Senior Application Security Engineer - Moveworks

ServiceNow•Mountain View, CA

13h•Remote

About The Position

Are you interested in being part of Application Security efforts at Moveworks? Do you enjoy collaborating closely with engineers to develop secure solutions from the ground up and ensure they remain robust over time? Are you passionate about learning and mitigating risks on LLM and Agentic AI solutions at scale? If so, we have the perfect opportunity for you. As a Security Engineer at Moveworks, you will focus on securing our AI infrastructure, platform, and features. Reporting directly to the Head of Application Security, you will be responsible for designing, implementing and executing security solutions and practices that enable our engineering teams to build secure infrastructure and features at scale. We are working on cutting-edge solutions and safeguards so Large Language Models (LLMs) can be safely deployed in the enterprise. In this role to be successful, you will partner with machine learning, search, product, infrastructure, data, and full-stack teams to identify, define and build elegant security solutions. You’ll drive design reviews and threat models, lead security code reviews and pentest efforts. You will also triage and address findings from SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) scans, as well as reports from our Bug Bounty program. This is an opportunity to play an integral role at the fastest-growing AI startup in its space.

Requirements

US citizenship required
5+ years of experience in Application Security identifying security risks, developing mitigation plans, and implementing security features and solutions.
3+ years of experience in Penetration testing.
2+ years of experience with SAST, DAST, dependency scanning and vulnerability management tools like Snyk, GitHub Dependabot, Burp Suite.
2+ years of modern high-level programming language like Python, Golang or equivalent.
Cloud Infrastructure: Hands-on experience with cloud-native security best practices across AWS, GCP, and/or Azure.
Technical Knowledge: In-depth knowledge of application security, network security, authentication, authorization, identity systems, encryption, AI/LLM security and secure coding practices.
Educational Background: BS+ in computer science or a related field, or equivalent relevant experience.

Responsibilities

Lead Security Reviews: Engage proactively in design discussions and data handling reviews to ensure security is integrated at every stage.
Execute Penetration Testing: Carry out targeted penetration tests as part of security reviews for features deemed critical. Identify vulnerabilities and recommend strategies for risk mitigation. Develop and refine testing methodologies to effectively uncover and address security risks.
Develop and Maintain AppSec Processes and Tools: Ensure our AppSec processes and CI/CD scanning tools are up-to-date and effective in identifying and mitigating vulnerabilities.
Contribute to Application Security (AppSec) Program Enhancements: Play a key role in the continuous improvement of the Application Security program at Moveworks, focusing on effective security outcomes.
Collaborate with Cross-Functional Teams: Partner with machine learning, search, product, infrastructure, data, and frontend teams to design secure solutions.
Empower Teams on Security Matters: Enable teams to make informed security-related decisions.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume