ServiceNow logo
ServiceNow

ServiceNow provides cloud-based services that automate enterprise information technology operations. As an employer, ServiceNow offers a challenging, collaborat

Sr Staff Software Engineer - Product Security

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 29,000Since 2004Company Site

Location

Israel

Posted

3 days ago

Salary

0

Seniority

Senior

English

Job Description

Sr Staff Software Engineer - Product Security

ServiceNow

Company Description It all started when engineer Fred Luddy wrote code that automated a tedious task for his coworker, Phyllis. She cried tears of joy. That moment inspired Fred to build a company that could do that for everyone-freeing people from busywork so they could focus on meaningful work. Today, ServiceNow is the AI control tower for business reinvention. Our ServiceNow AI platform brings together any AI, any data, and any workflow- helping 85% of the Fortune 500® work smarter, faster, and better. We're building an AI-native culture where technology and talent are unstoppable together. And we're just getting started. Join us to put AI to work for people. Job Description ServiceNow's Product Security organisation is building a dedicated Security R&D function - a software engineering team that builds security capabilities with the same rigour, CI/CD discipline, and quality standards as ServiceNow's product engineering organisation. We are looking for a Sr. Staff Security Engineer to be a technical anchor on this team. Security R&D operates in two complementary modes: open contribution to product engineering - writing code alongside product teams where security expertise adds value - and developing its own security capabilities, including internal tooling, externally facing product features, AI-powered security automation, and third-party integrations. This is a new team being stood up in Petah Tikva, Israel, co-located with ServiceNow's AI Security Research team. You will be one of the senior technical leaders shaping the team's engineering culture, architecture decisions, and technical direction from its inception. This role reports to the Sr. Engineering Manager, Security R&D. What You Will Do Lead Technical Design and Architecture - Drive architecture and design decisions for Security R&D's capabilities, ensuring systems are built for enterprise scale, reliability, and maintainability. - Lead technical design reviews and serve as the senior engineering voice on security tooling, automation, and platform services built by the team. - Define technical standards, code quality expectations, and engineering best practices for the Security R&D team. - Evaluate and integrate third-party security services alongside in-house AI-powered capabilities to maximise security review coverage. Build Security Capabilities at Platform Scale - Design and develop security tooling, automation, and platform-native services - both for internal use and as externally facing product features. - Contribute code directly into ServiceNow product engineering codebases where security domain expertise accelerates delivery and improves security outcomes. - Leverage ServiceNow's unique platform advantages - Agent Framework runtime, ACL enforcement, data layer, and workflow engine - to build capabilities that external vendors cannot replicate. - Collaborate with the AI Security Research team on AI agent security tooling, bringing production engineering discipline to an emerging domain. Mentor and Elevate the Team - Mentor junior and mid-level engineers, raising the technical bar across the team through code reviews, design guidance, and hands-on pairing. - Represent Security R&D in cross-functional discussions with product engineering leadership, demonstrating technical credibility as an engineering peer. - Contribute to hiring by helping define the technical interview bar and participating in candidate evaluations. What Makes This Role Unique - Builder-led culture: Security R&D is defined by engineering output, not advisory reviews. We build production security capabilities with the same discipline as product engineering. - Dual operating model: The team both contributes directly to product engineering and develops its own security products and services. - Platform advantage: ServiceNow owns the entire stack - runtime, ACLs, data layer, workflow engine. You will build security capabilities that no external vendor can replicate. - Founding team: This is a new team being built from scratch. You will shape its engineering culture, technical standards, and identity from day one. - AI intersection: The role sits alongside the AI Security Research team, placing you at the frontier of securing AI systems at enterprise scale. Qualifications To be successful in this role, you have: - 12+ years of progressive software engineering experience, with a track record of designing and building complex systems at enterprise scale. - Bachelor's degree in Computer Science, Engineering, or a related technical field. - Strong hands-on production experience with Python and Java. You are a builder who writes code daily, not an architect who only draws diagrams. - Deep expertise in distributed systems, scalability, high availability, and performance engineering in cloud environments. - Experience with security-related engineering - application security, infrastructure security, identity systems, fraud prevention, or trust & safety. You bring a security mindset to everything you build. - Familiarity with AI/ML systems, GenAI, or Agentic AI technologies. You don't need to be an ML researcher, but you should understand how these systems work and how to build tooling around them. - Experience contributing to large-scale product codebases in a collaborative engineering environment. You know how to earn trust with product engineering teams through code quality and delivery. - Strong technical communication skills - ability to articulate architecture decisions, write clear design documents, and influence technical direction across teams. Preferred - Experience with container and Kubernetes security, runtime security, OPA policy enforcement, or service mesh security. - Background in building security products or features that ship as part of a commercial platform. - Experience with AI-powered automation, LLM integration, or agentic frameworks in a production context. - Familiarity with enterprise security frameworks (NIST, SSDLC) and their translation into engineering requirements. - Experience working in a globally distributed engineering team across multiple time zones. Additional Information Work Personas We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here . To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service. Equal Opportunity Employer ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. Accommodations We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance. Export Control Regulations For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. From Fortune. ©2026 Fortune Media IP Limited. All rights reserved. Used under license. .

