Product security engineer

Posted: Nov. 16, 2020, 4:37 a.m. - Full Time - Hyderabad

Job Title: Product Security Engineer


Work matters. It’s where we spend a third of our lives. And the workplace of the future is going to be a great place. We’re dedicated to bringing that to life for people everywhere. That’s why we put people at the heart of everything we do.

People matter. Our people have a passion for learning, building, and innovating. Whether you’re an engineer, a sales professional, a finance professional, or anything in-between, our roles aim to provide each person with meaningful impact and plenty of space to grow.


Product Security is working at Shifting Left, allowing engineering teams and the company to be proactive with simplified integrated security testing. This paradigm shift benefits developers and ServiceNow by codifying security activities at scale into their build pipelines ensuring tool chains are easily automated with continuous monitoring and feedback.


As a security engineer on the ServiceNow Product Security Team, you will be responsible in identifying security vulnerabilities within customer facing software products. You will work with internal development teams to review source code and audit custom functionality built on top of the ServiceNow platform. You will have the opportunity to develop tooling, plan security projects, and be a security advocate. A key part of this position is to effectively communicate issues to the application owners, provide meaningful remediation recommendations, and validate that they have been resolved.

What you get to do in this role:

  • Perform software auditing services for internally developed software
  • Work with development to provide secure solutions and validate fixes
  • Triage static and dynamic analysis findings and working toward reducing false positive rates
  • Assess software for risk and perform threat modeling activities
  • Be an advocate for security for development teams and participate in a security champions program

In order to be successful in this role, we need someone who has:

  • 3-7 years of experience of web application security auditing including code review
  • In-depth knowledge of common web application vulnerabilities (OWASP Top Ten)
  • Strong understanding of web application security assessment techniques
  • Proficiency in at least one language - Python, Java, or JavaScript preferred
  • Experience with static and dynamic analysis security tooling
  • Ability to deliver technical reports and communicate technical concepts to both non-technical business users as well as technical stakeholders.
  • A passion for security