ServiceNow SecOps Business Process / Technical Consultant

About The Position

Requirements

• Citizenship & Clearance: U.S. Citizenship is required. Must be able to obtain DHS program suitability and a TS/SCI clearance.
• Experience: 8+ years of software development, IT security, or IT systems engineering experience.
• ServiceNow SecOps Expertise: Minimum 4+ years of ServiceNow experience, with at least 2+ years specifically focused on SecOps applications (SIR, VR, CC, or TI).
• Technical Depth: Strong knowledge of ServiceNow administration, advanced configuration, and custom application development.
• Integration & Automation: Hands-on experience with Flow Designer, Orchestration, IntegrationHub, and MID Server. Proven experience integrating ServiceNow with SIEM, vulnerability scanners, and threat intelligence platforms.
• Web Technologies: Strong technical skills in web technologies (JavaScript, HTML, XML, Angular, CSS) and integration technologies (REST, SOAP, LDAP, SSO).
• Frameworks: Familiarity with federal cybersecurity frameworks (NIST 800-53, FedRAMP, CISA KEV, MITRE ATT&CK).
• Education: Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, Systems Engineering, or a related discipline, plus at least 8 years of directly relevant work experience.
• Substitution: An additional 10 years of directly relevant work experience (for a total of 18+ years) may be substituted in lieu of a degree.

Nice To Haves

• Experience supporting DHS, DoD, or Intelligence Community customers.
• Experience deploying future-state SecOps processes, including vulnerability management and threat intel workflows.
• Familiarity with Splunk use cases for security operations and event correlation.
• Experience with collaboration tools (MS Teams, Atlassian Jira/Confluence).
• Strong analytical, problem-solving, and consulting skills in complex security environments.
• Information Systems Security Engineering Professional (ISSEP) or Information System Security Architect Professional (ISSAP) certification.
• ServiceNow Certified System Administrator (CSA).
• ServiceNow Certified Application Developer.
• ServiceNow Certified Implementation Specialist - SecOps (SIR, VR, or CC).
• ITIL v4 Foundation certification (or willingness to complete within one year).
• DoD 8570.1-M Compliance at IAT Level I (e.g., CISSP) certification highly desired.

Responsibilities

• ServiceNow SecOps Implementation: Design, prototype, and implement core ServiceNow SecOps applications, including:
• Security Incident Response (SIR): Develop enrichment, correlation rules, and advanced automated playbooks.
• Vulnerability Response (VR): Configure scanner integrations (e.g., Tenable), design remediation workflows, and automate patch group assignments.
• Configuration Compliance (CC): Implement policy exception handling, remediation task automation, and compliance dashboards.
• Threat Intelligence (TI): Engineer ingestion of Indicators of Compromise (IOCs), sightings search, and enrichment workflows (e.g., VirusTotal, Hybrid Analysis).
• System Integration Engineering: Develop custom integrations with SIEM, scanner, and threat intelligence tools (e.g., Splunk, Tenable) utilizing IntegrationHub, REST/SOAP APIs, and the MID Server.
• Automation & Orchestration: Build and maintain advanced orchestration playbooks, Flow Designer workflows, Business Rules, and Script Includes to automate enrichment and response actions, supporting the customer's roadmap for improved SecOps efficiency.
• Process Consulting: Lead technical workshops with SOC, Incident Response (IR), and Vulnerability Response (VR) teams to capture mission needs, define business requirements, and translate them into sustainable technical solutions.
• Documentation & Governance: Document and maintain comprehensive policies, procedures, and technical designs adhering to Agile development practices and secure coding standards.
• Performance Monitoring: Create and maintain Performance Analytics dashboards and KPIs to provide real-time visibility into the organization's security posture.
• Sustainment & Mentorship: Support incident resolution and sustainment of the production ServiceNow SecOps environment, providing mentorship and knowledge transfer to client staff.