Senior Product Security Engineer | Testing Team

at  Servicenow

Company Description
It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.
Job Description

WHAT YOU GET TO DO IN THIS ROLE:

• Conduct security assessments: perform thorough security assessments, including security testing, for ServiceNow products.
• Collaborate with development teams: work closely with product development teams to integrate security best practices into the development process.
• Manage vulnerabilities: Identify, document, and prioritize vulnerabilities, working with engineering teams to remediate issues effectively.
• Help and manage shift-left initiatives.
• Advocate security awareness and teach secure behavior and methods.
• Implement best-practice security procedures, standards and guidelines in the application space.
  Qualifications

IN ORDER TO BE SUCCESSFUL IN THIS ROLE, WE NEED SOMEONE WHO HAS:

• MUST HAVE 5+ years prior experience securing enterprise products.
• MUST HAVE 3+ years of experience in web application security including secure code reviews and security verification standards.
• MUST HAVE Proficiency in Java and JavaScript.
• Experience with scripting in Python or other relevant programming languages to automate security processes and analyze data.
• In-depth knowledge of common web application vulnerabilities (OWASP Top Ten).
• Strong understanding of web and mobile application security assessment techniques.
• Proficiency in using
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Or any tools to identify and remediate vulnerabilities.
• Familiarity with Software Composition Analysis (SCA) tools to manage open-source components and ensure compliance with licensing and security standards.
• Knowledge of the Security Development Lifecycle (SDLC).
• Exposure to threat modeling and threat modeling tools.
• Exceptional problem-solving skills with the ability to analyze complex security issues and recommend effective solutions.
• Proven ability to work collaboratively across teams, fostering strong relationships with engineering, product management, and other stakeholders.
• Ability to deliver technical reports and communicate technical concepts to both non-technical business users as well as technical stakeholders.
• Relevant certifications such as the Offensive Security Certified Professional (OSCP), Offensive Security Web Expert Certification (OSWE), or Certified Ethical Hacker (CEH) are a plus.
• A passion for security.