Staff Product Security Engineer (SSDL) @ ServiceNow

ServiceNow ServiceNow allows employees to work the way they want to, not how software dictates they have to. And customers can get what they need, when they need it.Job Description Please note, this role requires a minimum of 2 days per week in the San Diego or Santa Clara ServiceNow Offices.The ServiceNow Security Organization (SSO)The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers.TeamProduct Security is shifting everywhere and holistically improving the maturity of the security program.RoleAs a Staff Product Security Engineer on the ServiceNow SSDL team, you will collaborate with developers and software architects on highly technical solutions and help the organization build secure and resilient software.What you get to do in this role : Work on a wide range of technologiesWork on complex architectural and technical challengesParticipate in threat modeling activitiesMentor and collaborate with development teams to adopt secure coding practicesWork on strategic and highly visible security activities across the organizationBe an advocate for security and participate in a security champions programQualifications To be successful in this role, we need someone who has : 6 years of experience in software security (AppSec)3 years of experience in threat modeling software applications and servicesProficient in threat modeling methodologies such as STRIDE or PASTAIn-depth knowledge of common web application vulnerabilities (OWASP Top 10)Working knowledge of Machine Learning and taxonomies such as BIMLIn-depth knowledge of software design patterns and their security considerationsIn-depth knowledge of authentication and authorization standards including OAuth, OIDC, SAML, JWT, and PASETOKnowledge of symmetric and asymmetric cryptography, digital signatures, PKI, TLS, and cryptographic hash functionsKnowledge of cloud native technologies including containers, Kubernetes, and services provided by AWS, GCP, and AzureKnowledge of static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) security toolsKnowledge of OWASP ASVS, SCVS, and related verification standardsAbility to work collaboratively in a highly distributed teamAbility to communicate technical concepts to business stakeholdersA passion for securityCompensation For positions in this location, we offer a base pay of $155,800 to $272,700, plus equity (when applicable), variable / incentive compensation and benefits.Additional Information We approach our distributed world of work with flexibility and trust.Equal Opportunity EmployerServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law.AccommodationsWe strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance.Export Control RegulationsFor positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals.#J-18808-Ljbffr

Salary : $155,800 - $272,700