As a Senior Security Operations Engineer at Workiva, you will play a crucial role in protecting our SaaS platform, customers, and data across cloud environments such as AWS, Azure, and GCP. You will operate as a senior individual contributor within the Security Operations team, responsible for detecting, investigating, and responding to security threats while continuously improving our monitoring, automation, and response capabilities to ensure a swift and effective response to potential threats.

This role blends deep technical investigation with operational rigor and proactive threat detection. You will work independently on complex security incidents, contribute to the evolution of our SOC capabilities, and partner closely with information security leadership and cross‑functional stakeholders. While the role does not include formal people management, you will be expected to provide technical mentorship and operational guidance to interns and peer engineers.

What You’ll Do

Lead and coordinate responses to security incidents, including ransomware, host compromise, credential and account compromise, phishing, insider threats, third-party risks, and data spillage while collaborating closely with information security leadership, business stakeholders, and the rest of the incident response team

Produce clear, accurate incident documentation and post‑incident analysis focused on root cause and measurable improvement

Participate in incident response tabletop exercises to identify gaps, enhance skills, and engage stakeholders; review technical reports from vulnerability and penetration testing assessments to identify potential exposure to future incidents

Improve Security Operations practices by contributing to the development, refinement, and maintenance of SOC procedures, playbooks, policies, and guidelines. 

Participate in learning new approaches and industry best practices, and help evolve incident response processes to improve clarity, effectiveness, and situational awareness during security events.

Assess the effectiveness of security controls and technical risks across hosting environments, and communicate findings clearly to both technical and non-technical stakeholders. 

Own and act as a subject matter expert for one or more core security tools or platforms, ensuring data quality, reliable operation, and effective use. This includes optimizing configurations, exploring new capabilities or integrations, maximizing value from the tool, and enabling others through documentation, knowledge sharing, and guidance on use and administration.

Focus on factual, data-driven analysis to explain business impact, trade-offs, and risk, supporting informed decision-making without reliance on fear or assumptions.

What You'll Need

Minimum Qualifications

Undergraduate degree or 3 years equivalent combination of experience of education and experience in a related field

Experience investigating security alerts or incidents involving infrastructure, identity, endpoints, or applications

In-depth knowledge of cloud environments such as AWS, Azure, and/or GCP, with curiosity to deepen cloud security expertise

Preferred Qualifications

Experience working in security operations, incident response, or a related defensive security role

Familiarity with SIEM platforms (Splunk preferred) and interest in using SOAR tooling such as Tines or other automation functions to improve response workflows

Comfort analyzing logs and telemetry data to understand suspicious or unusual behavior

Ability to assess technical and business risk and communicate findings clearly

Strong written and verbal communication skills, with the ability to explain complex topics to a range of audiences

Travel Requirements & Working Conditions

Up to 20% travel for customer, partner, and internal meetings

Reliable internet access for periods of remote working

How You’ll Be Rewarded

✅ Salary range in the US: $111,000.00 - $178,000.00

✅ A discretionary bonus typically paid annually

✅ Restricted Stock Units granted at time of hire

✅ 401(k) match and comprehensive employee benefits package

The salary range represents the low and high end of the salary range for this job in the US. Minimums and maximums may vary based on location. The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience and other relevant factors.

Employment decisions are made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other protected characteristic.

Workiva is committed to working with and providing reasonable accommodations to applicants with disabilities. To request assistance with the application process, please email talentacquisition@workiva.com.
 

Workiva employees are required to undergo comprehensive security and privacy training tailored to their roles, ensuring adherence to company policies and regulatory standards.

Workiva supports employees in working where they work best - either from an office or remotely from any location within their country of employment.

#LI-PM1