Related Categories

Related Job Pages

More Security Engineer Jobs

ServiceNow logo

C&I Partner Manager - IBM Governance & Security & Autonomous Workforce

ServiceNow

ServiceNow provides cloud-based services that automate enterprise information technology operations. As an employer, ServiceNow offers a challenging, collaborat

Full TimeRemoteTeam 29,000Since 2004

Company Description It all started when engineer Fred Luddy wrote code that automated a tedious task for his coworker, Phyllis. She cried tears of joy. That moment inspired Fred to build a company that could do that for everyone-freeing people from busywork so they could focus on meaningful work. Today, ServiceNow is the AI control tower for business reinvention. Our ServiceNow AI platform brings together any AI, any data, and any workflow- helping 85% of the Fortune 500® work smarter, faster, and better. We're building an AI-native culture where technology and talent are unstoppable together. And we're just getting started. Join us to put AI to work for people. Job Description The Partner Manager, C&I Global Partner Team is an individual contributor role responsible for the health, performance, and go-to-market execution for the Governance and Risk and Autonomous Workforce practices strategy and execution at IBM. Working directly with the Global IBM Partner Leader, this role translates joint global strategy into practice strategy and execution -engaging partners in co-sell motions, pipeline development, and customer delivery. The Partner Manager operates cross-functionally alongside the Product Group, Field Sales, Enablement, Marketing, and Technical Partner Advisors (TPAs) to ensure the right partners are activated at the right time for the right opportunities and across the Deloitte teams. This role focuses on partner growth, sales effectiveness, and scalable execution across ServiceNow's routes to market. What You'll Do Partner Engagement & Pipeline Execution - Own end-to-end partner lifecycle management for IBM, including joint business planning, GTM execution, and performance tracking for the Governance and Risk practice (incl. Governance, Security, Risk, Identity and Operational Technology) and Autonomous Workforce - Drive partner pipeline development and deal progression in close collaboration with field sales - Engage the right IBM partners in active customer opportunities, including proposal situations requiring partner collaboration - Generate new business in existing accounts, new markets, and net new logos through partner-led and co-sell motions Cross-Functional Collaboration - Operate as a defined participant in cross-functional RACI models covering customer lifecycle and implementation motions - Align with internal stakeholders on roles, responsibilities, and execution across delivery and implementation activities - Partner with TPAs to align sales plays to routes to market and guide partners on how to position and sell ServiceNow - Coordinate with Marketing to develop joint demand generation campaigns that drive co-sell pipeline Partner Readiness & Governance - Conduct quarterly and bi-annual business reviews, governance forums, and milestone tracking with IBM partners - Coach and enable IBM teams -remotely and in person-building senior-level relationships and managing partner risk - Advise IBM on market, geographic, and route-to-market expansion, including new buying centers and customer segments - Track performance metrics and readiness indicators; escalate risks proactively to minimize business impact Success Measures - IBM pipeline growth and revenue contribution (sourced and sell-through NNACV) - Expansion into new markets, buying centers, and net new logos in Governance and Risk and Autonomous Workforce Practices - Partner engagement quality: early activation in customer opportunities and proposal motions - Consistency of cross-functional execution within the collaboration model - IBM maturity, scalability, and enablement effectiveness in Governance and Risk and Autonomous Workforce - Field and stakeholder satisfaction scores Qualifications Required - 10-15+ years in partner management, alliances, or ecosystem roles within enterprise software and/or consulting/implementation services - Strong understanding of partner-led and co-sell sales motions, including C&I routes to market - Experience in Governance, Risk, Security and OT businesses and IT - Proven ability to collaborate and influence across multiple internal teams in complex, matrixed operating models - Experience developing and executing GTM strategies through partner ecosystems - Strong communication skills with the ability to align stakeholders on roles, expectations, and execution plans - Comfort operating in ambiguity with a bias toward action Preferred - Experience supporting partner-involved deal and proposal motions, including identifying and aligning partners to pursue opportunities - Familiarity with partner lifecycle management, partner experience and productivity drivers, and partner performance measurement - Experience leveraging AI tools into work processes, decision-making, or problem-solving-including AI-powered tools and workflow automation Why This Role Matters Partner-led growth requires field-level execution that connects global strategy to real customer outcomes. This role is the operational bridge between the Global Partner Leader's vision and the customers, deals, and field teams where that strategy must come to life. By ensuring the right C&I partners are engaged, enabled, and executing effectively, the Partner Manager drives the scalable, predictable pipeline growth that powers ServiceNow's partner ecosystem. For positions in this location, we offer a base pay of $126,060 - $180,000, plus equity (when applicable), variable/incentive compensation and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, ESPP, matching donations, a flexible time away plan and family leave programs. Additional Information Work Personas We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here . To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service. Equal Opportunity Employer ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. Accommodations We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance. Export Control Regulations For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. From Fortune. ©2026 Fortune Media IP Limited. All rights reserved. Used under license.

Illinois
$126.1K - $180K / year
Origin logo

Security Researcher (AI)

Origin

Let's talk money. Hit financial milestones, get expert guidance, and manage money with ease.

