Back to jobs
Job Description
Full-time
Key Responsibilities
- Defensive Operations (SecOps): Design and automate the Security Incident Response (SIR) and Vulnerability Response (VR) lifecycles. Build playbooks in Flow Designer to automate threat containment and remediation.
- Offensive Operations: Develop custom scoped applications to track penetration testing results, manage red-team engagement lifecycles, and automate the ingestion of reconnaissance data.
- Compliance & GRC: Configure and customize Integrated Risk Management (IRM) modules to map technical controls to frameworks like SOC2, ISO 27001, HIPAA, and FedRAMP.
- Integrations & Orchestration: Build robust, secure integrations (REST/SOAP, IntegrationHub, MID Servers) with our XDR, SIEM (Splunk/Sentinel), and cloud-native services (AWS/Azure/GCP).
- Multi-Tenancy & MSSP Architecture: Architect a scalable, multi-tenant environment that ensures strict data isolation between clients while allowing for unified "ClickOps" and Terraform-driven automation.
- AI & Innovation: Explore and implement Now Assist (GenAI) and AI-heavy workflows to automate security reporting and incident summarization.
Required Technical Skills
- ServiceNow Core: 5+ years of hands-on development (JavaScript, Glide API, Script Includes, Business Rules, UI Actions, and ACLs).
- Security Modules: Expert knowledge of ServiceNow SecOps (SIR, VR, Threat Intel) and GRC/IRM.
- Architecture: Deep understanding of the Common Service Data Model (CSDM) and CMDB health in a cybersecurity context.
- Automation: Advanced proficiency in Flow Designer, IntegrationHub, and Orchestration.
- Security Fundamentals: Familiarity with the MITRE ATT&CK framework, CVSS scoring, and common attack vectors.
Preferred Qualifications
- Certifications: * ServiceNow Certified Application Developer (CAD).
- Certified Implementation Specialist (CIS) in Security Operations or Risk & Compliance.
- Security-centric certs like CISSP or CISA are a massive plus.
- Environment: Experience in Linux-heavy, open-source environments and building cloud-agnostic platforms.
- DevOps: Experience with OpenTofu/Terraform for infrastructure-as-code orchestration.