Senior Information Security Analyst

Summary

Join ServiceNow's Security Organization (SSO) and contribute to delivering world-class security solutions. This role involves supporting the US Federal compliance program, monitoring security tools and systems, and assisting with the deployment and integration of new security solutions. You will utilize engineering, security, and privacy skills to monitor controls, issues, and risk posture, and determine relationships between events through deductive reasoning. Responsibilities include performing gap analyses, assisting in documentation development, participating in third-party audits, and staying current with FedRAMP and DoD requirements. The position requires a background check and is open only to US citizens, naturalized citizens, or permanent residents.

Requirements

• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI’s potential impact on the function or industry
• 5+ years of experience with RMF, FedRAMP, NIST 800-53, and DISA SRG
• Background working with data logging applications (e.g., Splunk)
• Knowledge of vulnerability scanning tools (e.g., Prisma, Trivy, & Tenable)
• A defensive security mindset
• Experience documenting processes and standard operating procedures
• Strong organizational skills, attention to detail, and ability to multitask
• Ability to understand the intent of cloud assurance requirements to provide effective and meaningful analysis
• Experience successfully working with cross-functional teams to identify requirements, draft control narratives, identify limitations, and engineer new solutions for cloud security controls challenges
• Be able to work effectively with other members of our organization to drive results, including remote teams
• Excellent verbal and written communication skills

Responsibilities

• Work with a team of exceptional assurance engineers supporting our US Federal compliance program
• Monitor the security tools and systems that defend ServiceNow's production and corporate environment
• You may be called upon to assist with the deployment, integration and initial configuration of new security solutions or enhancements to existing security solutions, including network, and systems to improve overall platform security
• Utilize a combination of engineering, security, and privacy skills to monitor ServiceNow’s controls, issues, and risk posture
• Determine relationships between seemingly unrelated events through deductive reasoning
• Come up with ways to do things faster, better, and more effectively
• Respond to prospect and customer questions related to security compliance
• Perform activities to help measure and monitor compliance with FedRAMP and DISA SRG IL4/5 requirements, as well as ServiceNow internal policies and procedures
• Successfully managed projects and cyber risk and remediation activities across various teams within the organization and for existing/new system infrastructures and architectures
• Performs gap analyses on current state cloud environments with future compliance regulations
• Assists in the development of ServiceNow security documentation
• Participates in third-party audits for our US Federal environments, including coordinating subject matter expert interviews, gathering audit evidence, and facilitating audit sessions
• Stays current with the latest FedRAMP and DoD IL4/IL5 requirements
• Assists in the analysis and definition of security requirements
• Facilitates audit preparation activities for US Federal Significant Change Requests
• Identifies strategies to streamline external audit activities
• Perform significant change request analyses and communicate technical details of changes to the government

Preferred Qualifications

• Automation knowledge (Python, bash scripting) and experience hardening Linux, Windows, or Mac systems is a plus
• Prior experience working in a Security and Compliance group at a SaaS/Cloud company or with security, governance, risk, and compliance preferred
• GSEC, GCIH, CEH, GCIA, or CISSP certifications are a plus