Lead Software Engineer - ServiceNow (Cybersecurity)

About The Position

Requirements

• Associate’s degree and a minimum of 7 years’ systems analysis and/or application development work experience or Bachelor's degree and a minimum of 5 years' systems analysis and/or application development work experience. In lieu of a degree, a combined minimum of 9 years’ education and/or relevant work experience, including a minimum of 5 years’ systems analysis and/or application development work experience
• Expert proficiency in at least one programming language and professional proficiency in at least one additional programming language, with hands-on experience in ServiceNow platform development (server-side and client-side scripting)
• Extensive experience developing and implementing ServiceNow SecOps solutions, including Security Incident Response (SIR), Vulnerability Response / Unified Security Exposure Management (USEM), and Service Catalog
• Proven experience designing and delivering complex security workflows, including incident triage, investigation, escalation, containment, remediation, and closure processes
• Strong understanding of cybersecurity concepts, including incident response lifecycle, vulnerability management, threat detection, and risk-based prioritization of issues
• Experience integrating ServiceNow with security tools (e.g., SIEM, vulnerability scanners, SOAR platforms) to support automated ingestion, enrichment, and response workflows
• Experience designing and implementing workflow-based solutions with approvals, SLAs, escalation paths, task orchestration, and lifecycle management
• Strong understanding of ServiceNow platform architecture, data model, and best practices for secure and scalable implementations
• Experience leading development efforts and guiding implementation of reusable, automated, and scalable security process solutions
• Experience with source control, CI/CD pipelines, and deployment processes aligned to SDLC and security/compliance requirements
• Strong ability to translate cybersecurity and business requirements into secure, scalable, and maintainable technical solutions
• Advanced troubleshooting and debugging skills within ServiceNow SecOps or similar security and workflow platforms

Nice To Haves

• Experience leading design and development of ServiceNow SecOps solutions, including Security Incident Response (SIR), Major Security Incident Management (MSIM), and Service Catalog capabilities.
• Preferred experience leading design and development of Vulnerability Response / Unified Security Exposure Management (USEM) capabilities.
• Expert analytical and problem-solving skills specific to cybersecurity, incident response, and vulnerability management
• Proven experience leading technical initiatives and delivering complex security workflow solutions across multiple teams
• Experience mentoring and coaching engineers on ServiceNow SecOps development, security workflows, and platform best practices
• Experience designing enterprise-scale security workflow architectures, including major incident management (MSIM), incident escalation, and coordinated response processes
• Strong experience partnering with cybersecurity, risk, infrastructure, and application teams to implement integrated security solutions
• Experience implementing automated response and orchestration patterns (e.g., SOAR integrations, automated remediation workflows)
• Familiarity with security frameworks, regulatory requirements, and audit practices (e.g., incident tracking, evidence collection, traceability)
• Experience working with vulnerability management programs, including prioritization, SLA tracking, and remediation lifecycle management
• Strong organizational, time management, and advanced communication skills, including ability to present to both technical and non-technical stakeholders
• Experience driving adoption of standards, automation, and secure engineering practices across teams
• ServiceNow Certified System Administrator (CSA)
• ServiceNow Certified Application Developer (CAD)
• ServiceNow Certified Implementation Specialist – Security Incident Response (CIS-SIR)
• ServiceNow Certified Implementation Specialist – Vulnerability Response (CIS-VR) or equivalent (USEM-aligned)
• ServiceNow Certified Implementation Specialist – IT Service Management (CIS-ITSM)
• Security certifications such as CISSP, CISM, CEH, or Security+
• Automation / SOAR or cloud security-related certifications

Responsibilities

• Serve as technical lead and subject matter expert for ServiceNow SecOps, establishing and promoting best practices across cybersecurity operations workflows and platform implementations.
• Architect and implement end-to-end cybersecurity workflows, including incident intake, triage, investigation, containment, remediation, and closure processes.
• Design and maintain SIR workflows to support detection, enrichment, correlation, and response for security incidents.
• Lead implementation and optimization of USEM / Vulnerability Response processes, including vulnerability ingestion, prioritization, assignment, remediation tracking, and reporting.
• Integrate ServiceNow SecOps modules with external cybersecurity tools (e.g., SIEM, scanners, threat intelligence platforms) to enable automated data ingestion and response.
• Define and enforce cybersecurity workflow standards, including data models, severity/priority frameworks, SLAs, documentation standards, and audit requirements.
• Provide hands-on mentorship and technical coaching to engineers on ServiceNow SecOps development, scripting, workflow design, and documentation practices.
• Lead code reviews, design sessions, and troubleshooting efforts to ensure high-quality, secure, and scalable implementations.
• Partner with cybersecurity, risk, and infrastructure teams to align platform capabilities with enterprise cybersecurity strategy and policies.
• Configure and manage assignment groups, escalation paths, and approval processes for cybersecurity incidents, vulnerabilities, and commensurate operations.
• Drive adoption of automated response and orchestration patterns to reduce manual effort and improve response times.
• Ensure solutions meet security, compliance, and regulatory requirements, including auditability, traceability, and data protection standards.
• Oversee workflow performance and operational metrics (e.g., mean time to detect/respond, SLA adherence, remediation timelines) and drive continuous improvement.
• Support development and enhancement of Service Catalog items for security services, enabling standardized intake and request fulfillment.
• Collaborate with product owners, architects, and stakeholders to translate security requirements into scalable, technical solutions within Agile delivery practices.
• Contribute to platform strategy and roadmap, including expansion of ServiceNow SecOps capabilities and reduction of fragmented tooling.
• Communicate technical designs, risks, and decisions clearly to technical and non-technical stakeholders, including leadership during major incidents.
• Promote a culture of security-first engineering, continuous improvement, knowledge sharing, and Agile execution across the team.
• Produce professional documentation, commensurate with work efforts, following SDLC best practices.

Benefits

• Competitive compensation
• Health, welfare, and retirement benefits
• 401(k) match at 5%
• Work-life balance and flexible work arrangements
• 25 days PTO plus 12 paid holidays
• 40 hours paid volunteer hours per year