This job post is closed and the position is probably filled. Please do not apply.
🤖 Automatically closed by a robot after apply link
was detected as broken.
Description:
The Senior Staff Product Security Engineer will collaborate with developers and software architects to build secure and resilient software.
This role involves threat modeling software products and services to identify potential risks and participating in architectural reviews of products in development.
A key responsibility is to ensure the success of a large and growing security champions program by mentoring security champions and assisting them in secure software design.
The engineer will work on a wide range of technologies and complex architectural and technical challenges.
Participation in threat modeling activities and mentoring development teams to adopt secure coding practices is expected.
The role includes working on strategic and highly visible security activities across the organization and advocating for security within the security champions program.
Requirements:
Candidates must have 10+ years of experience in software security (AppSec).
A minimum of 6+ years of experience in threat modeling software applications and services is required.
Expert-level knowledge in threat modeling methodologies such as STRIDE or PASTA is essential, along with their application in fast-moving, iterative development lifecycles.
Candidates should possess expert-level knowledge of common web application vulnerabilities, specifically the OWASP Top 10.
Developer-level proficiency in one or more programming languages, preferably Python, Java, JavaScript, or Golang, is necessary.
A working knowledge of Machine Learning and taxonomies like BIML that categorize known attacks on machine learning models is required.
In-depth knowledge of software design patterns and their security considerations is essential.
Expertise in authentication and authorization standards including OAuth, OIDC, SAML, JWT, and PASETO is needed.
Knowledge of symmetric and asymmetric cryptography, digital signatures, PKI, TLS, and cryptographic hash functions is required.
Familiarity with cloud-native technologies including containers, Kubernetes, and services provided by AWS, GCP, and Azure is necessary.
Knowledge of static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) security tools is required.
Candidates should be knowledgeable about OWASP ASVS, SCVS, and related verification standards.
The ability to work collaboratively in a highly distributed team and communicate technical concepts to business stakeholders is essential.
A passion for security is a must.
Benefits:
ServiceNow offers a flexible work environment, allowing employees to work remotely or in a flexible capacity.
The company is committed to creating an inclusive environment where all voices are heard, valued, and respected.
Employees are encouraged to apply even if they do not meet all qualifications, promoting a diverse range of candidates.
ServiceNow is recognized as one of the FORTUNE 100 Best Companies to Work For® and World's Most Admired Companies™, reflecting a positive workplace culture.
The company provides opportunities for professional growth and development within a supportive team environment.