Certification Security Engineer

Company Description

At ServiceNow, our technology makes the world work for everyone, and our people make it possible. We move fast because the world can’t wait, and we innovate in ways no one else can for our customers and communities. By joining ServiceNow, you are part of an ambitious team of change makers who have a restless curiosity and a drive for ingenuity. We know that your best work happens when you live your best life and share your unique talents, so we do everything we can to make that possible. We dream big together, supporting each other to make our individual and collective dreams come true. The future is ours, and it starts with you. 

With more than 7,400+ customers, we serve approximately 80% of the Fortune 500, and we're proud to be one of FORTUNE's 100 Best Companies to Work For® and World's Most Admired Companies® 2022.

Learn more on Life at Now blog and hear from our employees about their experiences working at ServiceNow.

Unsure if you meet all the qualifications of a job description but are deeply excited about the role? We still encourage you to apply! At ServiceNow, we are committed to creating an inclusive environment where all voices are heard, valued, and respected. We welcome all candidates, including individuals from non-traditional, varied backgrounds, that might not come from a typical path connected to this role. We believe skills and experience are transferrable, and the desire to dream big makes for great candidates.

Job Description

Company

Work matters. It’s where we spend a third of our lives. And the workplace of the future is going to be a great place. We’re dedicated to bringing that to life for people everywhere. That’s why we put people at the heart of everything we do.

People matter. Our people have a passion for learning, building, and innovating. Whether you’re an engineer, a sales professional, a finance professional, or anything in-between, our roles aim to provide each person with meaningful impact and plenty of space to grow.

We employ the brightest and most forward-thinking Security Professionals on the planet. We have offices around the world and work as a distributed team.  Come join the Certification Security team and help set the bar for AppStore Security!

Team

While ServiceNow is growing the application ecosystem and improving application distribution with the ServiceNow Store, building a secure and trustworthy app ecosystem is the top priority for ServiceNow Certification Engineering Team. The certification process is in place to ensure that the least possible amount of risk is introduced into the customer instances as possible. Applications that meet the certification requirements are designated as NOW Certified Apps.

ServiceNow's Certification Security team leverages its diverse, highly skilled security background and expertise to help enhance security of ServiceNow’s Technology Partner program and communicate ServiceNow’s commitment towards security to the world. The global team works closely with other components in ServiceNow’s Organization on security-related topics and directly interfaces with ServiceNow partners.

Role

This critical position values integrity, quality, expertise, precision, communication, and efficiency and is looking for security professionals with developing to established security backgrounds and excellent communications. 

As a member of the Certification Security Team, you will be responsible for ensuring that AppStore solutions comply with the security criteria outlined in the certification requirements and the certification policy, as well as assessing the security posture of the solutions to identify and address security gaps before the application solution is published on the ServiceNow Store. You will work with partners, external security teams and developers to proof & document reported vulnerabilities. This will require application security knowledge, analytical debugging skills and strong programming language proficiency.

Qualifications

What you get to do in this role:

• Responsible for identifying security vulnerabilities within AppStore applications and integrations.
• Provide guidance to ServiceNow Technology Partners on security requirements including remediation advice and potential feature enhancements.
• Leverage code review skills to identify complex vulnerabilities within code (Fortify knowledge is a plus).
• Develop security tools to automate the AppSec and Pentest processes.
• Participate in threat modeling and design review activities.
• Provide security mentoring and training to peers and other colleagues in the organization.

Qualifications

To be successful in this role you have:

• 3+ years of work experience in a security role
• Hands on experience with penetration testing, threat-modeling, and design reviews.
• Strong scripting/development skills (ex: JavaScript, Python, Go, Ruby, Java, etc).
• Strong knowledge of Authentication and authorization protocols like OIDC, OAuth2.0, SAML & JWT.
• Knowledge of Secure Software Development Lifecycle (S-SDLC).
• Experience with Static and Dynamic code analysis.
• Familiarity with OWASP Code Review guide and Static Analysis Tools
• Good understanding of OWASP Top 10, CVSS, ASVS, WSTG, STRIDE & CWE Top 25.
• Excellent written and oral communication skills, including experience presenting to executive management.

Desired skills:

• Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
• Industry certifications such as OSCP, OSWE, GWAPT, CISSP, CSSLP or GPEN.
• Experience writing custom security rules for Fortify.
• Familiarity with an Agile development environment
• Understanding of ServiceNow platform and products

Additional Information

ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status or any other category protected by law.

At ServiceNow, we lead with flexibility and trust in our distributed world of work. Click here to learn about our work personas: flexible, remote and required-in-office.

If you require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at talent.acquisition@servicenow.com for assistance.

For positions requiring access to technical data subject to export control regulations, including Export Administration Regulations (EAR), ServiceNow may have to obtain export licensing approval from the U.S. Government for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by the U.S. Government.

Please Note: Fraudulent job postings/job scams are increasingly common. Click here to learn what to watch out for and how to protect yourself. All genuine ServiceNow job postings can be found through the ServiceNow Careers site.