Staff Security Engineer, Security Operations - Moveworks

Staff Security Engineer, Security Operations - Moveworks Company Description Who we are Moveworks is the Agentic AI Assistant platform that empowers the entire workforce. Our platform enables employees to converse with all of their business systems through natural language to quickly find answers and automate tasks. Powered by the world's most advanced LLMs, our proprietary models, and a sophisticated Agentic AI platform, we're transforming how work gets done by allowing AI to take initiative, streamline complex workflows, and continuously learn and adapt. Moveworks is trusted by over 5.5 million employees at more than 350 of the world’s largest companies, including 10% of the Fortune 500, to automate everyday tasks and streamline business operations. Recognized on the Forbes Cloud 100 and AI 50 lists, Moveworks was also named one of Fast Company’s 2025 Most Innovative Companies and Inc’s Best in Business, in the Best in Innovation category. Moveworks was also recognized at Microsoft’s 2025 Partner of the Year and in 2024, received the AI Breakthrough Award. In December 2025, Moveworks was acquired by ServiceNow, marking a pivotal milestone in our journey to create a single front door to work for all business systems. By combining ServiceNow’s leading workflow automation with Moveworks’ Reasoning Engine and natural language capabilities, we deliver the AI platform for every person and every workflow. Built to go beyond basic summaries to deliver meaningful business impact. Together, our AI acts across enterprise systems to turn conversations into completed work. By joining our team, you’ll be at the forefront of the AI transformation, backed by the global scale of ServiceNow and the agility of a high-growth company. We are looking for world-class talent to help us extend agentic AI to every employee across every corner of the business. ServiceNow It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone. Job Description The Moveworks Security team at ServiceNow is not looking for a traditional SOC analyst to watch a dashboard. We are looking for a Staff Agentic Security Engineer . Our ultimate goal is to automate the SOC out of existence through autonomous systems. At the IC4 level, you will not just execute workflows; you will define the architectural framework for our AI-driven defense. You will treat the incident response lifecycle as an advanced engineering problem—experimenting with, designing, and orchestrating complex, multi-agent frameworks and Model Context Protocol (MCP) systems that handle proactive threat hunting, triage, and remediation at machine speed. This is a role for a visionary engineer who wants to push the boundaries of what agentic AI can achieve in enterprise defense. What you get to do in this role: Building and AI Orchestration: Move beyond basic tool configuration to build, code, design and research advanced, framework-level approaches for chaining MCP servers and AI agents. You will optimize agentic networks for maximum performance, multi-step reasoning accuracy, and deterministic outcomes in high-stress security scenarios. Proactive Threat Hunting Program: Architect and scale a proactive threat hunting program from scratch. You will leverage custom agents, MCP capabilities, and security tooling to proactively discover complex vulnerabilities, configuration drift, and hidden threats across the infrastructure network. Advanced Purple Team Synergies: Forge a cutting-edge feedback loop between the Blue Team and our internally developed AI Red Team Agent. You will seamlessly bridge automated offense and defense, turning threat hunting insights into self-healing infrastructure. Cross-Functional Influence & Leadership: Act as a strategic engineering partner across IT, Security Engineering, DevOps, DevSecOps, Compliance, Cloud, and Infrastructure teams to ensure corporate systems are natively automation-ready. E2E IR Automation Architecture: Own the overarching engineering roadmap for the end-to-end incident response lifecycle (Detection → Triage → Containment → Recovery), replacing traditional SOAR workflows with resilient, agentic orchestration. Incident Commander Escalation: Serve as a high-tier technical escalation point for active, complex incidents. Use every incident as an adversarial data point to design superior automated immune responses. Validate the Defense: Design, execute, and validate automated simulation testing to systematically prove that agentic workflows and detection pipelines trigger reliably against real-world attack behaviors. Qualifications To be successful in this role you have: U.S. Citizenship Required: (Must meet strict compliance/FedRAMP criteria). Experience: 8–10 years of experience in Security Operations, Systems Engineering, or DevSecOps (Minimum 5 years of highly relevant engineering experience required). Cross-Functional Mastery: 3–5 years of proven track record working closely across multidisciplinary teams including Cloud Infrastructure, DevOps, DevSecOps, Compliance, and IT. Bonus points for direct collaboration experience with Product Security or Data Security teams. AI & Agentic Fluency: Deep familiarity with modern LLM agent frameworks, including active research into their application, performance trade-offs, and behavioral guardrails. You know how to deeply integrate LLMs, orchestrate custom MCP servers, and build autonomous technical workflows. Automation Engineering: High proficiency in Python and software engineering principles. You have extensive past experience with traditional workflow engines and legacy SOAR tooling, giving you the context needed to successfully replace them with AI-native alternatives. Cloud & Infrastructure Depth: Strong, hands-on architectural familiarity with AWS security ecosystems (IAM, CloudTrail, GuardDuty) and containerized environments (Kubernetes/EKS). FedRAMP & Trust Awareness: While an engineer first, you possess the communication skills and security compliance maturity to translate framework controls into automated, code-driven evidence generation pipelines. Team & Collaboration Dynamics: A high-autonomy, high-collaboration mindset. You thrive in a lean, elite, fast-moving team environment where you independently drive massive technical impact while mentoring and leveling up surrounding engineers. Additional Information We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service. Equal Opportunity Employer ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. Accommodations We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact View email address on click.appcast.io for assistance. Export Control Regulations For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. #J-18808-Ljbffr Moveworks