Senior Security Operations Engineer

As a Senior Security Operations Engineer at Workiva you will play a crucial role in protecting our SaaS platform customers and data across cloud environments such as AWS Azure and GCP. You will operate as a senior individual contributor within the Security Operations team responsible for detecting investigating and responding to security threats while continuously improving our monitoring automation and response capabilities to ensure a swift and effective response to potential threats.

This role blends deep technical investigation with operational rigor and proactive threat detection. You will work independently on complex security incidents contribute to the evolution of our SOC capabilities and partner closely with information security leadership and crossfunctional stakeholders. While the role does not include formal people management you will be expected to provide technical mentorship and operational guidance to interns and peer engineers.

What Youll Do

• Lead and coordinate responses to security incidents including ransomware host compromise credential and account compromise phishing insider threats third-party risks and data spillage while collaborating closely with information security leadership business stakeholders and the rest of the incident response team

• Produce clear accurate incident documentation and postincident analysis focused on root cause and measurable improvement

• Participate in incident response tabletop exercises to identify gaps enhance skills and engage stakeholders; review technical reports from vulnerability and penetration testing assessments to identify potential exposure to future incidents

• Improve Security Operations practices by contributing to the development refinement and maintenance of SOC procedures playbooks policies and guidelines.

• Participate in learning new approaches and industry best practices and help evolve incident response processes to improve clarity effectiveness and situational awareness during security events.

• Assess the effectiveness of security controls and technical risks across hosting environments and communicate findings clearly to both technical and non-technical stakeholders.

• Own and act as a subject matter expert for one or more core security tools or platforms ensuring data quality reliable operation and effective use. This includes optimizing configurations exploring new capabilities or integrations maximizing value from the tool and enabling others through documentation knowledge sharing and guidance on use and administration.

• Focus on factual data-driven analysis to explain business impact trade-offs and risk supporting informed decision-making without reliance on fear or assumptions.

What Youll Need

Minimum Qualifications

• Undergraduate degree or 3 years equivalent combination of experience of education and experience in a related field

• Experience investigating security alerts or incidents involving infrastructure identity endpoints or applications

• In-depth knowledge of cloud environments such as AWS Azure and/or GCP with curiosity to deepen cloud security expertise

Preferred Qualifications

• Experience working in security operations incident response or a related defensive security role

• Familiarity with SIEM platforms (Splunk preferred) and interest in using SOAR tooling such as Tines or other automation functions to improve response workflows

• Comfort analyzing logs and telemetry data to understand suspicious or unusual behavior

• Ability to assess technical and business risk and communicate findings clearly

• Strong written and verbal communication skills with the ability to explain complex topics to a range of audiences

Travel Requirements & Working Conditions

• Up to 20% travel for customer partner and internal meetings

• Reliable internet access for periods of remote working

How Youll Be Rewarded

A discretionary bonus typically paid annually

Restricted Stock Units granted at time of hire

401(k) match and comprehensive employee benefits package

The salary range represents the low and high end of the salary range for this job in the US. Minimums and maximums may vary based on location. The actual salary offer will carefully consider a wide range of factors including your skills qualifications experience and other relevant factors.

Employment decisions are made without regard to age race creed color religion sex national origin ancestry disability status veteran status sexual orientation gender identity or expression genetic information marital status citizenship status or any other protected characteristic.

Workiva is committed to working with and providing reasonable accommodations to applicants with disabilities. To request assistance with the application process please email .

Workiva employees are required to undergo comprehensive security and privacy training tailored to their roles ensuring adherence to company policies and regulatory standards.

Workiva supports employees in working where they work best - either from an office or remotely from any location within their country of employment.