Full TimeRemoteTeam 51-200Since 2018H1B Sponsor

Role Description Origin is seeking an AI Security Researcher to investigate the evolving intersection of adversarial tradecraft and modern generative AI systems. This role focuses on understanding how attackers misuse or weaponize LLMs, on-device assistants (such as Computer Use Agents), autonomous agents, code-generation models, and multi-modal AI systems, and on translating this research into impactful defensive capabilities within Origin’s products. Success in this role requires deep curiosity, strong technical intuition, hands-on experimentation, and the ability to convert ambiguous research signals into clear, actionable engineering outcomes. Responsibilities - Conduct in-depth research into how modern adversaries may evolve tradecraft to exploit or abuse generative AI tools, including LLMs, autonomous agents, and on-device assistants. - Conduct hands-on research into adversarial prompting, jailbreak methods, tradecraft leveraging computer use agents and local models, and other AI-enabled attack vectors. - Translate and implement research findings into actionable improvements for Origin’s products. - Produce high-quality, public-facing security research content, including blog posts and conference talks. - Stay abreast of cutting-edge offensive and defensive security techniques through continuous self-study and research. - Serve as the subject matter expert in adversary tradecraft and security operations, supporting other business units on their projects as needed. - Support other Researchers on the team with their research and actively engage in team-driven initiatives. Qualifications - 2+ years of experience in one or both of the following areas: - Offensive security research, such as red team operations or purple teaming. - Defensive security research, for purposes of publication and security feature development. - Ability to write code for development of research tooling. - Ability to explain complex technical concepts and research outputs to both executive-level and highly technical consumers. - Aptitude for working in a fast-paced, adaptive startup environment. Nice to Haves - Demonstrated experience investigating or exploiting generative AI systems, prompt engineering, jailbreaks, model exploitation, or agentic misuse. - Familiarity with reinforcement learning, model interpretability, or safety research. - Contributions to open-source AI or security tooling. - Prior publications, conference presentations. - Proficient in at least one systems language (Rust, C/C++). - Knowledge of operating system internals and reverse engineering. Benefits - Generous healthcare. - Flexible PTO. - Home-office support, ensuring our team has the freedom and resources to thrive. Company Description Origin is building the endpoint AI observability platform for AI-adopting organizations. We believe that organizations should not adopt AI on their endpoints without observability in place, and we want to be the platform that maximizes the productivity & safety of that adoption. The company exists to maximize the diffusion of intelligence inside an organization, maximize the productivity of agentic systems and the humans driving them, keep agent actions traceable end-to-end so that when a user asks for something in a prompt they can verify the agent actually did what was expected, and give organizations one interface to answer the hardest questions they have about how work gets done. Our platform monitors and protects some of the most important organizations in the world. We are backed by Sequoia Capital, Brightmind Ventures, IA Ventures and other top firms.

