Staff Security Engineer, Security Operations - Moveworks

About The Position

Requirements

• U.S. Citizenship Required: (Must meet strict compliance/FedRAMP criteria).
• Experience: 8–10 years of experience in Security Operations, Systems Engineering, or DevSecOps (Minimum 5 years of highly relevant engineering experience required).
• Cross-Functional Mastery: 3–5 years of proven track record working closely across multidisciplinary teams including Cloud Infrastructure, DevOps, DevSecOps, Compliance, and IT.
• AI & Agentic Fluency: Deep familiarity with modern LLM agent frameworks, including active research into their application, performance trade-offs, and behavioral guardrails. Ability to deeply integrate LLMs, orchestrate custom MCP servers, and build autonomous technical workflows.
• Automation Engineering: High proficiency in Python and software engineering principles. Extensive past experience with traditional workflow engines and legacy SOAR tooling.
• Cloud & Infrastructure Depth: Strong, hands-on architectural familiarity with AWS security ecosystems (IAM, CloudTrail, GuardDuty) and containerized environments (Kubernetes/EKS).
• FedRAMP & Trust Awareness: Communication skills and security compliance maturity to translate framework controls into automated, code-driven evidence generation pipelines.
• Team & Collaboration Dynamics: A high-autonomy, high-collaboration mindset. Ability to thrive in a lean, elite, fast-moving team environment where you independently drive massive technical impact while mentoring and leveling up surrounding engineers.

Nice To Haves

• Direct collaboration experience with Product Security or Data Security teams.

Responsibilities

• Building and AI Orchestration: Build, code, design, and research advanced, framework-level approaches for chaining MCP servers and AI agents. Optimize agentic networks for maximum performance, multi-step reasoning accuracy, and deterministic outcomes in high-stress security scenarios.
• Proactive Threat Hunting Program: Architect and scale a proactive threat hunting program from scratch, leveraging custom agents, MCP capabilities, and security tooling to proactively discover complex vulnerabilities, configuration drift, and hidden threats across the infrastructure network.
• Advanced Purple Team Synergies: Forge a feedback loop between the Blue Team and the internally developed AI Red Team Agent, seamlessly bridging automated offense and defense, and turning threat hunting insights into self-healing infrastructure.
• Cross-Functional Influence & Leadership: Act as a strategic engineering partner across IT, Security Engineering, DevOps, DevSecOps, Compliance, Cloud, and Infrastructure teams to ensure corporate systems are natively "automation-ready."
• E2E IR Automation Architecture: Own the overarching engineering roadmap for the end-to-end incident response lifecycle (Detection → Triage → Containment → Recovery), replacing traditional SOAR workflows with resilient, agentic orchestration.
• Incident Commander Escalation: Serve as a high-tier technical escalation point for active, complex incidents. Use every incident as an adversarial data point to design superior automated immune responses.
• Validate the Defense: Design, execute, and validate automated simulation testing to systematically prove that agentic workflows and detection pipelines trigger reliably against real-world attack behaviors.

Benefits

• Flexible scheduling
• Remote work options