Senior Security Operations Engineer

Workiva Inc.•Scottsdale, AZ

5d•$111,000 - $178,000

About The Position

As a Senior Security Operations Engineer at Workiva, you will play a crucial role in protecting our SaaS platform, customers, and data across cloud environments such as AWS, Azure, and GCP. You will operate as a senior individual contributor within the Security Operations team, responsible for detecting, investigating, and responding to security threats while continuously improving our monitoring, automation, and response capabilities to ensure a swift and effective response to potential threats. This role blends deep technical investigation with operational rigor and proactive threat detection. You will work independently on complex security incidents, contribute to the evolution of our SOC capabilities, and partner closely with information security leadership and cross‑functional stakeholders. While the role does not include formal people management, you will be expected to provide technical mentorship and operational guidance to interns and peer engineers. What You’ll Do Lead and coordinate responses to security incidents, including ransomware, host compromise, credential and account compromise, phishing, insider threats, third-party risks, and data spillage while collaborating closely with information security leadership, business stakeholders, and the rest of the incident response team Produce clear, accurate incident documentation and post‑incident analysis focused on root cause and measurable improvement Participate in incident response tabletop exercises to identify gaps, enhance skills, and engage stakeholders; review technical reports from vulnerability and penetration testing assessments to identify potential exposure to future incidents Improve Security Operations practices by contributing to the development, refinement, and maintenance of SOC procedures, playbooks, policies, and guidelines. Participate in learning new approaches and industry best practices, and help evolve incident response processes to improve clarity, effectiveness, and situational awareness during security events. Assess the effectiveness of security controls and technical risks across hosting environments, and communicate findings clearly to both technical and non-technical stakeholders. Own and act as a subject matter expert for one or more core security tools or platforms, ensuring data quality, reliable operation, and effective use. This includes optimizing configurations, exploring new capabilities or integrations, maximizing value from the tool, and enabling others through documentation, knowledge sharing, and guidance on use and administration. Focus on factual, data-driven analysis to explain business impact, trade-offs, and risk, supporting informed decision-making without reliance on fear or assumptions.

Requirements

Undergraduate degree or 3 years equivalent combination of experience of education and experience in a related field
Experience investigating security alerts or incidents involving infrastructure, identity, endpoints, or applications
In-depth knowledge of cloud environments such as AWS, Azure, and/or GCP, with curiosity to deepen cloud security expertise

Nice To Haves

Experience working in security operations, incident response, or a related defensive security role
Familiarity with SIEM platforms (Splunk preferred) and interest in using SOAR tooling such as Tines or other automation functions to improve response workflows
Comfort analyzing logs and telemetry data to understand suspicious or unusual behavior
Ability to assess technical and business risk and communicate findings clearly
Strong written and verbal communication skills, with the ability to explain complex topics to a range of audiences

Responsibilities

Lead and coordinate responses to security incidents, including ransomware, host compromise, credential and account compromise, phishing, insider threats, third-party risks, and data spillage while collaborating closely with information security leadership, business stakeholders, and the rest of the incident response team
Produce clear, accurate incident documentation and post‑incident analysis focused on root cause and measurable improvement
Participate in incident response tabletop exercises to identify gaps, enhance skills, and engage stakeholders; review technical reports from vulnerability and penetration testing assessments to identify potential exposure to future incidents
Improve Security Operations practices by contributing to the development, refinement, and maintenance of SOC procedures, playbooks, policies, and guidelines.
Participate in learning new approaches and industry best practices, and help evolve incident response processes to improve clarity, effectiveness, and situational awareness during security events.
Assess the effectiveness of security controls and technical risks across hosting environments, and communicate findings clearly to both technical and non-technical stakeholders.
Own and act as a subject matter expert for one or more core security tools or platforms, ensuring data quality, reliable operation, and effective use. This includes optimizing configurations, exploring new capabilities or integrations, maximizing value from the tool, and enabling others through documentation, knowledge sharing, and guidance on use and administration.
Focus on factual, data-driven analysis to explain business impact, trade-offs, and risk, supporting informed decision-making without reliance on fear or assumptions.