Role overview

Senior Security Engineer, Security Operations- Moveworks

Requirements and responsibilities

Readable role content extracted into sections for faster review.

Details

  • E2E IR Automation: Design and implement end-to-end automation for the IR lifecycle (Detection -> Triage -> Containment -> Recovery).
  • Detection Engineering: Build and tune high-fidelity detections in our SIEM, EDR, and AI SOC platforms
  • AI-Driven Ops: Leverage LLMs, Prompt Engineering, and MCP (Model Context Protocol) servers to build "Agentic" security workflows that scale our defensive capabilities.
  • Purple Teaming: Detect and disrupt our internal red team. You will work closely with the Red team to detect their attacks, disrupt their attack path, and close vulnerabilities.
  • Validate the Defense: Don’t just build it—prove it works. Design and execute automated tests to validate that our detections and playbooks actually fire when they should.
  • Decide with Data: Be data driven, when faced with difficult or complex decisions, you quickly gather data to make informed decisions
  • Incident Response: Support active incidents as an incident responder, using each event as data to build better future automation.

To be successful in this role you have:

  • U.S. Citizenship required
  • The Mindset: You hate manual work. You see a repetitive task and immediately think about how to write a script or build an Agent to do it for you.
  • Technical Foundation: 1–5 years of experience in Security Operations or Security Engineering.
  • Automation Fluency: Proficiency in Python. You should be comfortable working with APIs, webhooks, and version control systems (Git).
  • AI Native: You don't just use ChatGPT; you understand Prompt Engineering, how to connect MCP servers, and how to integrate LLMs into technical workflows.
  • Cloud Proficiency: Hands-on experience with AWS (IAM, CloudTrail, GuardDuty). Experience with Kubernetes (EKS) is a major plus.
  • FedRAMP Readiness: While you are an engineer first, you have the soft skills to interpret control frameworks while understanding how to generate and present evidence to ensure we are in compliance.
Similar roles

Keep a backup shortlist.

Browse stack
FocusSecurity EngineeringRole area
Seniority signalSeniorCandidate level
StackAWS, Kubernetes, PythonPrimary skills
Location1 accepted countryEligibility

Stack

Use these tags to compare similar remote roles.

Location eligibility

Candidates should apply only when their profile country is listed here.

Your profileCountry not setSign in to check your country against this role.

Hiring flow

WithMira shows the role, then sends candidates to the company application.

1Check role fit, stack, and location eligibility in WithMira.
2Open the company application page from the tracked apply link.
3Save the role or subscribe for similar opportunities before leaving.
Apply on company siteCompany siteOpen link