
Senior Identity & Access Management (IAM) Engineer
WorkdaySummary
Workday is seeking a Senior Identity & Access Management (IAM) Engineer to join its Enterprise Identity team. This role involves modernizing the company's enterprise identity ecosystem, securing digital identities across cloud and on-premises environments, and balancing hands-on engineering with technical mentorship. Responsibilities include designing and implementing IAM solutions like SSO and MFA, defining cloud identity strategies, automating provisioning workflows, and overseeing IAM services in the European Sovereign Cloud. The ideal candidate has 7+ years of cybersecurity experience, with at least 5+ in IAM engineering, and deep expertise in enterprise IAM platforms, cloud environments, and relevant security protocols.
Required Skills
Details
- Salary
- €84,000 – €126,000/yr
- Experience Required
- 7+ years
- Posted
- ~Jul 3, 2026
- Bonus
- Yes
- Equity
- Yes
Description
Your work days are brighter here.
We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you’ll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We’re in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you’ll do meaningful work with Workmates who’ve got your back. In return, we’ll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you’ve found a match in Workday, and we hope to be a match for you too.
About the Team
The Enterprise Identity team serves as Workday's first and most critical line of defense. We own, architect, and evolve the Identity and Access Management (IAM) systems that govern exactly who gets access to internal resources, what they can do with that access, and why.
Operating across one of the most complex enterprise cloud environments in the software industry, our technical scope spans human, non-human, and multi-cloud identity systems. From designing and implementing practical Zero Trust controls and conditional access policies, to engineering automated workflows for seamless onboarding, role transitions, and offboarding across the company, this team is at the forefront of how Workday secures its digital ecosystem.
We are also pioneering work on the AI and agentic frontier, addressing the emerging challenge of securing autonomous AI agents, non-human identities (NHIs), and service-to-service trust models in production. Our work in privileged access governance is focused on hardening system access, reducing long-lived elevated privileges, and driving the transition toward right-sized entitlements and least-privilege models.
At Workday, identity is not a back-office IT support function. It is a core security boundary and engineering enabler. The Enterprise Identity team directly influences how safely Workday builds and ships products, acting as a crucial pillar in protecting the vital data and infrastructure of over 60 million users. If you are energized by meaningful security challenges with real organizational impact, this is the team for you!
About the Role
As a Senior IAM Engineer on the Enterprise Identity team, you will play a central role in modernizing the design, architecture, and evolution of our enterprise identity ecosystem. You will secure digital identities across cloud, hybrid, and on-premises environments while balancing hands-on engineering with technical mentoring of more junior team members. You will also oversee the administration of IAM services in our European Sovereign Cloud.
In this role, you will be responsible for:
- Architecture and Design: Contribute to the design, implementation, and scaling of enterprise IAM solutions, including Single Sign-On (SSO), Multi-Factor Authentication (MFA), Lifecycle Management, and Directory Services.
- Cloud Identity: Define and implement IAM strategies across multi-cloud environments (e.g., AWS, Azure, GCP), focusing on CBAC, RBAC, PBAC, and ABAC as part of a Zero Trust and Zero Standing Privileges security model.
- Automation and DevSecOps: Champion "Identity as Code" by automating provisioning, de-provisioning, and access review workflows using CI/CD pipelines and scripting.
- Mentorship and Leadership: Provide technical mentorship to mid-level and junior engineers, establish engineering best practices, and lead incident response for complex identity-related issues.
- Compliance and Audit: Partner with Risk and Compliance teams to ensure identity practices align with frameworks such as SOC2, ISO 27001, and GDPR.
- Regional Operations Oversight: Provide SRE oversight of IAM services in the European Sovereign Cloud environment.
- AI-Driven Development: Use AI tools and techniques to accelerate development and improve engineering workflows.
- Automation at Scale: Identify and implement automation opportunities to streamline IAM operations and reduce manual effort.
- AWS IAM Modernization: Contribute to the redesign and modernization of how the team manages IAM in AWS.
About You
Basic Qualifications
- 7+ years of experience in cybersecurity, with at least 5+ years dedicated to IAM engineering and architecture.
- Deep, hands-on expertise with enterprise IAM platforms (e.g., Okta, Ping Identity, ForgeRock, Microsoft Entra ID) and PAM tools (e.g., CyberArk, BeyondTrust, Boundary), as well as directory services (LDAP, Active Directory).
- Deep, hands-on expertise managing AWS and GCP environments at scale, including configuring and managing EC2, EKS/GKE, AWS IAM, and GCP Cloud IAM.
- Expert-level understanding of protocols such as SAML 2.0, OIDC, OAuth 2.0, SCIM, LDAP, and Kerberos.
- Proficient in scripting (GoLang, Python, PowerShell, Bash) and Infrastructure as Code (Terraform) to automate identity workflows.
- Bachelor's degree in Computer Science or equivalent. Highly preferred certifications: CISSP, CIAM, CAMS, or provider-specific architect certifications (e.g., Okta Certified Professional/Consultant), AWS Certified Solutions Architect preferred.
Other Qualifications
- Security Engineering: Experience designing and implementing systems, procedures, and protocols to protect information and data from unauthorized access. This includes understanding encryption, authentication, intrusion detection, and the ability to assess potential risks and vulnerabilities across complex environments.
- Security by Design: A proactive approach to integrating security measures into the design and architecture of systems from the outset. You understand security principles and controls, risk assessment methodologies, and secure coding practices, and can design systems that resist, tolerate, and recover from security breaches.
- Public Clouds: Experience managing and optimizing cloud resources at scale, implementing cloud security measures, and understanding various cloud service models (IaaS, PaaS, SaaS) and cloud architecture.
- Information Security: A solid foundation in protecting data from unauthorized access, disclosure, disruption, modification, or destruction, including network security, application security, cryptography, and disaster recovery planning.
- Security Platforms: Experience understanding and managing the various technologies and systems designed to protect an organization's digital information and infrastructure, including configuring and operating security software, hardware, and services.
- Security Operations: Experience with the identification, analysis, and mitigation of threats to an organization's information assets, including incident response protocols, threat intelligence, and risk management strategies.
- Ability to manage multiple projects and priorities while maintaining operational responsibilities.
- Excellent written and verbal communication skills, with the ability to build positive relationships across partner organizations.
- A sense of ownership and motivation to move with urgency in a fast-paced environment.
Workday Pay Transparency Statement (For EU Locations Only)
Listed below is the base salary range applicable to this position. Workday pay ranges (and the precise pay offered to the successful candidate) are based on a number of objective criteria such as relevant experience and skills, and educational qualifications, level of responsibility, demands of the role, work location and business need. As a part of the total compensation package, this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus, as well as annual refresh stock grants awarded by Workday Inc. For more information regarding Workday’s comprehensive benefits, please click here.
Primary Location Base Pay Range: €84,000 EUR - €126,000 EUR IrelandOur Approach to Flexible Work
With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.
Pursuant to applicable Fair Chance law, Workday will consider for employment qualified applicants with arrest and conviction records.
Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.
At Workday, we are committed to providing an accessible and inclusive hiring experience where all candidates can fully demonstrate their skills. If you require assistance or an accommodation at any point, please email accommodations@workday.com.
Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!
At Workday, we value our candidates’ privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.
Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.
In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.
