Cyber Forensics & Malware Analyst-Reverse Engineer (US Federal)

About the position Your work days are brighter here. We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you’ll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We’re in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you’ll do meaningful work with Workmates who’ve got your back. In return, we’ll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you’ve found a match in Workday, and we hope to be a match for you too. About the Team Your work matters here. At Workday Government, we focus on outcomes that serve a larger mission. Our work supports U.S. federal agencies as they modernize and transform the full employee lifecycle experience and finance operations—so they can operate with greater clarity, accountability, and trust. As a Fortune 500 company and a proven enterprise cloud platform, Workday brings modern technology, responsible AI, and secure infrastructure to some of the most complex environments in the world. The work isn’t theoretical. It’s operational. It’s high-impact. And it demands rigor, integrity, and long-term thinking. From day one, you’ll be part of a team that values collaboration, follow-through, and doing the right thing—especially when the stakes are high. Our culture is grounded in integrity, respect, and shared responsibility. We challenge each other to think clearly, act thoughtfully, and build solutions that stand up to real-world demands. Here, curiosity is matched with accountability. Ambition is paired with trust. You’ll have the space to do your best work, the support to keep growing, and the backing of a company committed to long-term investment in both its people and the federal mission. If you’re looking to apply your experience to meaningful, mission-driven work—alongside colleagues who take pride in building things that last—you’ll find that opportunity at Workday About the Role This role will support one or more direct or indirect contracts with the U.S. Federal Government which, due to federal government security requirements, mandates that all Workday personnel working on the contracts be United States citizens (naturalized or native). Ensures that IS and cyber security plans, controls, policies and processes are aligned with IS standards. Responds to security breaches, identifies security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents and improve security. Researches and evaluates cybersecurity threats and performs root cause analysis. Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate Workday systems and data.

Responsibilities

• Promote and implement security processes and tools that support ongoing deliveries and promote a "shift left" Security mentality;
• Collaborate multi-functionally with Workday development, operations, and product teams to understand their requirements and priorities while influencing security culture;
• Internal customer engagement and assisting them through the Security Engagement Process
• Develop expertise on our security architecture frameworks and standards.
• Stay ahead of industry technology and business trends by actively drive product technology and engineering process innovation to help Workday be a leader in Security.

Requirements

• 8+ years of proven expertise in digital forensics and incident response (DFIR), malware analysis, or advanced threat hunting.
• 5+ years of experience with Python, Go, or C/C++ for automating artifact collection and developing custom analysis tools.
• Expertise in Static and Dynamic Analysis of malicious binaries (PE, ELF, Mach-O) and scripts (PowerShell, JS, VBS).
• Deep experience with Forensic Suites (e.g., Magnet AXIOM, EnCase, FTK) and memory forensics tools (e.g., Volatility).
• Strong mastery of Intelligence Frameworks (MITRE ATT&CK, Diamond Model) to map forensic findings to known actor TTPs.

Nice-to-haves

• Reverse Engineering: Proficiency with disassemblers and debuggers such as IDA Pro, Ghidra, x64dbg, or GDB.
• Memory & Disk Forensics: Ability to reconstruct attack timelines by analyzing volatile memory, file systems (NTFS, APFS, Ext4), and registry hives.
• Advanced Detection Engineering: Experience translating malware behaviors (C2 protocols, persistence mechanisms) into high-fidelity YARA, Snort, or Sigma rules.
• SIEM Mastery: Experience hunting for forensic artifacts within large-scale platforms like Splunk or ELK, utilizing complex query languages to identify lateral movement.
• Sandboxing: Experience building and maintaining automated malware analysis pipelines and custom sandbox environments.
• Communication: The ability to take a complex buffer overflow or heap spray analysis and explain its business impact to non-technical stakeholders.

Apply To This Job