Senior Application Security Engineer

About the position

The ServiceNow Security Organization delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact. This critical position values integrity, quality, expertise, precision, communication, and efficiency and is looking for security professionals with developing to established security backgrounds and excellent communications. As a Senior Application Security Engineer on the Global Security Support Center Application Security team, you will be responsible for investigating reported application security vulnerabilities. In this role you will work with customers, external security researchers, and developers to understand & document reported vulnerabilities. Success in this role requires web application security knowledge, analytical debugging skills, strong communication skills, and strong programming language proficiency.

Responsibilities

• Investigate ServiceNow's products to discover, communicate, and recommend remediation activities for software vulnerabilities.
• Help customers improve the security posture of their environments, prepare to pentest their environment, and deal with respective regulatory requirements.
• Review, test, and confirm security findings reported by customers and ensure they fully understand the finding outcomes.
• Report problems based on confirmed security findings.
• Contribute to architecting roadmaps for ServiceNow's Customer Penetration Testing & Security Finding program.
• Aide in development efforts by testing the proposed solutions for confirmed vulnerabilities within the ServiceNow platform.

Requirements

• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving.
• 4+ years of working in Cyber Security or adjacent role(s).
• 3+ years of ServiceNow experience; ServiceNow's 'Certified System Administrator' certification preferred.
• In-depth knowledge of common web application vulnerabilities (OWASP Top Ten).
• Developer level proficiency in at least one language - Python, Java, or JavaScript preferred.
• A bachelor's degree in computer Science or equivalent project/work experience.
• A strong understanding of web (or mobile) application security assessment techniques.
• Excellent communication skills and can articulate complex issues to peers, executives, and customers.
• Strong interpersonal skills.
• The ability to perform and excel with little supervision; self-motivated and driven.
• Excellent collaboration skills; the ability to foster and feed off coworkers.
• Win As a Team attitude; are a great team player.
• A passion for security.

Nice-to-haves

• Offensive Security OSWE and/or OSCP certification(s) a plus.