Security Operations Engineer at Moveworks (Peninsula)
We are looking for a passionate Security Operations Engineer to join our team. As a member of the Security team, you will be responsible for building and driving strategic and tactical security initiatives to protect and secure the Moveworks Platform, its infrastructureand all its data. As Moveworks grows fast, the Security team is tasked with protecting, designing, securing and operating a trustworthy production and corporate environment.
Protecting the data of Moveworks and its users is essential to maintaining the trust of its customers. Building and maintaining our SOC is critical to meeting our obligations to Moveworks, its customers and its users. An effective Security program(s) improves the security posture of Moveworks through strategic security initiatives, innovative technical controls, well. defined processes, effective cross-functional collaboration, and efficient project execution.
We’re building a team that indexes on moving fast, solving challenging product/engineering problems and providing value to our customers. To be successful, you'll be partnering with every single organization within Moveworks. This includes Engineering (infrastructure, machine learning, search, data, etc..) Sales, Marketing, Product, and Legal teams to identify risks and find creative solutions to mitigate and reduce those risks. This is an opportunity to play an integral role at the fastest-growing AI startup in its space.Who we are:
Moveworks is revolutionizing how companies support their employees — with the first AI platform that makes getting help at work effortless. Using advanced conversational AI built for the enterprise, Moveworks gives employees exactly what they need, from IT support to HR help to policy information. Our platform allows customers like DocuSign, Twitter, Snowflake, Instacart, Coca Cola, and Hearst to move forward on what matters.
Founded in 2016, Moveworks has raised $315 million in funding, at a valuation of $2.1 billion. We’ve been named to the Forbes AI 50 list for three consecutive years, while earning recognition as the Best Chatbot Solution at the 2021 AI Breakthrough Awards. Above all, we’ve built an AI company that puts people first, which is why Built In named Moveworks the #1 Best Place to Work in the Bay Area.
Come join one of the fastest-growing teams on the planet!What you’ll do:
- Participate in incident management calls and coordinate response, triage, recovery, and reporting of incidents.
- Monthly and quarterly incident analysis and stats reporting.
- Ongoing maintenance and improvements/tuning of the detection signals
- Work closely with the Detection and Threat Engineers to detect, respond to alerts. and provide timely response for the security incidents
- Participate in incident response activities (including tabletop exercises) to verify existing playbooks and procedures and identify opportunities for improvement
- Triaging, assessing, and analyzing incidents in phishing and malware
- Continuous monitoring, tuning, hardening and improvement of the existing security rules and policies
- Keeping existing runbooks up to date and creating new runbooks to improve processes/coverage
- Analyze security data and report on threats and incidents across various platforms. and environments.
- Monitor and analyze emerging threats, vulnerabilities and exploits.
- Provide security monitoring and incident response services supporting the mission to protect Moveworks
- Security process improvement
- 4+ years of industry experience
- 4+ years work experience in reviewing or coding in Python, Golang, Java, and/or C++
- Excellent understanding and experience in multiple security domains such as intrusion detection, incident response, malware analysis, application security, and forensics.
- Experience detecting abuse and large-scale attacks in a diverse environment.
- Experience in cloud environments (AWS preferred) and Linux containers and orchestration systems (Kubernetes preferred)
- Basic understanding of the Security automation (SOAR) principles. As a bonus – ability to create/modify scripts to automate repetitive tasks to free up time to focus on more exciting detections/alerts.
- Experience working with multiple stakeholders such as engineering/operations teams, internal business units, external incident response teams, and law enforcement throughout the incident lifecycle.
- Solid experience and the ability to analyze network traffic, endpoint indicators, IOCs. Ability to combine/search/correlate various log sources to identify potential threats, assess the potential damage, and recommend countermeasures
Familiarity with the following detection-related disciplines with deep experience in one or more:
- Large scale analysis of log data using tools such as PAN XSOAR, PAN XDR, Splunk,ELK.
- File system, memory, or live response on Windows, MacOS and/or Linux.
- Analysis of network traffic from intrusion detection systems and flow monitoring systems.
- Host level detection with tools such as auditd, os-query, SysMon
- Palo Networks Stacks including: Firewalls, Cortex XDR, Prisma, GlobalProtect and XSOAR
- Experience with Splunk is a bonus
- Security Certifications (i.e. Security+, CISSP, CEH, SANS, etc.) is also a plus