SSDL Architect (Product Security)
This position reports to: Sr. Manager, Product Security
ServiceNow is changing the way people work. With a service-orientation toward the activities, tasks and processes that make up day-to-day work life, we help the modern enterprise operate faster and be more scalable than ever before.
We’re disruptive. We work hard but try not to take ourselves too seriously. We are highly adaptable and constantly evolving. We are passionate about our product, and we live for our customers. We have high expectations and a career at ServiceNow means challenging yourself to always be better.
What you get to do in this role:
As an SSDL architect, you will be a member of the Product Security Team helping to refine secure development lifecycle processes. You will work with release and product management teams to define new release security processes and sign-off activities. In this role you will be responsible for performing program SSDL gap analysis, routine product evaluations and overseeing improvement plans for (DAST, SAST and SCA) continuous monitoring solutions.
A key focus of this position is DevOps, API integrations and developing features for application lifecycle management software to ensure seamless release gates. Lastly, you’ll contribute content and training for ServiceNow’s security champion program, work with risk management / acceptance practices and provide executive facing reporting.
In order to be successful in this role, we need someone who has:
- An analytical mind for problem solving, abstract thought, and offensive security tactics.
- Strong interpersonal skills (written and oral communication)
- Experience working with the BSIMM framework
- Knowledge of common static analysis solutions such as Fortify, Checkmarx, Veracode, etc.
- Knowledge of common dynamic analysis tools such as IBM AppScan, HP Web Inspect, Acunetix and Burp
- Experience with Threat Modeling frameworks such as SDElements, IriusRisk and Microsoft Threat Modeling tool
- Ability to perform Threat Modeling and design analysis
- High level of reading comprehension for Java and JavaScript languages
- Strong knowledge of software architecture patterns
- Knowledge of build and dependency management software practices
- Experience with Bug Bounty and responsible disclosure programs
- Knowledge of CAPEC and attack trees
- Ability to articulate complex issues to executives and customers.
- 4+ years’ experience working in Product Security or as an Application Security Consulting
- Bachelor’s degree in Computer Science/Engineering or equivalent experience.
We provide competitive compensation, generous benefits and a professional atmosphere. This is a very collaborative and inclusive work environment where individuals strong on aptitude and attitude will have an opportunity to grow their professional careers through working with some of the most advanced technology and talented developers in the business.
ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, or veteran status. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at (408) 501-8550, or [email protected] for assistance.