Threat Hunter

Website servicenow ServiceNow

What you get to do in this role:

ServiceNow is looking to expand its Threat Hunting team. As the company continues to see rapid growth new people, processes and technologies are introduced into the environment. Each of these create new attack surfaces and often have different data sources. Meanwhile the cyber threat landscape continues to evolve with new exploits, new actors and new tactics creating new risks for an enterprise. As a Threat Hunter your job is to find the intersection of the threat landscape and the ServiceNow environment. You will be responsible for identifying unknown threats within the environment and call out unmonitored areas of a diverse set of environments.

This role is both technical and highly collaborative. The Threat Hunting team works alongside a Global Incident Response team taking in investigative leads. Threat Hunters will often have to interface with non-security subject matter experts such as engineers, developers, and administrators in order gain knowledge in that area. Effective, concise, and positive communication with these cross-functional teams are critical to the success of Threat Hunting operations.

ServiceNow is changing the way people work. With a service-orientation toward the activities, tasks and processes that make up day-to-day work life, we help the modern enterprise operate faster and be more scalable than ever before.


Duties and Responsibilities: 

The primary responsibility of a threat hunter at ServiceNow is to proactively discover signs of current or past malicious activity within our environments. Specific duties will include

  • Perform structured threat hunting following a systematic program seeking common and bespoke-to-our-environment TTPs.
  • Identify any missing people/process/technology needed for a TTP detection.
  • Craft behavioral TTPs detections from our log aggregations for our SIEM.
  • Collaborate and coordinate with other threat hunters on current objectives.
  • Support incident response with advanced analysis when needed.
  • Provide guidance on threat hunt findings to junior security analysts.


Keys to Success

ServiceNow is seeking a mid to senior level security practitioner whom can successfully apply their experiences to detecting new threats. Given the speed of growth, this person must fully adopt a growth mindset as new datasets to investigate will be constant.


A suitable candidate should include:

  • 4+ years’ experience in a relevant information security domain.
  • Understanding of tactics, techniques and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-stat sponsored threat actors .
  • Ability to analyze various data sources, security tools, and threat trends that produce telemetry for a global security operation team.
  • Familiar with common knowledge works in the area such as Kill Chain, MITRE ATT&CK, or TaHiTI.
  • Experience with host and network forensics from a malware perspective with the ability to identify anomalous activity.
  • Ability to perform an investigation based off ambiguous information without defined work instructions.
  • Excellent verbal and written communications skills with the ability to
  • Bachelor’s degree in relevant field or equivalent experience.
  • Ability to effectively script and/or code in a variety of OS environments.
  • Ability to effectively write efficient Splunk queries.
  • Knowledge of ELK Stack is beneficial.


Candidates should be able to meet all federal government security screening requirements as indicated: Federal security screening requirements call for applicant to verify U.S. Citizenship. Additional customer screening requirements may include additional items such as, but not limited to: specialized agency background checks (either national or local) and fingerprinting, as well as the ability to obtain a government personnel security clearance.

We provide competitive compensation, generous benefits and a professional atmosphere. This is a very collaborative and inclusive work environment where individuals strong on aptitude and attitude will have an opportunity to grow their professional careers through working with some of the most advanced technology and talented developers in the business.



ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, or veteran status. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at (408) 501-8550, or for assistance.

Scroll to top