Product Security Engineer

Summary

Join ServiceNow's Application Security Team as an engineer responsible for identifying security vulnerabilities within the platform. You will collaborate with external researchers and customers conducting security assessments, utilize dynamic security testing tools, and advocate for security best practices. A key aspect of this role involves reporting issues to application owners, providing remediation recommendations, and validating resolution. The position requires experience in web security, familiarity with OWASP, and expertise in various technologies. Successful candidates will possess strong communication skills and a proven ability to articulate complex issues to both executives and customers.

Requirements

• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI's potential impact on the function or industry
• 2+ years prior experience in web security/strong familiarity with OWASP and expertise in Docker, Kubernetes, AWS, security scanning, and deployment tools like Jenkins within infrastructure environments
• Understanding of information security
• Previously managed a bug bounty or responsible disclosure program
• Strong understanding of web and mobile application security assessment techniques
• Ability to articulate complex issues to executives and customers

Responsibilities

• Identify security vulnerabilities within our platform
• Interface with external researchers and customers that perform security assessments against ServiceNow
• Run dynamic security testing tools, plan projects, and be a security advocate
• Effectively report issues to application owners, provide meaningful remediation recommendations, and validate that issues have been resolved

Preferred Qualifications

• Experience working with the ServiceNow Platform
• Security certifications