Senior Security Engineer, Security Operations - Moveworks

The Moveworks Security team at ServiceNow is not looking for a traditional SOC analyst to watch a dashboard. We are looking for a Security Automation Disruptor. Your goal is to automate the SOC out of existence. As a member of our Blue Team, you will treat the incident response lifecycle as an engineering problem—designing, building, and deploying autonomous workflows that handle detection, triage, and remediation at machine speed. You will be at the intersection of core Security Operations and AI-driven defense.

What you get to do in this role:

• E2E IR Automation: Design and implement end-to-end automation for the IR lifecycle (Detection -> Triage -> Containment -> Recovery).

• Detection Engineering: Build and tune high-fidelity detections in our SIEM, EDR, and AI SOC platforms

• AI-Driven Ops: Leverage LLMs, Prompt Engineering, and MCP (Model Context Protocol) servers to build "Agentic" security workflows that scale our defensive capabilities.

• Purple Teaming: Detect and disrupt our internal red team. You will work closely with the  Red team to detect their attacks, disrupt their attack path, and close vulnerabilities. 

• Validate the Defense: Don’t just build it—prove it works. Design and execute automated tests to validate that our detections and playbooks actually fire when they should.

• Decide with Data: Be data driven, when faced with difficult or complex decisions, you quickly gather data to make informed decisions 

• Incident Response: Support active incidents as an incident responder, using each event as data to build better future automation.

To be successful in this role you have:

• U.S. Citizenship required

• The Mindset: You hate manual work. You see a repetitive task and immediately think about how to write a script or build an Agent to do it for you.

• Technical Foundation: 1–5 years of experience in Security Operations or Security Engineering.

• Automation Fluency: Proficiency in Python. You should be comfortable working with APIs, webhooks, and version control systems (Git).

• AI Native: You don't just use ChatGPT; you understand Prompt Engineering, how to connect MCP servers, and how to integrate LLMs into technical workflows.

• Cloud Proficiency: Hands-on experience with AWS (IAM, CloudTrail, GuardDuty). Experience with Kubernetes (EKS) is a major plus.

• FedRAMP Readiness: While you are an engineer first, you have the soft skills to interpret control frameworks while understanding how to generate and present evidence to ensure we are in compliance.

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. 

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance. 

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. 

From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license.