Staff Product Security Engineer | Secure Configuration

About The Position

Requirements

• 8+ Years of experience in product security with deep knowledge of security best practices.
• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving.
• Strong verbal communication skills with an emphasis on application remediation processes.
• Ability to translate technical findings into actionable guidance.
• Collaborative mindset to work with product and customer-facing teams.
• Developer level proficiency in at least one language - Python, Java, or JavaScript preferred.
• In-depth knowledge of common web application vulnerabilities (OWASP Top Ten) and knowledge of common application security control evaluation frameworks (OWASP ASVS) recommended.
• Knowledge of common compliance frameworks (e.g. FedRAMP, NIST 800-53, ISO 27001) preferred.
• BS/MS in Computer Science, Engineering, or a related discipline.

Nice To Haves

• Familiarity with ServiceNow architecture is a plus.

Responsibilities

• Participate in instance hardening management activities, including reviewing new product settings to build security recommendations and documenting these settings to ensure ServiceNow instance owners can ensure highest level of security of their instances.
• Maintain the set of hardening settings to ensure their relevance and accuracy.
• Perform security audits to discover, communicate, and recommend remediation activities for vulnerabilities.
• Contribute to the deprecation of security-impactful feature flags and support customer migration efforts to maintain a secure posture.
• Partner with Product Management to improve workflows that enable customers to adopt secure configurations more easily.

Benefits

• Health plans, including flexible spending accounts.
• 401(k) Plan with company match.
• Employee Stock Purchase Plan (ESPP).
• Matching donations.
• Flexible time away plan.
• Family leave programs.