Senior Application Security Engineer

Summary

Join ServiceNow's Global Security Support Center Application Security team as a Senior Application Security Engineer. You will investigate and remediate application security vulnerabilities in ServiceNow products, collaborating with customers, researchers, and developers. This critical role requires expertise in web application security, strong analytical and communication skills, and proficiency in programming languages. The position necessitates a background check and US citizenship or permanent residency. Success in this role demands a strong understanding of web application security assessment techniques and excellent collaboration skills. ServiceNow offers a flexible work environment and is an equal opportunity employer.

Requirements

• Pass a ServiceNow background screening, USFedPASS (US Federal Personnel Authorization Screening Standards)
• Be a US citizen, US naturalized citizen or US Permanent Resident holding a green card
• Have 4+ years of working in Cyber Security or adjacent role(s)
• Have 3+ years of ServiceNow experience
• Possess in-depth knowledge of common web application vulnerabilities (OWASP Top Ten)
• Have developer level proficiency in at least one language - Python, Java, or JavaScript
• Have a bachelor's degree in computer Science or equivalent project/work experience
• Have a strong understanding of web (or mobile) application security assessment techniques
• Possess excellent communication skills and can articulate complex issues to peers, executives, and customers
• Possess strong interpersonal skills
• Have the ability to perform and excel with little supervision; be self-motivated and driven
• Possess excellent collaboration skills; have the ability to foster and feed off coworkers
• Have a Win As a Team attitude; be a great team player
• Have a passion for security

Responsibilities

• Investigate ServiceNow's products to discover, communicate, and recommend remediation activities for software vulnerabilities
• Help customers improve the security posture of their environments, prepare to pentest their environment, and deal with respective regulatory requirements
• Review, test, and confirm security findings reported by customers and ensure they fully understand the finding outcomes
• Report problems based on confirmed security findings
• Contribute to architecting roadmaps for ServiceNow's Customer Penetration Testing & Security Finding program
• Aide in development efforts by testing the proposed solutions for confirmed vulnerabilities within the ServiceNow platform

Preferred Qualifications

• Possess ServiceNow's "Certified System Administrator" certification
• Possess Offensive Security OSWE and/or OSCP certification(s)

Benefits

• Flexible work environment
• Remote work options