Junior Security Incident Commander

Summary

Join ServiceNow’s Security Incident Command (SIC) team as a Junior Security Incident Commander and support the orchestration of incident response strategy and communications during critical information security-related incidents. This role involves assisting with the orchestration of response and remediation for high-criticality security events, taking ownership of low to moderate severity incidents, and establishing documentation surrounding protocols and procedures. You will also help prepare communications for stakeholders, conduct rapid response and investigations, partner with team members globally, assist with scenario-based exercises, maintain and develop playbooks, contribute to Post-Incident Reviews (PIRs) and Root Cause Analyses (RCAs), and identify ways to improve the major security incident process. The SIC team maintains and executes the Major Security Incidents (MSI) lifecycle, including preparation, response, and recovery. This position requires experience in incident response and leading complex security incidents.

Requirements

• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI’s potential impact on the function or industry
• 2 or more years of experience in incident response
• Experience leading or supporting complex security incidents to resolution end-to-end
• Excellent verbal and written communication skills (English)
• Comfort communicating complex topics in a clear and concise manner to different tiers of audiences (highly technical, less technical, executives, practitioners)
• Problem-solving and decision-making skills
• Ability to quickly and accurately assess a situation, identify and prioritize risks, and make sound decision
• Familiarity with cybersecurity principles and frameworks (e.g. MITRE ATT&CK)

Responsibilities

• Assist with the orchestration of response and remediation of incident response for highest criticality security events
• Take ownership and lead response to low to moderate severity incidents
• Establish and mature documentation surrounding protocols and procedures governing the security incident command team
• Help prepare and deliver communications, including executive summaries and incident briefings, to key stakeholders during and after incident response
• Conduct rapid response, mitigation, and investigations on the highest priority cases impacting ServiceNow and user data
• Partner with the team members across multiple regions to drive response and investigations globally
• Assist with the organization and conduct of scenario-based exercises to test and improve incident management and response strategies
• Assist with maintaining existing playbooks and procedures, as well as developing new ones, to further standardize SIC and its partners' responses when verifying MSIs
• Contribute to the organization and conduct of Post-Incident Reviews (PIRs) and Root Cause Analyses (RCAs) following major security incidents
• Assist in identifying new ways to simplify, integrate, automate and refine the major security incident process to better support internal and external stakeholders

Preferred Qualifications

• Knowledge across multiple security domains is a plus
• Experience planning and/or orchestrating tabletop exercises is a plus