Senior Staff Product Security Engineer

Summary

Join ServiceNow's Security Research team as a Sr Staff Product Security Engineer and ensure ServiceNow clients have the means to secure their instances. You will be responsible for security auditing of the ServiceNow product stack, researching nuances of securing SaaS platforms, and working with product engineering teams. This role requires in-depth knowledge of application auditing, including secure code review, debugging, dynamic web application analysis, and threat modeling. You will also participate in instance hardening management activities, create security recommendations, and maintain strategic relationships. The ideal candidate possesses 12+ years of product security experience, 5+ years in software security auditing, and 3+ years in threat modeling. A background in software security auditing, computer security, and statistical methods is essential. Developer-level proficiency in Python, Java, and JavaScript is required.

Requirements

• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI's potential impact on the function or industry
• 12+ years of overall product security experience is required
• A passion for security and problem solving
• Background in software security auditing, computer security and the statistical methods
• 3+ years of experience with ServiceNow Platform internals
• 5+ years of experience performing software security auditing including code review, thick app analysis, and black-box web application testing
• 3+ years of experience performing threat modeling for software products
• Familiarity with NIST 800-53 and similar controls frameworks
• Developer level proficiency in Python, Java, and JavaScript, including modern client-side JavaScript frameworks
• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI's potential
• Degree in computer science / engineering, informatics, mathematics/statistics, or equivalent work experience

Responsibilities

• Work with diverse business and technology owners
• Participate in instance hardening management activities, including reviewing new product settings to build security recommendations and documenting these settings in order to ensure ServiceNow instance owners can ensure highest level of security of their instances
• Maintain the set of hardening settings to ensure their relevance and accuracy
• Perform security audits to discover, communicate, and recommend remediation activities for vulnerabilities
• Work with engineering teams on platform roadmap planning
• Create and maintain strategic relationships

Preferred Qualifications

• Experience writing static code analysis rules a plus
• Experience with Python data science and machine learning frameworks a plus
• Network and system security engineering skills a plus
• Offensive Security OSWE and/or OSCP certification(s) a plus