ServiceNow provides cloud-based services that automate enterprise information technology operations. As an employer, ServiceNow offers a challenging, collaborat
Sr Product Security Engineer
Location
Israel
Posted
1 day ago
Salary
0
Seniority
Senior
Job Description
Sr Product Security Engineer
ServiceNow
Company Description It all started when engineer Fred Luddy wrote code that automated a tedious task for his coworker, Phyllis. She cried tears of joy. That moment inspired Fred to build a company that could do that for everyone-freeing people from busywork so they could focus on meaningful work. Today, ServiceNow is the AI control tower for business reinvention. Our ServiceNow AI platform brings together any AI, any data, and any workflow- helping 85% of the Fortune 500® work smarter, faster, and better. We're building an AI-native culture where technology and talent are unstoppable together. And we're just getting started. Join us to put AI to work for people. Job Description What you get to do in this role: ServiceNow's Product Security organisation is building a dedicated Security R&D function - a software engineering team that builds security capabilities with the same engineering standards as ServiceNow's product organisation. We are looking for a Senior Security Engineer to join this team as a core builder. Security R&D operates in two complementary modes: open contribution to product engineering - writing code alongside product teams where security expertise adds value - and developing its own security capabilities, including internal tooling, externally facing product features, AI-powered security automation, and third-party integrations. This is a new team being stood up in Petah Tikva, Israel, co-located with ServiceNow's AI Security Research team. You will be part of the founding engineering team, with the opportunity to shape the technical culture from the ground up. This role reports to the Sr. Engineering Manager, Security R&D. What You Will Do Write Code That Secures the Platform - Develop security tooling, automation, and services as part of the Security R&D team's core engineering output. - Contribute code to ServiceNow product engineering codebases, working alongside product teams to embed security capabilities directly into the platform. - Build integrations with AI-powered services - both in-house and third-party - to automate and scale security workflows. - Write clean, tested, production-quality code that meets enterprise standards for reliability and performance. Collaborate and Learn - Work alongside senior engineers and the AI Security Research team, learning the security domain while contributing strong software engineering fundamentals. - Participate in code reviews, design discussions, and sprint ceremonies, contributing to the team's engineering culture from day one. - Partner with product engineering teams during open contribution engagements, building relationships through quality work. Grow Your Impact - Develop deep expertise in security engineering and AI security as a member of a team that operates at the cutting edge of both fields. - Take increasing ownership of components and features as you ramp up, with a clear path to broader technical leadership. - Stay curious about emerging AI/ML technologies and contribute ideas for how Security R&D can leverage them. What Makes This Role Unique - Builder-led culture: Security R&D is defined by engineering output, not advisory reviews. We build production security capabilities with the same discipline as product engineering. - Dual operating model: The team both contributes directly to product engineering and develops its own security products and services. - Platform advantage: ServiceNow owns the entire stack - runtime, ACLs, data layer, workflow engine. You will build security capabilities that no external vendor can replicate. - Founding team: This is a new team being built from scratch. You will shape its engineering culture, technical standards, and identity from day one. - AI intersection: The role sits alongside the AI Security Research team, placing you at the frontier of securing AI systems at enterprise scale. Qualifications To be successful in this role, you have: - 5+ years of professional software engineering experience building production systems. - Bachelor's degree in Computer Science, Engineering, or a related technical field. - Strong hands-on proficiency in Python and Java. You are a software engineer first - writing production code is what you do. - Solid understanding of software engineering fundamentals: data structures, algorithms, system design, testing, and CI/CD practices. - Experience building services or applications in cloud environments with an understanding of scalability and reliability principles. - Collaborative mindset - you thrive in team environments, contribute to shared codebases, and communicate effectively with other engineers. - Passion for next-generation AI technologies and a desire to work at the intersection of software engineering and security. Deep security or AI expertise is not required - we will invest in your growth in both areas. Preferred - Any exposure to security concepts - application security, secure coding practices, vulnerability management, or security tooling. - Familiarity with AI/ML concepts, LLMs, or experience integrating AI services into applications. - Experience with container/Kubernetes environments or cloud-native development (AWS preferred). - Experience in a SaaS or enterprise software environment. - Demonstrated learning agility - a track record of quickly ramping up in new technical domains. Additional Information Work Personas We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here . To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service. Equal Opportunity Employer ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. Accommodations We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance. Export Control Regulations For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. From Fortune. ©2026 Fortune Media IP Limited. All rights reserved. Used under license. .
