Senior Identity & Access Management Engineer - Moveworks

Company Description
Who we are
Moveworks is the Agentic AI Assistant platform that empowers the entire workforce.
Our platform enables employees to converse with all of their business systems through natural language to quickly find answers and automate tasks. Powered by the world's most advanced LLMs, our proprietary models, and a sophisticated Agentic AI platform, we're transforming how work gets done by allowing AI to take initiative, streamline complex workflows, and continuously learn and adapt.
Moveworks is trusted by over 5.5 million employees at more than 350 of the world's largest companies, including 10% of the Fortune 500, to automate everyday tasks and streamline business operations. Recognized on the Forbes Cloud 100 and AI 50 lists, Moveworks was also named one of Fast Company's 2025 Most Innovative Companies and Inc's Best in Business, in the Best in Innovation category. Moveworks was also recognized at Microsoft's 2025 Partner of the Year and in 2024, received the AI Breakthrough Award.
In December 2025, Moveworks was acquired by ServiceNow, marking a pivotal milestone in our journey to create a single front door to work for all business systems. By combining ServiceNow's leading workflow automation with Moveworks' Reasoning Engine and natural language capabilities, we deliver the AI platform for every person and every workflow. Built to go beyond basic summaries to deliver meaningful business impact. Together, our AI acts across enterprise systems to turn conversations into completed work.
By joining our team, you'll be at the forefront of the AI transformation, backed by the global scale of ServiceNow and the agility of a high-growth company. We are looking for world-class talent to help us extend agentic AI to every employee across every corner of the business.
Come join us!
ServiceNow
It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today - ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.
Job Description
The Role
Do you care deeply about secure access at scale? Making sure the right people have the right access, exactly when they need it, without slowing teams down? Join Moveworks and help shape the future of our identity and access strategy.
At Moveworks, we believe great security is an enabler, not a blocker. As a Senior Identity & Access Management Engineer, you'll be a hands-on technical developer, coding, designing, building, and scaling IAM solutions across cloud infrastructure, SaaS applications, and internal systems. You'll own the development of IAM initiatives end-to-end, from untangling ambiguous access challenges to architecting secure, automated solutions and driving them into production.
In this role, you'll develop robust access models across AWS, Azure, Kubernetes, and beyond; reduce privilege sprawl through thoughtful role design; and build strong observability through logging, metrics, and reporting in our SIEM. You'll modernize access reviews to deliver real security impact with minimal friction, continuously de-risk IAM threats, and partner closely with teams to drive adoption of secure-by-default patterns.
Your work will directly protect Moveworks' most critical systems while enabling our engineers to move fast, safely, and confidently.
What you get to do in this role:

• Be the technical developer to drive IAM application development: Code, design, and implement solutions with extensive knowledge in AWS, Azure, Teleport, and Terraform. Enabling robust and reliable solutions to keep our engineering teams active.
• Drive IAM projects end-to-end: Take ambiguous access problems, understand and have the ability to define requirements, architect solutions, and own the rollout/operationalization (not just the design).
• Develop with secure access models in mind: Continuously develop role design improvements and access assignment patterns across AWS, Kubernetes, SaaS apps, and internal systems to reduce unnecessary privileges, minimize manual grants, and create scalable "safe baseline" access that covers routine work without daily elevation.
• Develop on operationalizing logging and metrics: Ensure access changes are observable in our Security Information and Event Management (SIEM) tool; build repeatable reporting that surfaces risky access and drift.
• Run and improve user access reviews (UAR): Develop, execute and design a UAR process & solution that meets compliance requirements while improving real security signal-minimizing approver burden through scoping, automation, and clear decision support.
• Develop technology to continuously de-risk: Identify high-risk permissions and misuse paths, propose appropriate controls and mitigations, drive adoption with partner teams, and develop solutions to continuously de-risk.
• Operate with strong security judgment and high signal: Reliably distinguish meaningful IAM risk from noise, gather context efficiently, and escalate with crisp rationale and actionable mitigations.
• Document and standardize the paved road: Write lightweight procedures, runbooks, and automation so access decisions are consistent, scalable, and not dependent on tribal knowledge.

Qualifications
To be successful in this role you have:

• US Citizenship preferred
• Willingness to work onsite at our Mountain View or New York offices
• Experience: 5+ years of experience working in IAM, security engineering, or platform engineering with substantial IAM responsibilities in production environments.
• IAM Expertise: Strong grasp of IAM best practices and common failure modes (e.g., least privilege, privilege escalation paths, separation of duties, breakglass, auditability).
• Cloud Infrastructure IAM: Practical experience implementing and designing access control in AWS, Azure, GCP environments and partnering with teams who manage infrastructure at scale. Experience configuring IAM in Teleport, Terraform and Kubernetes environments is a plus.
• SSO Experience: Experience with Okta administration and patterns (e.g., groups, app assignments, lifecycle/provisioning), or equivalent experience with a similar SSO product.
• Threat-aware thinking: Ability to spot dangerous permissions and misuse paths (including insider-threat scenarios), assess risk, and identify suitable mitigations and controls.
• Automation-first mindset: Comfortable using scripting languages and AI coding tools to build reliable automation, and able to read/validate what the code is doing.
• Protocol fluency: Working understanding of OAuth, OIDC, SAML, and SCIM, including when to use which, failure modes, and common pitfalls.
• Collaboration: Proven ability to build long-lasting relationships with various technical teams, such as Engineering, Information Technology, Infrastructure, and DevOps teams.
• Educational Background: BS+ in computer science or a related field, or equivalent relevant experience.

Additional Information
Work Personas
We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here . To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.
Equal Opportunity Employer
ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements.
Accommodations
We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact [email protected] for assistance.
Export Control Regulations
For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities.
From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license.