We are looking for a passionate DevSecOps engineer to join our team. As a DevSecOps Engineer, you will play a critical role in ensuring the security of our software development processes and infrastructure including FedRAMP compliant environment. Your expertise in both development and security will contribute to the successful delivery of high-quality, secure AI solutions to our customers.
We’re building a team that indexes on moving fast, solving challenging engineering problems and providing value to our customers. To be successful, you'll be partnering with infrastructure, security, machine learning, search, and data teams to identify their DevOps and security needs and implement solutions. This is an opportunity to play an integral role at the fastest-growing AI company in its space.
Who we are:
Moveworks is on a mission to make language the universal UI. We give enterprises a conversational interface that works across every system — from Microsoft to Workday to Salesforce. Powered by GPT-class machine learning models, the Moveworks platform learns the unique language of each organization to solve thousands of use cases. Brands like Databricks, Broadcom, DocuSign, and Palo Alto Networks leverage Moveworks’ proprietary enterprise data, out-of-the-box solutions, and intuitive developer tools to bring conversational automation to all aspects of their business.
Founded in 2016, Moveworks has raised $315 million in funding, at a valuation of $2.1 billion. We’ve been named to the Forbes AI 50 list for five consecutive years while earning recognition as the winner of the 2023 Edison Awards for AI Optimized Productivity, and as the Best Bot Solution at the 2022 AI Breakthrough Awards.
Moveworks has over 500 employees in six offices around the world, and is backed by some of the world's most prominent investors, including Kleiner Perkins, Lightspeed, Bain Capital Ventures, Sapphire Ventures, Iconiq, and more.
Come join one of the most innovative teams on the planet!
What you’ll do:
- Secure Infrastructure: Design, implement, and maintain secure infrastructure and environments (such as FedRAMP compliant environment) consisting of applications, containers, virtual machines and cloud infrastructure.
- Vulnerability Management: Collaborate with teams to remediate and mitigate identified vulnerabilities. Also, work with the security team to assess vulnerabilities as well as identify potential security risks and weaknesses in the system.
- Security Automation: Develop and maintain security automation tools and scripts to streamline security processes and patch management as well as ensure consistent application of security controls across deployment pipelines and infrastructure.
- Incident Response: Respond to security incidents promptly, perform root cause analysis, and implement measures to prevent future occurrences.
- Security Audits and Compliance: Assist in security audits and compliance assessments to ensure adherence to industry standards and regulations. Collaborate with internal and external auditors to address any security-related findings.
- Collaboration and Documentation: Work closely with developers and security teams to identify security requirements and implement appropriate solutions. Maintain clear and comprehensive documentation of security practices, standards, and procedures.
What you bring to the table:
- Bachelor's degree in computer science, information security, or a related field.
- 2+ years of experience as DevSecOps / DevOps engineer with exp in security
- Good knowledge of software development processes and CI/CD pipelines.
- Proficiency in programming and scripting languages such as Python and Bash.
- Understanding of security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top 10).
- Familiarity with security tools and technologies such as static code analysis, vulnerability scanners, intrusion detection/prevention systems, and SIEM solutions.
- Experience with vulnerability management and automating processes for resolving vulnerabilities.
- Experience with cloud platforms (e.g., AWS, Azure, Google Cloud) and containerization technologies (e.g., Docker, Kubernetes).
- Experience with infrastructure-as-code tools (e.g., Terraform, CloudFormation). Knowledge of security frameworks and standards (e.g., ISO 27001, NIST, PCI DSS).
- An appetite for working at a startup pace on challenging problems with a high degree of ownership.