Job Specifications
Your work days are brighter here.
At Workday, it all began with a conversation over breakfast. When our founders met at a sunny California diner, they came up with an idea to revolutionize the enterprise software market. And when we began to rise, one thing that really set us apart was our culture. A culture which was driven by our value of putting our people first. And ever since, the happiness, development, and contribution of every Workmate is central to who we are. Our Workmates believe a healthy employee-centric, collaborative culture is the essential mix of ingredients for success in business. That's why we look after our people, communities and the planet while still being profitable. Feel encouraged to shine, however that manifests: you don't need to hide who you are. You can feel the energy and the passion, it's what makes us unique. Inspired to make a brighter work day for all and transform with us to the next stage of our growth journey? Bring your brightest version of you and have a brighter work day here.
At Workday, we value our candidates' privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.
Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.
In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.
About The Team
The Evisort Security team is expanding and looking for a DevSecOps engineer to join our AI Security team.
We're a hands-on security engineering team focused on enabling secure development across the stack. From supporting developers with bug bounty triage to securing our AI agent infrastructure, we embed security into every phase of the SDLC. Our work spans cloud security, application security, CI/CD hardening, runtime security, and ensuring alignment with compliance frameworks like SOC 2 and ISO 27001. We partner closely with engineering to drive practical, scalable security solutions that support rapid innovation. As a DevSecOps engineer, you will work closely with DevOps, Security, and Development teams to ensure security is baked into our systems.
About The Role
What will you be doing?
Integrate security at every stage of the software development lifecycle (SDLC) and deployment pipelines.
Partner with engineering and platform teams to implement security-by-design and shift-left security practices.
Drive the implementation and monitoring of Identity and Access Management (IAM) controls, with a focus on Okta integrations and best practices.
Build, deploy, and manage security tools and services. Design and implement scalable processes across Evisort's cloud services and infrastructure environments.
Lead and manage the end-to-end vulnerability management lifecycle, including discovery, assessment, prioritization, remediation, and reporting.
Establish and maintain secure infrastructure and configurations using infrastructure as code.
Build and manage CI/CD pipelines and constantly improve their reliability & speed, and reduce lead time for changes.
About You
Basic Qualifications
5+ years of experience in security operations, vulnerability management, threat detection, or DevOps focused on security.
3+ years of proven experience in implementing DevSecOps practices.
3+ years of experience with cloud platforms (e.g., AWS, Azure, GCP) and containerization technologies (e.g., Docker, Kubernetes).
3+ years knowledge of scripting and programming languages (e.g., Python, Bash).
1+ years familiarity with infrastructure as code (IaC) tools (e.g., Terraform, Cloudformation, Ansible).
Other Qualifications
Familiarity with AI security concepts.
Familiarity with SOC2, ISO27001, ISO 27701 and ISO 42001.
Strong understanding of platform, application, and cloud security fundamentals.
Automating deployment, scaling, and management of containerized applications with Docker or Kubernetes.
Experience with CI/CD tools (e.g., Github Actions).
Experience with bug bounty programs.
Proficiency in security tools (e.g., Snyk, Semgrep, Contrast, Wiz).
Deep understanding of network and application security threats, attack techniques, and mitigation options.
Experience managing vulnerability scans and effectively prioritizing actions for system owners.
Experience deploying, monitoring, and managing systems in the AWS.
Security centric in all approaches to design in infrastructure as code, as well as Docker build pipelines and microservice deployments.
Experience building and maintaining security investigation and/or response tools.
Able to work independently and coordinate activities across multiple teams.
Ability to drive multiple projects and priorities while managing operational responsibilities.
Excellent written and verbal communication skills, building positive relationships with partner organizations.
BS or MS degree in Computer Science,
About the Company
Workday is a leading provider of enterprise cloud applications for finance and human resources, helping customers adapt and thrive in a changing world. Workday applications for financial management, human resources, planning, spend management, and analytics are built with artificial intelligence and machine learning at the core to help organizations around the world embrace the future of work. Workday is used by more than 10,000 organizations around the world and across industries - from medium-sized businesses to more than ...
Know more