Job Description

Role:

Senior Security Engineer - ServiceNow Security & Threat Modelling

Key Responsibilities:

Drive security by design across ServiceNow initiatives through

threat modelling

and

security design reviews

. Implement and improve

Secure Development Lifecycle (SDLC)

practices. Manage and automate

SAST/DAST tools

(Checkmarx, Veracode, Burp, ZAP). Analyze scan results, perform risk assessments, and ensure timely remediation. Collaborate with engineering/DevOps teams to instill

secure coding practices

. Provide architectural guidance, vendor risk reviews, and document/report findings. Mentor teams on security tools, threats, and best practices. Stay updated on emerging security threats and compliance standards.

Mandatory Requirements:

6+ years

in application/cloud security engineering. Strong expertise in

threat modelling

(STRIDE, PASTA, attack trees). Experience with

security design reviews

for enterprise apps/APIs. Hands-on with

SAST/DAST tools

.

ServiceNow platform expertise

(security architecture & app dev). Deep knowledge of

OAuth, SAML, SSO, secure APIs, access control

. Proficient in

JavaScript/Python

with strong troubleshooting skills. Excellent communication and risk explanation ability.

Preferred:

Security certifications (CISSP, CEH, OSCP, CSSLP, ServiceNow CIS). Knowledge of

cloud security (AWS/Azure/GCP)

, governance frameworks (ISO, SOC2, GDPR), incident response, and SIEM tools.
Job Type: Full-time

Experience:

ServiceNow: 1 year (Preferred) Cloud security: 1 year (Preferred) Threat Modelling: 1 year (Preferred)
Work Location: Remote