Distinguished Engineer (DE) for AI & Product Security

Your work days are brighter here.

We're obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we're shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you'll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We're in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you'll do meaningful work with Workmates who've got your back. In return, we'll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you've found a match in Workday, and we hope to be a match for you too.

About the Team

Workday's Cybersecurity and Trust organization functions as the primary guardian of the company's "Trust" core value, operating under a mission to protect the HR and financial data of over 10,000 global customers. The team is structured to address risk through three main pillars: People, Process, and Technology. They manage a comprehensive Governance, Risk, and Compliance (GRC) program that ensures all business practices align with strict regulatory standards like GDPR and HIPAA, while maintaining top-tier certifications such as ISO 27001 and SOC 2 Type II. Beyond traditional defense, the team acts as a strategic "Go-To-Market" partner, directly engaging with customers to provide transparency into Workday's security posture and leveraging AI-driven risk assessments to proactively hunt for vulnerabilities before they can be exploited.

About the Role

The Distinguished Engineer (DE) for AI & Product Security is a pivotal, hands-on technical leadership role responsible for defining and driving the security strategy across our core product portfolio, with a special emphasis on the security lifecycle of AI technologies, Large Language Models (LLMs), and cloud-native applications. This role ensures security is fundamentally built into new technologies and will serve as the top technical expert driving architectural decisions and security governance across the organization.

Responsibilities

• Secure AI/MLSDLC: Define and evangelize the secure Software Development Lifecycle (SDLC) for all AI/ML models and applications, ensuring the integrity and confidentiality of training data, model weights, and inference results.
• LLM Governance and Control: Design and implement architectural patterns and tooling to manage and restrict the flow of proprietary data into and out of external, commodity LLMs.
• Adversarial AI Defense: Develop novel security countermeasures against prompt injection, model inversion, data poisoning, and other advanced adversarial machine learning attacks targeting our products.
• AI Safety: Guide the team in creating auditable and safety-aligned standards for internal AI tools (e.g., Sana AI).

• Architectural Review: Lead the most complex and sensitive security reviews for critical products and services.
• Defense in Depth: Modernize on the company's Zero Trust model implementation strategy, guiding engineering teams on micro-segmentation, identity-based access, and least-privilege principles within product infrastructures.

• Technical Advocacy: Act as the primary technical voice for Cybersecurity & Trust, representing the security organization in cross-functional working groups, executive forums, and with external parties.
• Mentorship: Mentor senior and principal engineers across engineering teams, raising the collective security bar and fostering a culture of secure development.
• External Research: Maintain deep expertise in emerging AI and Product threats and contribute to the external security community through patents, publications, or industry standards development.

About You

• Experience: 12+ years of experience in Software Engineering, Infrastructure, or Product Security, with at least 5 years operating at a Principal/Staff level or higher.
• Expertise: Deep, demonstrable expertise in the security implications of cloud-native architectures (Kubernetes, Serverless) and a strong command of modern AI/ML development frameworks and security concerns.
• Architecture: Proven history of designing security controls that scale across large, heterogeneous production environments.
• Compliance: Extensive experience architecting products to meet global regulatory and industry standards, including G