Sr Staff DevSecOps Security Engineer at ServiceNow
ServiceNow is making the world of work, work better for people. Our cloud-based platform and solutions deliver digital workflows that create great experiences and unlock productivity for employees and the enterprise. We're growing fast, innovating faster, and making an impact on our customers' and employees' lives in significant and important ways. With over 6,900 customers, we serve approximately 80% of the Fortune 500, and we're on the 2020 list of FORTUNE World's Most Admired Companies.®
We're looking for people who are ready to jump right in and help us build on our incredible momentum, our diverse, engaged workforce, and our purpose to make the world of work, work better.
Learn more on Life at Now blog and hear from our employees about their experiences working at ServiceNow.
What you get to do in this role:
As a DevSecOps engineer, you will lead areas of Vulnerability Scanning, PKI automation, Password Policy Management, Data monitoring, coordination of Remediation Patching, and other daily Security and Compliance efforts. Additionally, you will be responsible for building an automated security framework for robust deployment tools and processes, leveraging various scripting languages to reduce patching time, create workflows to enforce security policies.
Roles and responsibilities:
- Translate security requirements into business requirements and communicate security risks to relevant stakeholders ranging from business leaders to engineers
- Involve and engage with the key stakeholders - Endpoint teams, Systems and Cloud teams to drive patch compliance across ServiceNow Corp infrastructure.
- Engineer and design solutions in collaboration with the key stakeholders that need to be designed for exceptions, risk acceptance and/or reporting vulnerabilities.
- Engage and collaborate with app owners to bring in patching as a cadence, part of the tool chain and also identify gaps in preventing us to get to real-time patching.
- Design solutions for configuration compliance to govern patching
- Collaborate with application owners and other multi-disciplinary teams to deliver solutions, address security risks and concerns
- Provide subject matter expertise on security architecture, tools and systems engineering to other IT and business teams
- Implement security related projects for cloud, cloud/hybrid systems
- Responsible for automating security controls, data and processes to provide improved security metrics and operational support
- Design and implement tools to enable Security as a Code framework in order to automate security controls, data and processes to improve security posture of TechOps
- Stay current on emerging security technologies, vulnerabilities, risks and trends and implement best security practices and optimization
- Document all the security project implementations via technical documentation and run-books
- Implement cyber security controls and standards such as NIST, SOC2 relevant to TechOps infrastructure and services
- Drive CI/CD style infrastructure/security as a code solution for endpoint, system images including testing
- Collaborate with SSO teams and be the liaison for all security initiatives and audits
- Work and involve with TIGIR team for any incidents related to TechOps, collaborate with cross functional teams to address the incidents and bring them to closure.
To be successful in this role you have:
- Mim. 12 + years of industry experience including 8+ years in the security space
- Experience working with Developers, DevOps, and Engineering teams in a fast-paced environment to bring in DevSecOps culture throughout the organization.
- Extensive knowledge and patching experience with operating systems - Windows, Linux, Mac.
- In-depth understanding of the end-end workflow of Vulnerability management tooling, remediation, SLAs, exceptions, and ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and applications.
- In-depth experience with at least one public cloud technology - AWS, Azure, GCP, etc;
- Good experience in configuration management tools such as Ansible, puppet, Salt, etc;
- Good understanding of software programming, SDLC, code repository, version controls
- Profuse understanding and in-depth experience in monitoring tools and technologies
- Knowledge of cyber security standards and controls such as ISO, NIST, SOC2, etc;
- Attention to detail constantly monitors and audits the internal systems to ensure they are safe from external and internal threats.
- Excellent problem-solving skills and be able to articulate security-related risks and issues and collaborate with cross-functional teams to bring them to resolution
- View all technologies and design with a cyber security-first mindset
- Ability and passion to coach and mentor junior members of the team
- Bachelor's OR Master's degree in computer science or equivalent
ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status or any other category protected by law.
If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at +1 (408) 501-8550 , or [email protected] for assistance.
For positions requiring access to technical data subject to export control regulations, including Export Administration Regulations (EAR), ServiceNow may have to obtain export licensing approval from the U.S. Government for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by the U.S. Government.