ServiceNowRemote
Senior Security Engineer, Security Operations - Moveworks
United States of America
Full Time
1 hour ago
No H1B
Key skills
Security OperationsSecurity EngineeringPythonAPIWebhooksGitPrompt EngineeringModel Context Protocol (MCP)Large Language Models (LLMs)AWS IAMAWS CloudTrailAWS GuardDutyKubernetes (EKS)Incident ResponseAutomation MindsetData-driven Decision MakingFedRAMP Compliance InterpretationAIAgenticAWSKubernetesEKSIAMVersion ControlServiceNow
About this role
ServiceNow is a global market leader in innovative AI-enhanced technology, and they are seeking a Senior Security Engineer to join their Moveworks Security team. The role focuses on automating security operations and incident response through engineering solutions, while leveraging AI-driven capabilities for enhanced security measures.
Responsibilities:
- E2E IR Automation: Design and implement end-to-end automation for the IR lifecycle (Detection -> Triage -> Containment -> Recovery)
- Detection Engineering: Build and tune high-fidelity detections in our SIEM, EDR, and AI SOC platforms
- AI-Driven Ops: Leverage LLMs, Prompt Engineering, and MCP (Model Context Protocol) servers to build "Agentic" security workflows that scale our defensive capabilities
- Purple Teaming: Detect and disrupt our internal red team. You will work closely with the Red team to detect their attacks, disrupt their attack path, and close vulnerabilities
- Validate the Defense: Don’t just build it—prove it works. Design and execute automated tests to validate that our detections and playbooks actually fire when they should
- Decide with Data: Be data driven, when faced with difficult or complex decisions, you quickly gather data to make informed decisions
- Incident Response: Support active incidents as an incident responder, using each event as data to build better future automation
Requirements:
- U.S. Citizenship required
- The Mindset: You hate manual work. You see a repetitive task and immediately think about how to write a script or build an Agent to do it for you
- Technical Foundation: 1–5 years of experience in Security Operations or Security Engineering
- Automation Fluency: Proficiency in Python. You should be comfortable working with APIs, webhooks, and version control systems (Git)
- AI Native: You don't just use ChatGPT; you understand Prompt Engineering, how to connect MCP servers, and how to integrate LLMs into technical workflows
- Cloud Proficiency: Hands-on experience with AWS (IAM, CloudTrail, GuardDuty). Experience with Kubernetes (EKS) is a major plus
- FedRAMP Readiness: While you are an engineer first, you have the soft skills to interpret control frameworks while understanding how to generate and present evidence to ensure we are in compliance