Staff Product Security Engineer

Job Description

About Digital Technology & The SSO

We're not yesterday's IT department, we're Digital Technology. The world around us keeps changing and so do we. We're redefining what it means to be IT with a mindset centered on transformation, experience, AI-driven automation, innovation, and growth.

We're all about delivering delightful, secure customer and employee experiences that accelerate ServiceNow's journey to become the defining enterprise software company of the 21st century. And we love co-creating, using, and highlighting our own products to do it.

Ultimately, we strive to make the world work better for our employees and customers when you work in ServiceNow Digital Technology, you work for them.

The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact

What you get to do in this role

Perform and support security assessments against most modern product features.

Support code reviews across a mixed language codebase.

Participate and lead the security research initiative.

Manage security integration into the SDLC at ServiceNow.

Partner with developer team and architects to design, implement and improve application security solutions.

Share experience with authentication and authorization models, modern mobile security methodologies, applied cryptography, and secure-by-design development practices.

Advocate security awareness and teach secure behavior and methods.

Implement best-practice security procedures, standards, and guidelines in the application space.

Work on strategic and highly visible BSIMM activities across the organization.

Assist in compliance activities such as external audits from customers, regulatory compliance projects, and overall information security reviews.

Develop tools that make it easier to ship secure code and harder to ship insecure code.

Lead "shift-left" initiatives and scale AppSec efforts across the development organizations.