Staff Security Engineer, Security Operations Moveworks

The Moveworks Security team at ServiceNow is not looking for a traditional SOC analyst to watch a dashboard. We are looking for a Staff Agentic Security Engineer. Our ultimate goal is to automate the SOC out of existence through autonomous systems.

At the IC4 level you will not just execute workflows; you will define the architectural framework for our AI-driven defense. You will treat the incident response lifecycle as an advanced engineering problemexperimenting with designing and orchestrating complex multi-agent frameworks and Model Context Protocol (MCP) systems that handle proactive threat hunting triage and remediation at machine speed. This is a role for a visionary engineer who wants to push the boundaries of what agentic AI can achieve in enterprise defense.

What you get to do in this role:

• Building and AI Orchestration: Move beyond basic tool configuration to build code design and research advanced framework-level approaches for chaining MCP servers and AI agents. You will optimize agentic networks for maximum performance multi-step reasoning accuracy and deterministic outcomes in high-stress security scenarios.

• Proactive Threat Hunting Program: Architect and scale a proactive threat hunting program from scratch. You will leverage custom agents MCP capabilities and security tooling to proactively discover complex vulnerabilities configuration drift and hidden threats across the infrastructure network.

• Advanced Purple Team Synergies: Forge a cutting-edge feedback loop between the Blue Team and our internally developed AI Red Team Agent. You will seamlessly bridge automated offense and defense turning threat hunting insights into self-healing infrastructure.

• Cross-Functional Influence & Leadership: Act as a strategic engineering partner across IT Security Engineering DevOps DevSecOps Compliance Cloud and Infrastructure teams to ensure corporate systems are natively automation-ready.

• E2E IR Automation Architecture: Own the overarching engineering roadmap for the end-to-end incident response lifecycle (Detection Triage Containment Recovery) replacing traditional SOAR workflows with resilient agentic orchestration.

• Incident Commander Escalation: Serve as a high-tier technical escalation point for active complex incidents. Use every incident as an adversarial data point to design superior automated immune responses.

• Validate the Defense: Design execute and validate automated simulation testing to systematically prove that agentic workflows and detection pipelines trigger reliably against real-world attack behaviors.

   

Qualifications :

To be successful in this role you have:

• U.S. Citizenship Required: (Must meet strict compliance/FedRAMP criteria).

• Experience: 810 years of experience in Security Operations Systems Engineering or DevSecOps (Minimum 5 years of highly relevant engineering experience required).

• Cross-Functional Mastery: 35 years of proven track record working closely across multidisciplinary teams including Cloud Infrastructure DevOps DevSecOps Compliance and IT. Bonus points for direct collaboration experience with Product Security or Data Security teams.

• AI & Agentic Fluency: Deep familiarity with modern LLM agent frameworks including active research into their application performance trade-offs and behavioral guardrails. You know how to deeply integrate LLMs orchestrate custom MCP servers and build autonomous technical workflows.

• Automation Engineering: High proficiency in Python and software engineering principles. You have extensive past experience with traditional workflow engines and legacy SOAR tooling giving you the context needed to successfully replace them with AI-native alternatives.

• Cloud & Infrastructure Depth: Strong hands-on architectural familiarity with AWS security ecosystems (IAM CloudTrail GuardDuty) and containerized environments (Kubernetes/EKS).

• FedRAMP & Trust Awareness: While an engineer first you possess the communication skills and security compliance maturity to translate framework controls into automated code-driven evidence generation pipelines.

• Team & Collaboration Dynamics: A high-autonomy high-collaboration mindset. You thrive in a lean elite fast-moving team environment where you independently drive massive technical impact while mentoring and leveling up surrounding engineers.

   

Additional Information :

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible remote or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race color creed religion sex sexual orientation national origin or nationality ancestry age disability gender identity or expression marital status veteran status or any other category protected by addition all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. 

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process or are unable to use this online application and need an alternative method to apply please contact for assistance. 

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations including the U.S. Export Administration Regulations (EAR) ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. 

From Fortune. 2025 Fortune Media IP Limited. All rights reserved. Used under license. 

Remote Work :

No

Employment Type :

Full-time