The Senior Product Security Engineer will be part of the Secure Software Development Lifecycle (SSDL) team at ServiceNow, which focuses on improving the maturity of the security program.
This role involves collaborating with developers and software architects to build secure and resilient software.
Responsibilities include threat modeling software products and services to identify potential risks and participating in architectural reviews of products in development.
A significant aspect of the position is to ensure the success of a growing security champions program by mentoring security champions and assisting them in secure software design.
The engineer will work on a wide range of technologies and complex architectural and technical challenges.
The role includes participating in threat modeling activities, mentoring development teams to adopt secure coding practices, and advocating for security within the organization.
Requirements:
Candidates must have experience in leveraging AI for work processes, decision-making, or problem-solving, including using AI-powered tools and automating workflows.
A minimum of 4 years of experience in software security (AppSec) is required.
At least 1 year of experience in threat modeling software applications and services is necessary.
Proficiency in threat modeling methodologies such as STRIDE or PASTA and their application in fast-moving, iterative development lifecycles is essential.
In-depth knowledge of common web application vulnerabilities, specifically the OWASP Top 10, is required.
Developer-level proficiency in one or more programming languages, preferably Python, Java, JavaScript, or Golang, is needed.
Knowledge of authentication and authorization standards, including OAuth, OIDC, SAML, JWT, and PASETO, is required.
Familiarity with symmetric and asymmetric cryptography, digital signatures, PKI, TLS, and cryptographic hash functions is necessary.
Knowledge of cloud-native technologies, including containers, Kubernetes, and services provided by AWS, GCP, and Azure, is essential.
Understanding of static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) security tools is required.
Knowledge of OWASP ASVS, SCVS, and related verification standards is necessary.
Candidates must demonstrate the ability to work collaboratively in a highly distributed team and communicate technical concepts to business stakeholders.
A passion for security is essential for this role.
Benefits:
ServiceNow offers a flexible work environment, allowing for remote, flexible, or in-office work personas based on the nature of the job.
The company is committed to creating an accessible and inclusive experience for all candidates, providing accommodations as needed during the application process.
ServiceNow is an equal opportunity employer, ensuring that all qualified applicants receive consideration for employment without discrimination.
Employment is contingent upon obtaining any necessary export control approvals for positions requiring access to controlled technology.
