Senior Security Engineer, Security Operations - Moveworks

Moveworks, a part of ServiceNow, is an Agentic AI Assistant platform transforming how work gets done. The Senior Security Engineer will focus on automating security operations, designing autonomous workflows for incident response, and leveraging AI-driven defense mechanisms.

Responsibilities:

• E2E IR Automation: Design and implement end-to-end automation for the IR lifecycle (Detection -> Triage -> Containment -> Recovery)
• Detection Engineering: Build and tune high-fidelity detections in our SIEM, EDR, and AI SOC platforms
• AI-Driven Ops: Leverage LLMs, Prompt Engineering, and MCP (Model Context Protocol) servers to build "Agentic" security workflows that scale our defensive capabilities
• Purple Teaming: Detect and disrupt our internal red team. You will work closely with the Red team to detect their attacks, disrupt their attack path, and close vulnerabilities
• Validate the Defense: Don’t just build it—prove it works. Design and execute automated tests to validate that our detections and playbooks actually fire when they should
• Decide with Data: Be data driven, when faced with difficult or complex decisions, you quickly gather data to make informed decisions
• Incident Response: Support active incidents as an incident responder, using each event as data to build better future automation

Requirements:

• U.S. Citizenship required
• 1–5 years of experience in Security Operations or Security Engineering
• Proficiency in Python
• Hands-on experience with AWS (IAM, CloudTrail, GuardDuty)
• While you are an engineer first, you have the soft skills to interpret control frameworks while understanding how to generate and present evidence to ensure we are in compliance
• Experience with Kubernetes (EKS) is a major plus
• Understanding of Prompt Engineering, how to connect MCP servers, and how to integrate LLMs into technical workflows