Sr Product Security Engineer, SSDL

ServiceNow is seeking a Senior Product Security Engineer to join the Secure Software Development Lifecycle (SSDL) team. The role involves working with developers to build secure and resilient software, participating in threat modeling, and mentoring security champions. This position focuses on improving security metrics, managing security programs, and advocating for security.

Requirements

• Experience in leveraging or critically thinking about how to integrate AI into work processes.
• 4+ years of experience in software security (AppSec).
• 1+ years of experience in threat modeling software applications and services.
• Proficient in threat modeling methodologies such as STRIDE or PASTA.
• In-depth knowledge of common web application vulnerabilities (OWASP Top 10).
• Developer-level proficiency in one or more languages - Python, Java, JavaScript, and Golang.
• Knowledge in authentication and authorization standards including OAuth, OIDC, SAML, JWT, and PASETO.
• Knowledge of symmetric and asymmetric cryptography, digital signatures, PKI, TLS, and cryptographic hash functions.
• Knowledge of cloud native technologies including containers, Kubernetes, and AWS, GCP, and Azure.
• Knowledge of static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) security tools.
• Knowledge of OWASP ASVS, SCVS, and related verification standards.
• Ability to work collaboratively in a highly distributed team.
• Ability to communicate technical concepts to business stakeholders.
• Passion for security

Benefits

• Competitive salary
• Equity
• Health insurance