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Information Systems Security Manager
Tetra TechEstablished in 1996, Tetra Tech is a global provider of consulting, technical, and engineering services and employs a diverse team of scientists, engineers, con
Title: Information Systems Security Manager (ISSM) Location: San Antonio United States Job Description: Position Summary: Segue Technologies is seeking an Information Systems Security Manager (ISSM) to support an Authorization to Operate (ATO) effort on a U.S. Air Force Salesforce program. Candidates will lead controls definition, documentation, evidence collection, and interface with government stakeholders to support approval activities. This is a full-time remote position; occasional travel may be required (<10%). This position is contingent upon contract award. Job Duties and Responsibilities: - Own RMF controls documentation and evidence submission for the program ATO package, inheriting from an existing platform-level SIA. - Define and document security controls applicable to a Salesforce Government Cloud Plus Defense (IL-5/Hyperforce Gov) environment. - Coordinate with government counterparts on control review, approval gates, and ATO milestones. - Support continuous monitoring requirements and prepare artifacts for AO review. - Identify control gaps and work with the engineering team to remediate findings. Required Skills : - Bachelor’s Degree or equivalent and 5+ years of related experience. - 5+ years of cybersecurity / RMF experience on DoD programs. - Direct experience with DoD RMF (NIST 800-53, eMASS or equivalent ATO tooling). - Ability to communicate technical controls requirements to both government stakeholders and engineering teams. - Demonstrated ability to make decisions by assessing the situation to determine the importance, urgency, and risks, and making clear decisions which are timely and in the best interest of the organization. - Experience obtaining ATO(s) for modern, cloud-based SaaS in DoD/W required, Salesforce-specific ATO experience preferred. - Strong familiarity with Federal compliance standards such as NIST 800-53, FIPS, FedRAMP. - IAT Level II Certification required (CompTIA Security+, GSEC, SSCP, or CCNA-Security) OR Active Security +, CAP, CASP or CISSP certification - Must hold or be able to pass a Federal Background investigation to obtain a T1 (also known as Public Trust or NACI). Additional Desired Skills : - Salesforce experience - Familiarity with aircrew LMS systems (PEX, GTIMS, Puckboard) - Active DoD Secret Clearance (ability to obtain) Our compensation package includes: Competitive Annual Salaries, Rewards and Recognition Program, Employee Stock Purchase Plan, Time Off with Pay (MyFlex Time) that Increases with Seniority, Life and Disability Insurance, 401K Retirement Plan with Employer Contribution, Dental, Vision, and Health Insurance, Flexible Spending Account, Tuition and Training Reimbursement. Segue Technologies is a wholly owned subsidiary of Tetra Tech, Inc. Segue is based out of Arlington, VA, with a presence in over 14 states and DC. We support Federal and DoD organizations to develop and enhance mission-critical business systems. We provide custom software applications, solve data management problems, and support the evolution of the mobile workforce. Segue Technologies, Inc. is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. Additional Information - Organization: 132 SEG - Requisition #13200000109
• Act as an Okta SME, providing guidance on identity security, Zero Trust, governance, authentication and authorisation strategies. • Lead discovery workshops, identity assessments, architecture reviews and solution design sessions. • Design and deliver proof-of-concepts, demonstrations and presentations for technical and executive stakeholders. • Translate business, security and compliance requirements into scalable identity solutions. • Design and support solutions across SSO, MFA, Lifecycle Management, Identity Governance, Privileged Access, Auth0 and Identity Threat Protection. • Develop architecture documentation, implementation guides and customer-facing technical artefacts. • Support pre-sales activities, technical responses, implementation planning and service development initiatives. • Contribute to repeatable service offerings including Identity Assessments, Identity Modernisation programs, Governance Reviews, Identity Health Checks and Zero Trust roadmaps.
