Cybersecurity Incident Response Analyst
About The Position
The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact. This role is an opportunity to serve on the frontline of security operations, supporting both ServiceNow’s commercial customers and its federal environment. As a rapidly growing organization, ServiceNow offers strong opportunities for career growth while developing expertise across our commercial and federal environments and the ServiceNow platform itself. As an Information Security Analyst, you will be a key member of the team monitoring tools and systems that defend ServiceNow’s production and corporate environments, defining relationships between seemingly unrelated events through deductive reasoning, and continuously finding ways to do things faster, better, and more effectively — while maintaining a laser focus on quality. You will work on a geographically diverse team to respond to threats that may arise against our infrastructure and track cases to closure, working across functional teams.
Requirements
- Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving.
- 2+ years of related experience or equivalent combination of education and experience.
- Deep understanding of Security Operations Center and Security Incident Response Team protocols and procedures, including incident triage and escalation workflows.
- A solid foundation in networking fundamentals, with a deep understanding of TCP/IP and other core protocols.
- Experience with SIEM platforms (e.g., Splunk,) for log analysis and detection tuning.
- Familiarity with EDR tools for endpoint detection and response.
- Exposure to SOAR platforms for workflow automation and incident orchestration.
- Knowledge of cloud security concepts and experience working in cloud environments (AWS, Azure, or GCP).
- The ability to analyze event and system logs, perform forensic analysis, analyze malware, and process other incident response-related data as needed.
- Familiarity with intrusion detection systems.
- Understanding of Windows and Linux operating systems and command-line tools.
- Familiarity with scripting in any language.
- US citizen, US naturalized citizen or US Permanent Resident, holding a green card.
Nice To Haves
- Any cybersecurity or network related certifications (ex: CCNA, CompTIA, GSEC, GCIH, CEH certifications).
- ServiceNow platform knowledge is a plus.
Responsibilities
- Monitor tools and systems that defend ServiceNow’s production and corporate environments.
- Define relationships between seemingly unrelated events through deductive reasoning.
- Continuously find ways to do things faster, better, and more effectively while maintaining a laser focus on quality.
- Respond to threats that may arise against our infrastructure.
- Track cases to closure, working across functional teams.
- Participate in an on-call rotation including weekends to ensure that Security Operations can respond to priority incidents in a timely manner.
- Work weekend rotational shifts and hours outside of standard business hours if necessary.
Benefits
- Health plans
- Flexible spending accounts
- 401(k) Plan with company match
- ESPP
- Matching donations
- Flexible time away plan
- Family leave programs
- Full relocation costs are provided by ServiceNow
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
