Company Description
It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.
Job Description

WHAT YOU GET TO DO IN THIS ROLE:

• Work with a team of exceptional assurance engineers supporting our US Federal compliance program.
• Monitor the security tools and systems that defend ServiceNow’s production and corporate environment.
• You may be called upon to assist with the deployment, integration and initial configuration of new security solutions or enhancements to existing security solutions, including network, and systems to improve overall platform security.
• Utilize a combination of engineering, security, and privacy skills to monitor ServiceNow’s controls, issues, and risk posture.
• Determine relationships between seemingly unrelated events through deductive reasoning.
• Come up with ways to do things faster, better, and more effectively.
• Respond to prospect and customer questions related to security compliance.
• Perform activities to help measure and monitor compliance with FedRAMP and DISA SRG IL4/5 requirements, as well as ServiceNow internal policies and procedures.
• Successfully managed projects and cyber risk and remediation activities across various teams within the organization and for existing/new system infrastructures and architectures.

RESPONSIBILITIES:

• Performs gap analyses on current state cloud environments with future compliance regulations.
• Assists in the development of ServiceNow security documentation.
• Participates in third-party audits for our US Federal environments, including coordinating subject matter expert interviews, gathering audit evidence, and facilitating audit sessions.
• Stays current with the latest FedRAMP and DoD IL4/IL5 requirements.
• Assists in the analysis and definition of security requirements.
• Facilitates audit preparation activities for US Federal Significant Change Requests.
• Identifies strategies to streamline external audit activities.
• Perform significant change request analyses and communicate technical details of changes to the government.
  Qualifications

To be successful in this role:

• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI’s potential impact on the function or industry.
• 5+ years of experience with RMF, FedRAMP, NIST 800-53, and DISA SRG.
• Automation knowledge (Python, bash scripting) and experience hardening Linux, Windows, or Mac systems is a plus.
• Background working with data logging applications (e.g., Splunk)
• Knowledge of vulnerability scanning tools (e.g., Prisma, Trivy, & Tenable)
• A defensive security mindset.
• Experience documenting processes and standard operating procedures.
• Strong organizational skills, attention to detail, and ability to multitask.
• Ability to understand the intent of cloud assurance requirements to provide effective and meaningful analysis.
• Experience successfully working with cross-functional teams to identify requirements, draft control narratives, identify limitations, and engineer new solutions for cloud security controls challenges.
• Be able to work effectively with other members of our organization to drive results, including remote teams.
• Excellent verbal and written communication skills.
• Prior experience working in a Security and Compliance group at a SaaS/Cloud company or with security, governance, risk, and compliance preferred.
• GSEC, GCIH, CEH, GCIA, or CISSP certifications are a plus.