About the position
As a Security Engineer at Moveworks, you will focus on securing our AI infrastructure, platform, and features. Reporting directly to the Head of Application Security, you will be responsible for designing, implementing and executing security solutions and practices that enable our engineering teams to build secure infrastructure and features at scale. We are working on cutting-edge solutions and safeguards so Large Language Models (LLMs) can be safely deployed in the enterprise. In this role to be successful, you will partner with machine learning, search, product, infrastructure, data, and full-stack teams to identify, define and build elegant security solutions. You'll drive design reviews and threat models, lead security code reviews and pentest efforts. You will also triage and address findings from SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) scans, as well as reports from our Bug Bounty program. This is an opportunity to play an integral role at the fastest-growing AI startup in its space.
Responsibilities
- Lead Security Reviews: Engage proactively in design discussions and data handling reviews to ensure security is integrated at every stage.
- Execute Penetration Testing: Carry out targeted penetration tests as part of security reviews for features deemed critical. Identify vulnerabilities and recommend strategies for risk mitigation. Develop and refine testing methodologies to effectively uncover and address security risks.
- Develop and Maintain AppSec Processes and Tools: Ensure our AppSec processes and CI/CD scanning tools are up-to-date and effective in identifying and mitigating vulnerabilities.
- Contribute to Application Security (AppSec) Program Enhancements: Play a key role in the continuous improvement of the Application Security program at Moveworks, focusing on effective security outcomes.
- Collaborate with Cross-Functional Teams: Partner with machine learning, search, product, infrastructure, data, and frontend teams to design secure solutions.
- Empower Teams on Security Matters: Enable teams to make informed security-related decisions.
Requirements
- 3+ years of experience in Application Security identifying security risks, developing mitigation plans, and implementing security features and solutions.
- 3+ years of experience in Penetration testing.
- 2+ years of experience with SAST, DAST, dependency scanning and vulnerability management tools like Snyk, GitHub Dependabot, Burp Suite.
- 2+ years of modern high-level programming language like Python, Golang or equivalent.
- Hands-on experience with cloud-native security best practices across AWS, GCP, and/or Azure.
- In-depth knowledge of application security, network security, authentication, authorization, identity systems, encryption, AI/LLM security and secure coding practices.
- BS+ in computer science or a related field, or equivalent relevant experience.