Staff Product Marketing Manager – Quantum Networking, Security
IonQOur mission: to build the world’s best quantum computers to solve the world’s most complex problems.
• Own, define, and evolve the narrative, positioning, and messaging for Quantum Networking & Security products across customer segments and buyer personas • Lead go-to-market strategy and launch execution across Quantum Networking & Security products • Partner closely with product management and technical leadership to influence launch prioritization and roadmap communication • Develop and maintain customer-facing and internal content, including messaging frameworks, thought leadership, web copy, sales enablement assets, case studies, and solution narratives • Own and continuously evolve Quantum Networking & Security AI-enabled go-to-market systems • Leverage AI-enabled workflows to accelerate content creation • Drive cross-functional alignment across product, engineering, sales, corporate marketing, and enablement • Own competitive and market intelligence tracking competitors, market shifts, trends, and emerging category dynamics • Serve as the voice of the customer within the organization • Partner with sales enablement to support battle cards, objection handling, training materials, demos, and strategic deal support for complex enterprise and government opportunities • Support the development of scalable product marketing processes, frameworks, and operational infrastructure as the Quantum Platform organization grows.
Information System Security Manager
Koniag Government Services, LLCKoniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies.
Role Description Koniag IT Systems, LLC, a Koniag Government Services company, is seeking an experienced Information System Security Manager (ISSM) to join a team supporting Identity, Credential, and Access Management (ICAM) solutions built on the Okta platform for our government customers. The ideal candidate is a seasoned cybersecurity professional with a strong background in information system security management, risk management frameworks, and hands-on familiarity with Okta-based identity and access management solutions in a federal environment. This individual will serve as the primary security authority for Okta-based ICAM systems, ensuring that all security requirements, compliance obligations, and risk management activities are effectively planned, implemented, and maintained. The Okta ISSM will serve as the primary information system security authority for Okta-based ICAM systems and solutions operating within a federal government environment. This individual will be responsible for managing all aspects of the information security program for assigned systems, including: - Authorization and accreditation activities - Continuous monitoring - Risk management - Security compliance Principal responsibilities will include but are not limited to: - Serve as the primary ISSM for Okta-based ICAM systems, maintaining responsibility for the overall security posture, compliance, and risk management of assigned information systems. - Lead and manage the Authority to Operate (ATO) process for Okta-based ICAM systems, including the development, maintenance, and submission of all required security documentation such as System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessment Reports (RARs), and Plans of Action and Milestones (POA&Ms). - Implement and manage the NIST Risk Management Framework (RMF) across all phases of the system lifecycle for assigned Okta-based ICAM systems, including categorization, security control selection, implementation, assessment, authorization, and continuous monitoring. - Develop, maintain, and enforce information security policies, procedures, and standards for Okta-based ICAM systems in alignment with federal requirements and organizational directives. - Conduct and oversee continuous monitoring activities, including regular security control assessments, vulnerability scans, log reviews, and security audits of Okta environments. - Review and assess Okta platform configurations, authentication policies, access controls, and integration settings to ensure alignment with security baselines and federal security standards. - Collaborate with Okta administrators and ICAM engineers to identify and remediate security vulnerabilities, misconfigurations, and compliance gaps within the Okta environment. - Manage and track POA&Ms to ensure timely and effective remediation of security findings and vulnerabilities identified through assessments, audits, and continuous monitoring activities. - Review, assess, and approve or deny change requests affecting the security posture of Okta-based ICAM systems, participating in change management processes and change control boards (CCBs) as required. - Coordinate with the Authorizing Official (AO), Information System Security Officers (ISSOs), and other security stakeholders to communicate system security status, risks, and recommendations. - Support incident response activities related to Okta-based ICAM