[Remote] Senior Security Engineer, Security Operations - Moveworks
Note: The job is a remote job and is open to candidates in USA. Moveworks is the Agentic AI Assistant platform that empowers the entire workforce. The Senior Security Engineer will focus on automating security operations and incident response, leveraging AI to enhance defensive capabilities and streamline workflows.
Responsibilities
- E2E IR Automation: Design and implement end-to-end automation for the IR lifecycle (Detection -> Triage -> Containment -> Recovery)
- Detection Engineering: Build and tune high-fidelity detections in our SIEM, EDR, and AI SOC platforms
- AI-Driven Ops: Leverage LLMs, Prompt Engineering, and MCP (Model Context Protocol) servers to build "Agentic" security workflows that scale our defensive capabilities
- Purple Teaming: Detect and disrupt our internal red team. You will work closely with the Red team to detect their attacks, disrupt their attack path, and close vulnerabilities
- Validate the Defense: Don’t just build it—prove it works. Design and execute automated tests to validate that our detections and playbooks actually fire when they should
- Decide with Data: Be data driven, when faced with difficult or complex decisions, you quickly gather data to make informed decisions
- Incident Response: Support active incidents as an incident responder, using each event as data to build better future automation
Skills
- U.S. Citizenship required
- The Mindset: You hate manual work. You see a repetitive task and immediately think about how to write a script or build an Agent to do it for you
- Technical Foundation: 1–5 years of experience in Security Operations or Security Engineering
- Automation Fluency: Proficiency in Python. You should be comfortable working with APIs, webhooks, and version control systems (Git)
- AI Native: You don't just use ChatGPT; you understand Prompt Engineering, how to connect MCP servers, and how to integrate LLMs into technical workflows
- Cloud Proficiency: Hands-on experience with AWS (IAM, CloudTrail, GuardDuty). Experience with Kubernetes (EKS) is a major plus
- FedRAMP Readiness: While you are an engineer first, you have the soft skills to interpret control frameworks while understanding how to generate and present evidence to ensure we are in compliance
Benefits
- Flexible or Remote work persona
- Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location.
- We strive to create an accessible and inclusive experience for all candidates.
- If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact [email protected] for assistance.
Company Overview