Remote Senior Staff Product Security Engineer (SSDL)

Posted

This job is closed

This job post is closed and the position is probably filled. Please do not apply.  Automatically closed by a robot after apply link was detected as broken.

Description:

  • The Senior Staff Product Security Engineer will collaborate with developers and software architects to build secure and resilient software.
  • This role involves threat modeling software products and services to identify potential risks and participating in architectural reviews of products in development.
  • A key responsibility is to ensure the success of a large and growing security champions program by mentoring security champions and assisting them in secure software design.
  • The engineer will work on a wide range of technologies and complex architectural and technical challenges.
  • Participation in threat modeling activities and mentoring development teams to adopt secure coding practices is expected.
  • The role includes working on strategic and highly visible security activities across the organization and advocating for security within the security champions program.

Requirements:

  • Candidates must have 10+ years of experience in software security (AppSec).
  • A minimum of 6+ years of experience in threat modeling software applications and services is required.
  • Expert-level knowledge in threat modeling methodologies such as STRIDE or PASTA and their application in fast-moving, iterative development lifecycles is essential.
  • Candidates should possess expert-level knowledge of common web application vulnerabilities, specifically the OWASP Top 10.
  • Developer-level proficiency in one or more programming languages, preferably Python, Java, JavaScript, or Golang, is necessary.
  • A working knowledge of Machine Learning and taxonomies such as BIML that categorize known attacks on machine learning models is required.
  • In-depth knowledge of software design patterns and their security considerations is essential.
  • Expertise in authentication and authorization standards including OAuth, OIDC, SAML, JWT, and PASETO is required.
  • Knowledge of symmetric and asymmetric cryptography, digital signatures, PKI, TLS, and cryptographic hash functions is necessary.
  • Familiarity with cloud-native technologies including containers, Kubernetes, and services provided by AWS, GCP, and Azure is required.
  • Knowledge of static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) security tools is essential.
  • Candidates should be knowledgeable about OWASP ASVS, SCVS, and related verification standards.
  • The ability to work collaboratively in a highly distributed team and communicate technical concepts to business stakeholders is necessary.
  • A passion for security is a must.

Benefits:

  • ServiceNow offers a flexible work environment, allowing employees to work remotely or in a flexible capacity.
  • The company is committed to creating an inclusive environment where all voices are heard, valued, and respected.
  • Employees are encouraged to apply even if they do not meet all qualifications, promoting a diverse range of candidates.
  • ServiceNow is recognized as one of FORTUNE 100 Best Companies to Work For® and World's Most Admired Companies™, highlighting its commitment to employee satisfaction and company culture.
About the job
Posted on
Job type
Full-time
Salary
-
Location requirements
United States - Remote Americas - Remote North America - Remote
Position
Cybersecurity Engineer
Experience level
Lead
Technology stack
JavaScript AWS Azure GCP Software as a Service Kubernetes JWT Machine Learning OAuth HTML Python Java Go
S
ServiceNow's company logo
ServiceNow
View company profile Visit servicenow.com
Leave a feedback