systems, including security event investigation, containment, remediation, and after-action reporting. - Develop and deliver security awareness and training materials related to Okta ICAM security requirements and best practices for system users and administrators. - Ensure compliance with applicable federal laws, regulations, and policies, including FISMA, FedRAMP, OMB Circulars, and agency-specific security directives. - Maintain accurate and up-to-date system security documentation and artifacts within designated governance, risk, and compliance (GRC) tools. - Provide security guidance and recommendations to program managers, system owners, and technical teams on matters related to Okta ICAM security architecture and design. Qualifications - Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field from an accredited college or university; equivalent work experience may be considered in lieu of a degree. - 5+ years of experience in information system security management, cybersecurity, or a related field within a federal government IT environment. - 3+ years of experience working with the NIST Risk Management Framework (RMF) and supporting ATO processes for federal information systems. - Demonstrated familiarity with Okta or comparable identity and access management platforms. Requirements - Active Secret Clearance required. - Exceptional communication skills in English – both written and oral – with the ability to communicate complex security concepts effectively to both technical and non-technical audiences, including senior government leadership and authorizing officials. - Deep knowledge and hands-on experience implementing the NIST Risk Management Framework (RMF), including all phases from system categorization through continuous monitoring. - Demonstrated experience developing and maintaining federal security documentation, including SSPs, SARs, RARs, POA&Ms, and contingency plans. - Strong understanding of federal information security laws, regulations, and policies, including FISMA, FedRAMP, NIST SP 800-53, NIST SP 800-37, and OMB Circulars. - Familiarity with Okta platform capabilities, including SSO, MFA, Universal Directory, Lifecycle Management, and API Access Management, and the ability to assess their security configurations against established baselines. - Knowledge of ICAM frameworks and federal identity management standards, including FICAM, NIST SP 800-63, and Zero Trust Architecture principles. - Experience conducting or overseeing continuous monitoring activities, including vulnerability scanning, log analysis, and security control assessments. - Strong understanding of information security concepts including access control, authentication, encryption, audit logging, and incident response. - Experience managing and tracking POA&Ms and coordinating remediation activities with technical teams. - Ability to assess and communicate security risks, develop risk mitigation strategies, and brief findings to government stakeholders and authorizing officials. - Experience participating in change management processes and evaluating the security impact of proposed changes to information systems. - Proficiency with governance, risk, and compliance (GRC) tools such as XACTA, eMASS, or equivalent platforms. - Demonstrated ability to manage multiple priorities and work effectively in a fast-paced, team-oriented environment. Desired Skills and Competencies - Experience serving as an ISSM or ISSO for cloud-hosted or SaaS-based federal information systems, particularly those leveraging FedRAMP-authorized platforms. - Okta Certified Administrator, Okta Certified Professional, or equivalent Okta certification. - Hands-on experience administering or supporting Okta environments, including configuration review and security hardening. - Familiarity with additional ICAM platforms such as SailPoint, CyberArk, Ping Identity, or ForgeRock and their associated security considerations. - Experience supporting or leading FedRAMP authorization processes for cloud-based systems. - Knowledge of Privileged Access Management (PAM) concepts and associated security requirements. - Understanding of PIV/CAC authentication and its integration within federal ICAM architectures. - Experience with SIEM platforms and security monitoring tools for detecting and investigating identity-related security events. - Familiarity with Zero Trust Architecture implementation and its intersection with ICAM security requirements. - Certified Information Systems Security Professional (CISSP) certification. - Certified Information Security Manager (CISM) certification. - CompTIA Security+ or equivalent certification. - Experience with cloud security frameworks and the security considerations associated with AWS, Azure, or Google Cloud environments. - Familiarity with DevSecOps practices and the integration of security requirements into CI/CD pipelines involving identity services. Benefits - Competitive compensation - Extraordinary benefits package including health, dental, and vision insurance - 401K with company matching - