Sr Product Security Engineer, SSDL

Join ServiceNow's SSDL team as a Senior Product Security Engineer to help build secure and resilient software. Collaborate with developers and architects on technical solutions, threat model software products, and mentor security champions.

Requirements

• 4+ years of experience in software security (AppSec)
• 1+ years of experience in threat modeling software applications and services
• Proficient in threat modeling methodologies such as STRIDE or PASTA
• Developer-level proficiency in one or more languages (Python, Java, JavaScript, and Golang)
• Knowledge in authentication and authorization standards including OAuth, OIDC, SAML, JWT, and PASETO
• Knowledge of symmetric and asymmetric cryptography, digital signatures, PKI, TLS, and cryptographic hash functions
• Knowledge of cloud native technologies including containers, Kubernetes, and services provided by AWS, GCP, and Azure
• Knowledge of static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) security tools
• Knowledge of OWASP ASVS, SCVS, and related verification standards
• Ability to work collaboratively in a highly distributed team
• Ability to communicate technical concepts to business stakeholders
• A passion for security

Benefits

• Work on a wide range of technologies
• Work on complex architectural and technical challenges
• Participate in threat modeling activities
• Mentor and collaborate with development teams to adopt secure coding practices
• Work on strategic and highly visible security activities across the organization
• Be an advocate for security and participate in a security champions program