Remote Senior Staff Product Security Engineer (SSDL)

Description:

• As a Senior Staff Product Security Engineer on the ServiceNow SSDL team, you will collaborate with developers and software architects on highly technical solutions to build secure and resilient software.
• You will be involved in threat modeling software products and services to identify potential risks and participate in architectural reviews of products in development.
• A key responsibility is to ensure the success of a large and growing security champions program, mentoring security champions and assisting them in secure software design.
• You will work on a wide range of technologies and complex architectural and technical challenges.
• Your role will include participating in threat modeling activities and mentoring development teams to adopt secure coding practices.
• You will engage in strategic and highly visible security activities across the organization and advocate for security within the security champions program.

Requirements:

• You must have 10+ years of experience in software security (AppSec).
• A minimum of 6+ years of experience in threat modeling software applications and services is required.
• You should possess expert-level knowledge in threat modeling methodologies such as STRIDE or PASTA and their application in fast-moving, iterative development lifecycles.
• You need to have expert-level knowledge of common web application vulnerabilities, specifically the OWASP Top 10.
• Developer-level proficiency in one or more programming languages, preferably Python, Java, JavaScript, or Golang, is necessary.
• A working knowledge of Machine Learning and taxonomies such as BIML that categorize known attacks on machine learning models is required.
• In-depth knowledge of software design patterns and their security considerations is essential.
• You should have expertise in authentication and authorization standards including OAuth, OIDC, SAML, JWT, and PASETO.
• Knowledge of symmetric and asymmetric cryptography, digital signatures, PKI, TLS, and cryptographic hash functions is required.
• Familiarity with cloud-native technologies including containers, Kubernetes, and services provided by AWS, GCP, and Azure is necessary.
• You should have knowledge of static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) security tools.
• Knowledge of OWASP ASVS, SCVS, and related verification standards is also required.
• The ability to work collaboratively in a highly distributed team and communicate technical concepts to business stakeholders is essential.
• A passion for security is a must.

Benefits:

• ServiceNow offers a flexible work environment, allowing employees to work remotely or in a flexible capacity.
• The company is committed to creating an inclusive environment where all voices are heard, valued, and respected.
• Employees are encouraged to apply even if they do not meet all qualifications, promoting a diverse range of candidates.
• ServiceNow is recognized as one of FORTUNE 100 Best Companies to Work For® and World's Most Admired Companies™, reflecting a positive workplace culture.
• The organization supports employees in achieving their individual and collective dreams, fostering a collaborative and innovative atmosphere.