Staff Security Engineer, Security Operations - Moveworks

About The Position

Requirements

• U.S. Citizenship Required (Must meet strict compliance/FedRAMP criteria).
• 8–10 years of experience in Security Operations, Systems Engineering, or DevSecOps (Minimum 5 years of highly relevant engineering experience required).
• 3–5 years of proven track record working closely across multidisciplinary teams including Cloud Infrastructure, DevOps, DevSecOps, Compliance, and IT.
• Deep familiarity with modern LLM agent frameworks, including active research into their application, performance trade-offs, and behavioral guardrails.
• High proficiency in Python and software engineering principles.
• Extensive past experience with traditional workflow engines and legacy SOAR tooling.
• Strong, hands-on architectural familiarity with AWS security ecosystems (IAM, CloudTrail, GuardDuty) and containerized environments (Kubernetes/EKS).
• Communication skills and security compliance maturity to translate framework controls into automated, code-driven evidence generation pipelines.
• High-autonomy, high-collaboration mindset, thriving in a lean, elite, fast-moving team environment.
• Ability to independently drive massive technical impact while mentoring and leveling up surrounding engineers.

Nice To Haves

• Direct collaboration experience with Product Security or Data Security teams.

Responsibilities

• Build, code, design, and research advanced, framework-level approaches for chaining MCP servers and AI agents, optimizing agentic networks for performance, reasoning accuracy, and deterministic outcomes.
• Architect and scale a proactive threat hunting program using custom agents, MCP capabilities, and security tooling to discover vulnerabilities, configuration drift, and hidden threats.
• Forge a feedback loop between the Blue Team and an internally developed AI Red Team Agent, bridging automated offense and defense, and turning threat hunting insights into self-healing infrastructure.
• Act as a strategic engineering partner across IT, Security Engineering, DevOps, DevSecOps, Compliance, Cloud, and Infrastructure teams to ensure corporate systems are automation-ready.
• Own the engineering roadmap for the end-to-end incident response lifecycle (Detection → Triage → Containment → Recovery), replacing traditional SOAR workflows with agentic orchestration.
• Serve as a high-tier technical escalation point for active, complex incidents, using each incident as data to design superior automated immune responses.
• Design, execute, and validate automated simulation testing to prove the reliability of agentic workflows and detection pipelines against real-world attack behaviors.

Benefits

• Flexible work personas (flexible, remote, or required in office).