Northern America + 2 moreAll locations: Northern America | Western Asia (Middle East) | Australia and New Zealand
NTT Global Data Centers logo

Principal AI Security & Privacy Architect

NTT Global Data Centers

As the third largest data center provider, we operate over 150 data centers in more than 20 countries and regions. We understand that every business – large and small – has its own unique needs and goals. We offer local-to-global data center expertise, aligned with our connected platform of AI-ready data centers to create solutions that enable our clients to seamlessly scale their digital businesses, anywhere and anytime. NTT Global Data Centers is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment.

Full TimeRemoteTeam 501-1,000H1B No Sponsor

Role Description The Principal AI Security & Privacy Architect owns the security and privacy architecture for AI/ML-enabled products and enterprise AI platforms. This role partners across the enterprise to embed secure-by-design and privacy-by-design controls across the AI lifecycle — delivering trustworthy, compliant, audit-ready AI solutions, tailored to specific business needs. The ideal candidate brings a rigorous engineering foundation, deep governance experience, and the project leadership skills to drive cross-functional initiatives from scoping through delivery. Qualifications - Bachelor’s degree required — preferably in Computer Science, Information Security, Law, Privacy, Engineering, Governance/Risk Management/Compliance, or related discipline. - Certifications — Desired (any of the following): - CIPP/E, CIPP/A, CIPM, or CIPT (IAPP) — Data Privacy - AI Governance Professional (AIGP) (IAPP) — AI & Privacy combined - CISSP, CCSP, or equivalent — Information / Cloud Security - ISO 42001 Lead Implementer or Auditor — AI Management Systems Requirements - Senior-level experience (7+ years) in privacy, security, and product architecture with accountability for governance and risk decisions. - Demonstrated hands-on leadership of PIA/DPIA/TPRA and privacy-by-design assessments for AI/ML systems and enterprise data platforms. - Strong security engineering foundation including secure SDLC, application and product security, and threat and risk assessment methodologies. - Proven track record leading cross-functional projects with multiple stakeholders; familiarity with project management tools (e.g., Jira, Asana, MS Project) is required. Benefits - Base salary for this position is $171,200 - $244,500. - All regular full-time employees are eligible for an annual bonus; payout is dependent upon individual and company performance. - Employees receive paid time-off, medical, dental, and vision benefits, life and supplemental insurance, short-term and long-term disability, flexible spending account, and 401k retirement plan to create a rich Total Rewards package.

