Remote Sr Staff Product Security Engineer

Description:

• The Sr Staff Product Security Engineer position at ServiceNow involves working on a wide range of technologies.
• Responsibilities include integrating and aggregating data from different systems into consolidated dashboards.
• The role also entails working on architectural and technical challenges, participating in threat modeling activities, and mentoring development teams to adopt secure coding practices.
• The engineer will work on strategic and highly visible BSIMM activities across the organization and be an advocate for security.
• Additionally, they will create, measure, and refine metrics used to measure program success.

Requirements:

• 10+ years of overall product security experience is required for this role.
• Candidates must have 4+ years of experience in threat modeling and threat modeling tools.
• In-depth knowledge of common web application vulnerabilities (OWASP Top Ten) is necessary.
• Proficiency in at least one language - Python, Java, or JavaScript is required.
• Knowledge of static, dynamic, and component analysis security tools is essential.
• Familiarity with the Software Development Lifecycle (SDLC) is a requirement.
• Understanding of OWASP ASVS, SCVS, and related verification standards is mandatory.
• Knowledge of BSIMM, OWASP SAMM, or similar maturity models is necessary.
• The ability to communicate technical concepts to both non-technical business users and technical stakeholders is a must.
• A passion for security is a key requirement for this position.

Benefits:

• The opportunity to work with cutting-edge technologies and tackle architectural and technical challenges.
• Collaboration with development teams to enhance secure coding practices.
• Involvement in strategic and highly visible BSIMM activities across the organization.
• Advocacy for security and participation in a security champions program.
• The chance to create, measure, and refine metrics used to evaluate program success.