Staff Public Cloud Security Enginee...

Join ServiceNow's Security Engineering Organization, reporting to the Senior Manager of Cloud Security Engineering. We build state-of-the-art technology to mitigate risks to sensitive company assets with minimal operational impact. We guide and facilitate security operations teams, shifting security's perception from a blocker to an enabler by fostering trust.

The ServiceNow Security Organization is responsible for cybersecurity and IT compliance. We protect our network, data, and customer data, ensuring compliance with the highest industry standards and meeting customer cybersecurity requirements to facilitate business growth. We deliver world-class security solutions to reduce risk and protect the company and our customers, enabling them to migrate sensitive data and workloads to the cloud, positioning us as a trusted SaaS provider and creating a proud work environment.

What you will do:

• Build and operationalize cloud security tools.
• Identify security improvements through assessment, trend evaluation, and proof-of-concept experimentation.
• Create and present functional and technical designs, including data analysis, to business teams, and gather feedback to influence solutions.
• Lead and influence multi-disciplinary teams (Vulnerability Management, Incident Response, Application Security, Security Architecture) in implementing and operating cybersecurity controls.
• Participate in security incidents, assisting with containment and eradication efforts.
• Evaluate and act upon audit findings.
• Serve as an expert for cloud (AWS, Azure, GCP) and security tools.
• Act as a guide and facilitator for security operations.
• Build strong relationships with stakeholders and collaborate effectively in a team environment.
• Shape the organization's security policies and standards for cloud environments.
• Translate security and technical requirements into business requirements and communicate security risks to various stakeholders.
• Ensure timely project delivery aligned with established roadmaps, working closely with business teams.
• Collaborate with product management and engineering on roadmaps and product feedback.
• Mentor and train peers on cloud and AI trends.
• Evaluate, integrate, and manage AI-based tools to enhance detection, response, and automation in cloud environments.
• Research and prototype AI/ML applications in security, such as anomaly detection, behavioral analytics, and predictive threat modeling.
• Create and maintain detailed documentation, runbooks, and knowledge articles for cloud security practices.

Qualifications:

• Experience leveraging or critically thinking about AI integration in work processes, decision-making, or problem-solving.
• A Computer Science/Engineering degree with 8+ years of proven, related experience.
• Experience with Python, Bash/Shell Scripting, and/or JavaScript/TypeScript.
• Terraform experience is preferred.
• Experience with infrastructure templating tools like AWS CloudFormation and equivalents.
• Experience with containerization on Cloud, AKS, or EKS (Dedicated/Managed/Serverless Kubernetes).
• Experience implementing cloud-native security tools like AWS GuardDuty or Azure Security Center.
• Experience implementing Cloud Security Posture Management toolsets.
• Practical knowledge of AWS or Azure foundational services (compute, network, storage, content delivery, administration, security, deployment, management, automation).
• Adept understanding and experience with systems automation platforms and technologies.
• Experience executing security architectures for cloud/hybrid systems.
• Ability to automate security controls, data, and processes for improved metrics and operational support.
• Proficiency in using cloud-based APIs for network/system level security tools.
• Ability to identify and implement new security technologies and best practices in cloud offerings.
• Strong working knowledge of system internals and networking.
• Strong familiarity with Linux, Windows operating systems, and cloud provider ecosystems (AWS/Azure/GCP).
• Ability to integrate Infrastructure pipelines with secure configuration parameters.
• Familiarity with common security vulnerabilities and their business impact.
• Keen analytical mind for problem-solving, abstract thought, and offensive security tactics.
• Proven experience as an effective team player.
• Driven by automation and continuous improvement.
• Ability to articulate complex issues to executives and customers.