Staff Product Security Engineer

ServiceNow Logo

ServiceNow

πŸ“Remote - Israel

Summary

Join ServiceNow's Product Security team as a Staff Product Security Engineer and collaborate with developers and architects on secure software solutions. You will be responsible for threat modeling, participating in architectural reviews, and mentoring security champions. This role involves working on a wide range of technologies and complex challenges, advocating for security, and contributing to a highly visible security champions program. The ideal candidate possesses extensive experience in software security, threat modeling, and secure coding practices. A deep understanding of web application vulnerabilities and various security standards is essential. This position offers the opportunity to work on strategic security initiatives and make a significant impact on the organization.

Requirements

  • 6+ years of experience in software security (AppSec)
  • 3+ years of experience in threat modelling software applications and services
  • Proficient in threat modelling methodologies such as STRIDE or PASTA and their applied use in fast-moving, iterative development lifecycles
  • In-depth knowledge of common web application vulnerabilities (OWASP Top 10)
  • Developer-level proficiency in one or more languages - Python, Java, JavaScript, and Golang preferred
  • Working knowledge of Machine Learning and taxonomies such as BIML that categorise known attacks on machine learning models
  • In-depth knowledge of software design patterns and their security considerations
  • In-depth knowledge of authentication and authorisation standards, including OAuth, OIDC, SAML, JWT, and PASETO
  • Knowledge of symmetric and asymmetric cryptography, digital signatures, PKI, TLS, and cryptographic hash functions

Responsibilities

  • Work on a wide range of technologies
  • Work on complex architectural and technical challenges
  • Participate in threat modelling activities
  • Mentor and collaborate with development teams to adopt secure coding practices
  • Work on strategic and highly visible security activities across the organisation
  • Be an advocate for security and participate in a security champions program

Remote

Cybersecurity

Mid-level

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.

Similar Remote Jobs