This job offer is not available in your country.

Senior Security Engineer – ServiceNow Security & Threat Modelling

VREZOLV PARTNERS PRIVATE LIMITEDhyderabad, India

9 hours ago

Job description

What you get to do in this role :

Drive security by design across ServiceNow GTM Product initiatives, delivering expert threat modelling and conducting security design reviews for new features, integrations, and enhancements.
Own the implementation and continuous improvement of Secure Development Lifecycle (SDLC) practices, focusing on early detection and mitigation of risks through thorough threat modelling.
Plan, execute, and maintain Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) across ServiceNow and all integrated components; champion automated security scanning and vulnerability triage.
Deep-dive into scan results, perform risk analysis, and work cross-functionally to prioritize remediation, ensuring vulnerabilities are addressed in a timely and sustainable manner.
Collaborate with engineering, devops, and platform teams to instill secure coding practices, delivering security education and best practice advice.
Lead or contribute to risk assessments, vendor reviews, and architectural guidance for projects built on or integrated with ServiceNow.
Document security findings, produce actionable reporting, and help track resolution of risks and vulnerabilities as part of ITIL-driven incident, problem, and change management processes.
Mentor internal teams on modern security tools, processes, and emerging threats to continuously strengthen ServiceNow platform posture.
Stay abreast of the latest security threats, research, and regulatory requirements to ensure compliance and protection of sensitive data.

Qualifications

Minimum 6 years experience in application or cloud security engineering, with a consistent focus on secure design and risk reduction.

Demonstrable expertise in threat modelling frameworks and methodologies (e.g., STRIDE, PASTA, attack trees).

Strong background in security design review for enterprise web applications, APIs, and integrations.

Hands-on, production experience with SAST and DAST tools-setup, configuration, analysis, and remediation (examples : Checkmarx, Veracode, Burp Suite, OWASP ZAP, etc).

Mandatory hands-on experience working with ServiceNow's platform, security architecture, and application development ecosystem.

Strong troubleshooting and analytical skills to trace security bugs through complex, distributed systems.

A passion for security, personal integrity, and a strong commitment to protecting customer data and privacy.

Skilled communicator able to convey technical risk clearly to engineers and management alike.

Required Technical Qualifications

Extensive ServiceNow technical experience, including security configuration, platform administration, and integration patterns.

Proven expertise in security testing and automation for enterprise and cloud-native applications.

Deep understanding of authentication / authorization protocols (OAuth, SAML, SSO), secure API design, and access control implementation.

Working knowledge of scripting / programming languages commonly used in ServiceNow and web development (JavaScript, Python, etc).

Strong grasp of modern web application architecture, common attack vectors, and industry standards (OWASP, NIST).

Exposure to or experience with secure CI / CD pipelines, integrating security tools as part of automated workflows.

Preferred Qualifications (Nice to Have)

Industry certifications such as CISSP, CEH, OSCP, CSSLP, or ServiceNow Certified Implementation Specialist.

Experience conducting code and architecture reviews for SaaS or large-scale enterprise systems.

Familiarity with security governance, compliance frameworks (ISO27001 / 2, SOC2, GDPR), and privacy impact assessments.

Experience with infrastructure security, cloud security (AWS / Azure / GCP), or hybrid architectures.

Knowledge of incident response, digital forensics, or penetration testing methodologies.

Experience with security monitoring, alerting, and integration with SIEM tools.

Create a job alert for this search

Senior Security Engineer • hyderabad, India