United States
$171.2K - $244.5K / year
Entrust logo

Sr. Security Compliance Analyst

Entrust

We are an innovative leader in identity-centric security solutions, providing integrated, AI-enabled offerings.

Full TimeRemoteTeam 1,001-5,000H1B Sponsor

Role Description Entrust is seeking a highly skilled Senior Security Compliance Analyst to lead and sustain compliance for multiple PCI DSS environments while supporting the maturity and execution of our SOC 2 program. This role is responsible for designing and executing continuous compliance monitoring activities, identifying gaps and leading associated remediation efforts, planning and leading third-party audits, and measuring control effectiveness across cloud-based, on-prem and hybrid environments. The ideal candidate brings deep PCI DSS expertise, strong SOC 2 familiarity, and modern GRC experience that enable scalable, automated, and evidence-driven compliance operations. This position partners closely with Security, Engineering, Product, and third-party providers to ensure controls are designed effectively, operating consistently, and aligned to business, statutory and regulatory expectations. How You Will Make an Impact - Lead and support end-to-end compliance efforts across multiple environments, including readiness assessments, audits, and continuous monitoring activities to ensure sustained security posture and audit readiness. - Responsibilities include, but are not limited to: - Leading PCI DSS compliance-related activities and certification; - Supporting the evolution and execution of the SOC 2 program, including control design, testing, and evidence collection; - Maintaining required evidence artifacts and ensuring traceability of evidence; - Interpreting and operationalizing security and compliance requirements into actionable control activities for engineering and operations; - Serving as SME for PCI DSS and SOC 2 compliance, advising internal teams and customers; - Partnering with control owners to ensure controls meet PCI DSS requirements and Trust Services Criteria (Security, Availability, Confidentiality, etc.); - Supporting external audits by preparing evidence, responding to auditor requests, coordinating audit activities, and tracking remediation; - Driving coordination with third parties (e.g., service providers, hosting partners) to ensure shared control alignment; - Ensuring audit readiness through continuous proactive gap assessments and control testing throughout the year; - Identifying, assessing, and communicating compliance and security risks to stakeholders; - Identifying, tracking, and driving closure of audit findings and control deficiencies; - Contributing to the development and maintenance of security policies, standards, and procedures. Qualifications - 5+ years in security compliance, audit, or GRC with a strong understanding of administrative, technical, and physical controls, including how they support one another. - Hands-on technical and audit experience with PCI DSS and SOC 2 compliance. - Ability to work across multiple time zones with virtual global teams. - Strong technical understanding of: - Cloud environments and shared responsibility models; - Access control, change management, logging and alerting, and vulnerability management and other security domains; - Experience working in SaaS or cloud-native environments; - Experience working cross-functionally with engineering and infrastructure teams. - Must be a US citizen. Preferred Qualifications - Experience supporting multiple compliance frameworks (PCI DSS, PCI CP, SOC 2, FedRAMP, ISO 27001, etc.). - Experience with modern GRC platforms and control automation. - Familiarity with continuous compliance / continuous monitoring models. - Certifications such as: CISSP, CISA, CISM, CRISC, PCI ISA/QSA/PCIP (preferred but not required). Benefits - Comprehensive health and well-being programs which include medical, vision, dental; - A generous 401(k) matching contribution; - Life and disability insurance; - Mental health coaching; - Virtual fitness programs; - Paid personal time off plus 12 paid holidays; - Parental leave and education reimbursement. Compensation Range The anticipated starting base pay for this position is: $119,078-$174,648 per year (in the primary posting location). Actual compensation will be determined based on geographic location, education, skills and experience. This position is also eligible for the company’s discretionary annual incentive plan. Ready to Make an Impact? If you’re excited by the prospect of innovating, growing your career, and collaborating in a dynamic environment, Entrust is the place for you. Join us in making a difference. Let’s build a more secure world—together. Apply today!

United States
$119.1K - $174.6K / year