Your work days are brighter here.

We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you’ll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We’re in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you’ll do meaningful work with Workmates who’ve got your back. In return, we’ll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you’ve found a match in Workday, and we hope to be a match for you too.

About the Team

The Core Platform Integration Team is a new centralized team within Workday’s Core Services organization that sits at the intersection of Workday's IPE (Infrastructure Platform Engineering) organization and our acquired companies.Workday has acquired several companies in the last couple of years that run multiple services across cloud service providers AWS and GCP with their own infrastructure patterns, CI/CD pipelines, and operational practices.

Our charter is to bring these companies onto CP2, Workday's cloud-agnostic \"paved road\" platform, so that 100% of services can run on any CSP. That means migrating workloads off CSP lock-in services (managed databases, proprietary queues, vendor-specific identity, etc.) and onto standardized CP2 building blocks for compute, networking, observability, CI/CD, and security.

This is a small, high-leverage team working directly with acquisition engineering leads, IPE platform owners, and Workday SREs. We operate in the open, driving architecture review boards, building migration scorecards, sizing onboarding effort, and producing the roadmap that shapes both what the IPE platform must build and what acquired teams must refactor. The work is technical, cross-organizational, and high-impact.

About the Role

As Principal Engineer, you are the senior technical leader for the acquisitions onboarding program. You set the architectural direction, make the calls that span multiple acquisitions and multiple IPE platform teams, and are accountable for the technical coherence of the end-state, not just that services move, but that they move in a way Workday can operate, secure, and evolve for the next decade.

Concretely, you will:

• Own or co-own the overall migration architecture and reference patterns that all acquired teams onboard against: compute, networking (VPC/subnets/regional topology), data, identity, secrets, observability, CI/CD, and SRE practices.

• Lead or co-lead the Architecture Review Boards for each acquisition: separate the hard blockers (genuine re-architecture) from soft blockers (tool swaps), make the call on which CSP-locked services have acceptable CP2 substitutes today vs. which require new platform investment, and produce defensible T-shirt-sized effort estimates that senior leadership can plan against.

• Define the dual backlog that shapes the IPE platform backlog (features the paved road must build to unblock acquisitions) and the acquisition backlog (technical debt teams must clear). Drive prioritization across both with IPE leaders and acquisition GMs.

• Be the technical bridge between acquired-company engineering leadership and IPE. Acquisitions have with their own strong opinions and their own platforms, and have legitimate skepticism about replatforming. You earn their trust through technical credibility, then drive convergence.

• Set the bar for regional/sovereign architecture: data residency, regional ring deployment patterns, key management, and the elimination of CSP-specific control-plane dependencies. Make sure the migrations we ship today don't quietly recreate lock-in tomorrow.

• Establish the migration playbook and the repeatable patterns (Terraform modules, pipeline templates, observability conventions, SLO frameworks, runbook standards) so future onboarding takes a fraction of the effort of the very first onboarding.

• Mentor and grow senior engineers on the team. Run design reviews. Represent the program in leadership forums.

• Partner with leadership on org design and sequencing: which acquisition moves first, where to invest in SMEs or contractors, where IPE must staff up, and what's realistically achievable in 12 months versus what should be phased.

This is a hands-on role at the architectural level. You will write code, IaC, and prototypes when that is the fastest way to resolve a contested technical question — but your primary leverage is judgment, design, and alignment across many teams.

About You

You are a Principal-level engineer who has led large multi-cloud migrations or M&A infrastructure integrations end-to-end and shipped them. You've owned the architecture, navigated organizational challenges, made the unpopular calls, and stayed accountable through the long tail of cutover, regressions, and operational handoff.

Basic Qualifications:

• 12+ years of software and infrastructure engineering experience, with deep production expertise across both AWS and GCP at organizational scale.

• Proficiency in using the latest AI tools (Claude Code, Cursor, Augment) as a force multiplier to accelerate code understanding, migration work, and documentation.

• You read code fluently in Go and Python, can debug a Kubernetes operator, and know what a well-designed service looks like, because you've built them.

• Demonstrable experience leading M&A or large-scale platform migrations: evaluating acquired or legacy systems, designing the consolidation, sequencing the work, and bringing it to completion.

• Mastery of Kubernetes at scale (EKS, GKE), container networking (e.g., Calico), and service mesh (Istio or equivalent), including instrumenting them for telemetry.

• Authoritative command of Terraform and Terragrunt across multi-account/multi-project organizations, with strong opinions on what "DRY infrastructure" actually means in practice.

Other Qualifications:

• A career arc that began in software development (high-throughput APIs, distributed systems, backend services) and evolved into platform and cloud engineering.

• Bachelor's degree in a computer related field or equivalent work experience.

• Deep observability expertise: Prometheus, Grafana, OpenTelemetry, GCP Operations Suite, and the design of long-horizon telemetry/log warehouses (e.g., BigQuery). You have strong views on golden signals, SLI/SLO design, and what makes alerting humane vs. corrosive.

• Production experience with enterprise CI/CD at scale (GitOps via ArgoCD or Flux; pipelines in GitHub Actions, GitLab CI, Jenkins, or Harness) and a clear philosophy on safe, zero-downtime delivery.

• Hands-on experience with cloud-scale relational databases (Aurora, Cloud SQL, Spanner) including multi-region availability and migration patterns.

• A track record on security and compliance fundamentals: IAM least-privilege, secrets management, encryption at rest/in transit, vulnerability scanning, and the basics of regulated/sovereign deployments.

• Strong coding skills in Go and/or Python for automation, migration tooling, and operators, not just glue scripts.

• You have a documented track record of bringing skeptical, distributed engineering teams into alignment around a shared technical direction. You do this through credibility and clarity, not authority.

• You know when to standardize and when to let an acquisition keep what works. You know when to invest in platform capability vs. when to ask the acquisition to refactor. You make those calls and own the outcome. You've shipped hard migrations.

Preferred:

• Experience with regional/sovereign cloud architectures and data residency regimes.

• Experience building or operating internal developer platforms at enterprise scale.Familiarity with secrets management, IAM least-privilege design, and basic security hygiene (vulnerability scanning, image signing, mTLS).

Workday Pay Transparency Statement

The annualized base salary ranges for the primary location and any additional locations are listed below. Workday pay ranges vary based on work location. As a part of the total compensation package, this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus, as well as annual refresh stock grants. Recruiters can share more detail during the hiring process. Each candidate’s compensation offer will be based on multiple factors including, but not limited to, geography, experience, skills, job duties, and business need, among other things. For more information regarding Workday’s comprehensive benefits, please click here.

Primary Location: USA.CA.Pleasanton

Primary Location Base Pay Range: $222,900 USD - $334,300 USD

Additional US Location(s) Base Pay Range: $187,100 USD - $334,300 USD

Our Approach to Flexible Work

With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.

Pursuant to applicable Fair Chance law, Workday will consider for employment qualified applicants with arrest and conviction records.

Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.

At Workday, we are committed to providing an accessible and inclusive hiring experience where all candidates can fully demonstrate their skills. If you require assistance or an accommodation at any point, please email [email protected].

Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!

At Workday, we value our candidates’ privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.

Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.

In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.

VEVRAA Federal Contractor.
We request Priority Protected Veteran & Disabled Referrals for all of our locations within the state.

PDN-a1fc8ad3-4d9b-4da4-b386-58eee3a84e97