Senior ServiceNow Security Engineer

Do you want to make a difference? 
Cognosante employees are passionate about improving people’s lives. With an innovative mindset and an unwavering commitment to those we serve, we partner with healthcare, civilian and defense agencies to deliver exceptional public services and programs. Our multi-faceted technology and customer experience (CX) solutions achieve program outcomes, solve critical challenges and create meaningful change. Whether we are helping Veterans access healthcare faster, ensuring that members of the military complete their missions safely, or helping people obtain health insurance, our work touches millions of people. Are you ready to make a difference?

The Senior ServiceNow Security Engineer will play a critical role in leading Hybrid Agile development projects within a Software Development and Support program using ServiceNow’s Enterprise Service Management (ESM) platform for a federal agency. The primary mission of the projects is to modernize IT Service Management for the agency through the adoption of best practices, process optimization, and continual service improvement. Embracing a DevSecOps methodology, the agency leverages various ServiceNow modules including ITSM (IT Service Management), SPM (Strategic Portfolio Management), ITOM (IT Operations Management), Customer Service Management, among other workflows. The ServiceNow Security Engineer's primary role will involve providing development (configuration) support as a member of an Agile Design or Development Scrum team, focusing on the configuration and management of security settings within the ServiceNow platform to ensure the integrity, confidentiality, and availability of information. The Senior ServiceNow Security Engineer will have experience in developing/reviewing security plans, processes, and strategies to identify areas for improvement or update. The Senior ServiceNow Security Engineer will also understand security regulations, directives for organizational and agency level requirements, and experience in designing and implementing security requirements into products and systems.

The Senior Security Engineer is responsible for all activities related to designing, implementing, documenting, and maintaining the appropriate security posture for projects and solutions implemented for state or federal government contracts. Typical tasks associated with this role include specifying and documenting security control requirements, developing system security plans, performing risk assessments, supporting security control assessments, and working with development and implementation team members to ensure that all security requirements are adequately addressed. The Senior Security Engineer also identifies relevant security and privacy standards and regulations applicable to systems under development or in operation and helps ensure compliance with those standards and regulations. This position is contingent upon contract award.

 
What will I get to do?  

• Establishes strategic direction, policies, and procedures for the organizations informatics for information systems.
• Analyze systems, data, and operating environments to determine appropriate security controls
• Produce and manage key authorization package documentation, including System Security Plans, Contingency Plans, Risk Assessment Reports, Security Test Plans, Plans of Action and Milestones, Privacy Impact Assessments, and related artifacts
• Guides the selection, development, and/or implementation of highly complex, technical systems designed to effectively manage clinical information, data, and clinical systems in the healthcare or other specialized fields
• Configures and manage security settings within the ServiceNow platform to safeguard against unauthorized access and data breaches, ensuring alignment with security policies and regulations.
• Develop, implement, and maintain security protocols within the ServiceNow environment, collaborating with other IT teams for secure integration with other enterprise systems.
• Conducts vulnerability assessments of the ServiceNow environment, develop and execute threat mitigation strategies, and promptly respond to security incidents.
• Participates in Agile Scrum meetings, contributing to the continuous improvement of security practices within the development lifecycle.
• Works closely with the DevSecOps team to integrate security practices into the entire software development and deployment lifecycle.
• Provides expertise in ServiceNow security best practices to the development team and stakeholders.
• Leads the development of security documentation, including security plans, incident response plans, and standard operating procedures.
• Leads the development and review of system architecture and system design documentation to identify security-relevant aspects of systems and solutions and accurately reflect that information in security documentation
• Collaborates closely with project team members to make sure that applicable security requirements are incorporated in systems and solutions deployed for the project
• Participates in business, technical, and security reviews of the solution to explain selected security and privacy controls
• Perform initial and ongoing risk assessments of the system.
• Extensive experience in ServiceNow Modules, network topologies, intrusion detection and secured networks

 
What qualifications do I need? 

• Must be a US Citizen with the ability to pass a background check and receive a Public Trust clearance.
• Bachelor’s degree in computer science, electronics engineering or other engineering or technical discipline is required.
• 5-7 years minimum experience in a similar role, with a focus on security within the ServiceNow platform.
• 8 years of additional relevant experience may be substituted for education.
• Must possess ServiceNow certification(s) with a strong preference for certifications in Security Operations (SecOps) or similar.
• Strong technical knowledge of networks, operating systems, and n-tier applications
• Experience performing risk management framework and system authorization tasks in a FISMA (i.e., federal government agency) setting.
• Familiarity with NIST standards and guidance including FIPS 199, FIPS 200, and the 800 series of Special Publications
• Familiarity integrating security into system development life cycle (SDLC) phases and activities.
• Excellent organizational, interpersonal, verbal, and written communication skills
• Ability to work effectively as part of an integrated project team, while also taking ownership of assigned tasks to successfully achieve explicit delivery dates and milestones.
• Ability to perform comfortably in a fast-paced, deadline-oriented work environment.
• Ability to successfully execute many complex tasks simultaneously.

 
What additional characteristics will help me thrive?  

• 5 additional years of relevant experience.
• Relevant security certifications such as CISSP, SSCP, CAP, or CISA.
• ITIL v3 or ITIL v4 Certifications is highly desirable
• ServiceNow Certification(s) in various modalities.
• Formal education or professional experience in information assurance, information security management, or security operations.
• Prior experience performing in the role of an information security officer/information systems security officer (ISO/ISSO) on a state or federal government contract.
• Experience securing systems or environments that process personally identifiable information (PII) or protected health information (PHI).
• Experience working with online security tools such as Trusted Agent FISMA, SecureInfo RMS, or CSAM

What We Offer  

Our mission is to provide comprehensive and competitive pay, benefits, services, and programs to eligible employees and their dependents that:  

• Ensure optimal health and productivity of our employees   

• Support employee retention and attraction  

• Provide work/life balance to ensure our employees succeed inside and outside of the office  

Compensation

The pay range for this job is determined by various factors, including but not necessarily limited to location, responsibilities of the job, and alignment with market data. When determining a salary for this role, the following factors may be taken into consideration - contract-specific affordability, education, knowledge, skills, competencies and experience. The estimate displayed represents the salary range for this position and is just one component of Cognosante’s total compensation package for employees. It is not necessarily reflective of actual compensation that may be earned, nor a promise of any specific pay for any specific employee. 

Cognosante will not provide sponsorship for employment-based immigration benefits for this position.

What We Promise  

Cognosante employees are inspired by our bold mission to improve lives. To achieve this mission, we put our people first. No matter where they're located around the nation, our innovative workplaces enable individuals to apply their skills and experience to work toward a greater good.  

We foster a winning culture of solution creators built on innovation, collaboration, flexibility, and work-life balance. And we invest in the next generation of diverse talent to foster an inclusive, progressive, adaptable workplace that prioritizes advancement for all. As an affirmative action employer, we are committed to equal opportunity regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.   

Your safety during your job search is important. Recruiting communications will always be sent through one of the following corporate domain emails (@cognosante.com or @accurate.com).  

We will never send communications through any other domain, including @cognosantecareers.com, @gmail.com or @yahoo.com). We will never request payment from you, nor will we send payment to you, prior to your start date. If you have been asked to send or receive any payment, or if you have any doubt about whether you have been contacted by a Cognosante employee, please contact us at jobs@cognosante.com