnerabilities based on risk and how you collaborate with developers to create actionable remediation plans. Highlight the importance of follow-up testing to ensure vulnerabilities have been effectively addressed.

Join Rise to see the full answer
Can you describe a time when you had to communicate a security issue to a non-technical audience?

Provide a specific instance where you had to explain a security issue clearly to a non-technical audience. Focus on your approach to simplifying complex information and ensuring they understood the implications and necessary actions.

Join Rise to see the full answer
What scripting languages are you familiar with for automation in penetration testing?

List the scripting languages you use, such as Python or Bash, and give an example of how you've utilized them in your testing processes to automate tasks or analyze results more efficiently.

Join Rise to see the full answer
Discuss your experience with bug bounty programs.

Share any participation in bug bounty programs, whether as a tester or a researcher. Highlight the findings you submitted, their impact, and how such experiences have sharpened your skills and contributed to your professional growth.

Join Rise to see the full answer
What kind of security assessments do you believe are essential for a modern application?

Discuss various types of security assessments like application security testing, API security testing, and cloud infrastructure assessments. Explain why each is crucial in securing modern applications and how you incorporate these practices in your work.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
Workday Remote United Kingdom, London
VIEW
Posted 9 days ago

Join Workday as a Senior Customer Success Manager and play a key role in delivering exceptional experiences to customers throughout their journey with our software solutions.

Photo of the Rise User
Workday Remote USA, GA, Atlanta
VIEW
Posted 9 days ago

Join Workday as an Account Executive to drive revenue growth through consultative selling and deep customer relationships.

Photo of the Rise User
Truist Hybrid Charlotte, NC
VIEW
Posted 6 days ago

Join Truist as an IT Capacity Management Leader to oversee and optimize technology resource allocation and capacity planning.

B
Big Ideas Educational Services Hybrid Miramar, FL
VIEW
Posted 13 days ago

Join Big Ideas Educational Services as a Part-Time IT Specialist to maintain and enhance our technology systems supporting educational programming.

Photo of the Rise User
City of New York Hybrid New York City, NY
VIEW
Posted 11 days ago

As a Kronos Technical Lead for NYCHA, you'll oversee the support team and architect optimal solutions for time and attendance projects.

Photo of the Rise User
American Express Remote New York, New York, United States
VIEW
Posted 3 days ago
Badge Family Friendly Badge Office Vibes
Inclusive & Diverse
Empathetic
Collaboration over Competition
Growth & Learning
Transparent & Candid
Medical Insurance
Dental Insurance
Mental Health Resources
Life insurance
Disability Insurance
Child Care stipend
Employee Resource Groups
Learning & Development

Join American Express as a Senior Manager in Privacy Control Framework and contribute to enhancing privacy compliance and risk management.

Photo of the Rise User
TransUnion Remote Lagunilla de Heredia
VIEW
Posted 14 days ago

Join TransUnion's Cyber Defense team as a Senior Analyst to enhance security monitoring and incident response capabilities.

U
UNAVAILABLE Remote Seattle
VIEW
Posted 4 days ago

Join Fred Hutchinson Cancer Center as a Systems Engineer IV, where you'll manage infrastructure systems and lead technical projects in a pioneering research institution.

Photo of the Rise User
Access Softek Remote Remote
VIEW
Posted 9 days ago

Join Access Softek as a Junior Mobile/Web Penetration Tester to revolutionize digital banking security through innovative technology.

Photo of the Rise User
Visa Inc. Remote Ashburn, VA
VIEW
Posted 5 days ago

Be part of Visa's mission to secure digital payments as a Senior Cybersecurity Engineer focused on endpoint security solutions.

Photo of the Rise User
Upwork Remote Anywhere
VIEW
Posted 11 months ago
T
The House Of Mercier Remote No location specified
VIEW
Posted 5 months ago
Photo of the Rise User
Live Chat Careers Remote Anywhere
VIEW
Posted 2 days ago
Photo of the Rise User
IntellaTriage Remote No location specified
VIEW
Posted 9 months ago
Photo of the Rise User
Amazon Remote Anywhere
VIEW
Posted 11 months ago
Inclusive & Diverse
Rise from Within
Mission Driven
Diversity of Opinions
Work/Life Harmony
Transparent & Candid
Growth & Learning
Fast-Paced
Collaboration over Competition
Take Risks
Friends Outside of Work
Passion for Exploration
Customer-Centric
Reward & Recognition
Feedback Forward
Rapid Growth
Medical Insurance
Paid Time-Off
Maternity Leave
Mental Health Resources
Equity
Paternity Leave
Fully Distributed
Flex-Friendly
Some Meals Provided
Snacks
Social Gatherings
Pet Friendly
Company Retreats
Dental Insurance
Life insurance
Health Savings Account (HSA)
Photo of the Rise User Workday

Workday brings finance, HR, and planning into one system, making it possible for enterprises of all sizes to shed their disparate systems and build better businesses. We serve over 7,900 of the world’s largest companies, educational institutions, ...

291 jobs
MATCH
Calculating your matching score...
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
INDUSTRY
TEAM SIZE
HQ LOCATION
EMPLOYMENT TYPE
Full-time, hybrid
DATE POSTED
April 22, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
LATEST ACTIVITY
Photo of the Rise User
500+ people applied to Threat Intelligence Analyst (US Remote Available) - 30603 at Splunk
Photo of the Rise User
10 people applied to IT Help Desk Agent (Remote) at Vaco LLC
F
15 people applied to Information Technology Intern - Summer 2025 at Flextronics
Photo of the Rise User
Someone from OH, Marysville just viewed Security Specialist at Anduril Industries
Photo of the Rise User
Someone from OH, Cincinnati just viewed Learning Content Designer at QuantHub
Photo of the Rise User
Someone from OH, Tallmadge just viewed Manufacturing and Process Engineer at CVRx
Q
Someone from OH, Columbus just viewed Part-Time Medical Assistant at QualDerm Partners
Photo of the Rise User
Someone from OH, Dayton just viewed Sales and Training Manager - Mercedes Benz of Nashville at Sonic Automotive
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok