Senior Staff Product Security Engineer | Product Security Incident Response Team (PSIRT)

Posted 4 Hours Ago
Be an Early Applicant
Hiring Remotely in Kirkland, WA, USA
Remote or Hybrid
201K-352K Annually
Senior level
Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
We're putting AI to work for people.
The Role
Lead technical response and investigation of post-release product vulnerabilities. Coordinate fixes across engineering, product, and release teams; drive CVE disclosure and coordinated communications; perform deep-dive root-cause analysis and exploit proof-of-concept work; author postmortems and feed improvements into SDLC and secure development practices.
Summary Generated by Built In
Company Description
It all started when engineer Fred Luddy wrote code that automated a tedious task for his coworker, Phyllis. She cried tears of joy. That moment inspired Fred to build a company that could do that for everyone-freeing people from busywork so they could focus on meaningful work. Today, ServiceNow is the AI control tower for business reinvention. Our ServiceNow AI platform brings together any AI, any data, and any workflow- helping 85% of the Fortune 500® work smarter, faster, and better. We're building an AI-native culture where technology and talent are unstoppable together. And we're just getting started.
Join us to put AI to work for people.
Job Description
The ServiceNow Security Organization (SSO)
The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact
About the role
ServiceNow seeks a senior staff-level product security engineer to serve as a senior technical authority within the Product Security Incident Response Team (PSIRT). PSIRT is ServiceNow's awareness, response, and investigation capability for post-release vulnerabilities in ServiceNow-developed products and service offerings.
This role is for a recognized expert who can operate independently and as part of a team on the most significant security issues facing the platform-vulnerabilities that require evaluating intangibles. You will lead deep-dive investigations, coordinate resolution across engineering, product, and release teams, and demonstrate calm, decisive leadership during significant security events.
This is a role for someone who already understands product development cycles and the engineering and product relationships that drive them-and will use that fluency to lead fixes to completion under incident pressure. You will help shape how ServiceNow responds to product security vulnerabilities at scale and the technical rigor of the entire response capability.
Key Responsibilities
Lead Through Significant Security Events
  • Provide additional response coverage outside of normal working hours for significant product vulnerabilities as they emerge.
  • Demonstrate technical and organizational leadership during these events-bringing structure and clear decision-making under pressure.
  • Partner with incident commanders, business information security leadership, engineering, and customer-facing teams to maintain clear ownership, workstream prioritization, and hand-offs during these events.

Reduce Exposure Window
  • Drive coordinated response across affected releases, balancing risk and remediation feasibility.
  • Leverage an understanding of product development cycles and engineering/product partnerships to move fixes through the release pipeline without stalling on organizational boundaries.
  • Verify fix completeness and guard against incomplete mitigations before release.

Drive the CVE & Coordinated Disclosure Process
  • Lead ServiceNow's CVE disclosure process-owning CVE assignment, scoring, advisory content, and publication timing.
  • Collaborate with external security partners, vendors, and researchers on coordinated disclosures, aligning timelines and messaging across parties.
  • Conduct technical accuracy reviews of external advisories, researcher write-ups, and joint disclosure content to ensure correctness before publication.
  • Represent PSIRT's technical position in multi-party coordinated disclosures and researcher engagements.

Pursue After-Action Outcomes & Continuous Improvement
  • Author postmortems and drive lessons learned to closure following product security incidents.
  • Participate in retrospectives following significant product security events, translating findings into concrete process and technical improvements.
  • Contribute to partner teams tracking product security risk themes and trends across the portfolio.
  • Contribute to SDLC improvement areas, feeding incident learnings upstream into secure development practices.

Qualifications
Qualifications
  • Minimum 12 years of related experience with a Bachelor's degree; or 8 years with a Master's degree; or a PhD with 5 years of experience; or equivalent experience.
  • Minimum 5 years of auditing source code for security vulnerabilities.
  • Demonstrated leadership during significant security events or major incidents, with willingness to participate in on-call.
  • Ability to read and comprehend Java and JavaScript code.
  • Strong understanding of common Java and JavaScript vulnerabilities.
  • Proficiency in scripting in both Python and JavaScript for data gathering, processing, and visualization.
  • Development of proof-of-concept exploits for web application vulnerabilities.
  • Written and verbal communication of complex security risk clearly to both technical teams and leadership.
  • Experience with leading fix implementation and release coordination across engineering, product, and test/release teams.
  • Proficiency in deep-dive product security investigations and root-cause analysis spanning design, code, configuration, and operational layers.
  • Exploit analysis and proof-of-concept development that distinguishes real exploitability from theoretical risk.
  • Familiarity with SDLC integration, CI/CD pipelines, SaaS threat models, and secure development practices.
  • Experience leading a CVE disclosure process, including CVE assignment, scoring (CVSS), and advisory publication.

Preferred Qualifications
  • Experience in a PSIRT or similar function for a major software or SaaS platform.
  • Recognized expertise in product security incident response, vulnerability research, or application security within a software or SaaS environment.
  • Experience conducting vulnerability assessments on the ServiceNow platform.
  • Experience with emerging threats: AI-specific attack vectors, software supply chain security, and SDLC tooling security.
  • Experience with cloud infrastructure (AWS, Azure, GCP) and containerized environments.
  • Relevant security certifications (e.g., OSWE) or demonstrated equivalent expertise.

#SecurityJobs
For positions in this location, we offer a base pay of $201,300 - $352,300, plus equity (when applicable), variable/incentive compensation and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, ESPP, matching donations, a flexible time away plan and family leave programs. Compensation is based on the geographic location in which the role is located and is subject to change based on work location.
Additional Information
Work Personas
We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here . To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.
Equal Opportunity Employer
ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements.
Accommodations
We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact [email protected] for assistance.
Export Control Regulations
For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities.
From Fortune. ©2026 Fortune Media IP Limited. All rights reserved. Used under license.

Skills Required

  • Minimum 12 years of related experience with a Bachelor's degree; or 8 years with a Master's degree; or a PhD with 5 years of experience; or equivalent experience.
  • Minimum 5 years of auditing source code for security vulnerabilities.
  • Demonstrated leadership during significant security events or major incidents, with willingness to participate in on-call.
  • Ability to read and comprehend Java and JavaScript code.
  • Strong understanding of common Java and JavaScript vulnerabilities.
  • Proficiency in scripting in both Python and JavaScript for data gathering, processing, and visualization.
  • Development of proof-of-concept exploits for web application vulnerabilities.
  • Written and verbal communication of complex security risk clearly to both technical teams and leadership.
  • Experience with leading fix implementation and release coordination across engineering, product, and test/release teams.
  • Proficiency in deep-dive product security investigations and root-cause analysis spanning design, code, configuration, and operational layers.
  • Exploit analysis and proof-of-concept development that distinguishes real exploitability from theoretical risk.
  • Familiarity with SDLC integration, CI/CD pipelines, SaaS threat models, and secure development practices.
  • Experience leading a CVE disclosure process, including CVE assignment, scoring (CVSS), and advisory publication.
  • Experience in a PSIRT or similar function for a major software or SaaS platform.
  • Recognized expertise in product security incident response, vulnerability research, or application security within a software or SaaS environment.
  • Experience conducting vulnerability assessments on the ServiceNow platform.
  • Experience with emerging threats: AI-specific attack vectors, software supply chain security, and SDLC tooling security.
  • Experience with cloud infrastructure (AWS, Azure, GCP) and containerized environments.
  • Relevant security certifications (e.g., OSWE) or demonstrated equivalent expertise.

What the Team is Saying

Shanequa
Katya
Suzanne
Alexander
Jaime
Pat
Brady
Hasan
Jamil
Viviana

ServiceNow Compensation & Benefits Highlights

  • Healthcare Strength Multiple medical plan options, mental‑health resources, and strong coverage signals are emphasized. Fertility and family‑planning benefits further broaden the health package.
  • Leave & Time Off Breadth Flexible PTO, paid volunteer time, and company‑wide Wellbeing Days are highlighted. Paid holidays and shutdowns enhance recharge opportunities.
  • Equity Value & Accessibility Equity grants (RSUs) and an Employee Stock Purchase Plan are standard components of total rewards. Donation matching and learning support complement long‑term value building.

ServiceNow Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Santa Clara, CA
29,000 Employees
Year Founded: 2004

What We Do

As the AI platform for business transformation, we're putting AI to work across organizations — freeing people for work that matters. Making old tech work with new tech. Reaching across departments, from the front office to the back office and every office in between. Our ambition? To become the AI defining enterprise software company of the 21st century (or "AI DESCO21C," as we like to call it). With more than 8,400+ customers, we serve approximately 90% of the Fortune 500®, and we're proud to be a Fortune 100 Best Companies to Work For® and World's Most Admired Companies™. Explore your future career with us, visit www.careers.servicenow.com From Fortune. ©2026 Fortune Media IP Limited. All rights reserved. Used under license.

Why Work With Us

By joining ServiceNow, you are part of an ambitious team of change-makers who have a restless curiosity and a drive for ingenuity. We're committed to helping our people do their best work and live their best lives so we can fulfill our purpose together. At the fastest-growing enterprise software company, you can grow your career faster.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

ServiceNow Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

At ServiceNow, we lead with flexibility and trust. For some, home is the primary workplace. For those who come into a ServiceNow workplace, you are empowered to make team-guided and individual-led decisions on how and when you use the workplace.

Typical time on-site: Flexible
Company Office Image
HQSanta Clara, CA
Heredia
Ciudad de México
District of Columbia
Osaka
Aarhus, DK
Aarhus, DK
Company Office Image
Addison, TX
Amsterdam, North Holland
Atlanta, Georgia
Auckland, Auckland
Bangkok, Bangkok
Bengaluru, Karnataka
Bengaluru, Karnataka
Berlin, Berlin
Brasília, Federal District
Brisbane, Queensland
Brussels, BE
Cairo, Cairo Governorate
Canberra, Australian Capital Territory
Charlottesville, Virginia
Company Office Image
Chicago, IL
Deerfield, Illinois
Company Office Image
Denver, CO
Dubai, Dubai
Dublin, Leinster
Düsseldorf, Nordrhein-Westfalen
Frankfurt am Main, Hesse
Goteborg, Västra Götaland County
Gurugram, Haryana
Hamburg, Hamburg
Hanyang, Seoul
Helsinki, Uusimaa
Hong Kong, Hong Kong
Houston, TX
Hyderabad, Telangana
Issy-les-Moulineaux, Île-de-France
Johannesburg, Gauteng
Kirkland, WA
Lausanne, Vaud
Lille, Hauts de France
London, England
London, England
Madrid, Community of Madrid
Melbourne, Victoria
Milano, Lombardia
Milwaukee, WI
Company Office Image
Montréal, QC
Mumbai, Maharashtra
Munich, Bavaria
Company Office Image
New York, NY
Opfikon, Zürich
Orlando, FL
Oslo, Oslo
Perth, Western Australia
Petah Tikva, Central District
Company Office Image
Pleasanton, CA
Riyadh, Riyadh Province
Rome, Lazio
Company Office Image
San Diego, CA
San Francisco, Heredia
Company Office Image
San Francisco, CA
São Paulo, SP
Singapore, SG
Solna, Stockholm County
Sydney, New South Wales
Tokyo, Tokyo
Toronto, Ontario
Vancouver, British Columbia
Company Office Image
Vienna, VA
Vienna, AT
Company Office Image
Waltham, MA
Washington, DC
Wellington, Wellington
West Palm Beach, Florida
Learn more

Similar Jobs

ServiceNow Logo ServiceNow

Senior Info Sec Operations Engineer | OKTA | IAM

Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Remote or Hybrid
Kirkland, WA, USA
29000 Employees
161K-274K Annually

ServiceNow Logo ServiceNow

Senior Customer Success Manager

Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Remote or Hybrid
United States
29000 Employees
102K-179K Annually

ServiceNow Logo ServiceNow

Staff Software Engineer

Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Remote or Hybrid
Kirkland, WA, USA
29000 Employees
188K-328K Annually

ServiceNow Logo ServiceNow

Senior Systems Engineer

Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Remote or Hybrid
Kirkland, WA, USA
29000 Employees
141K-239K Annually

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account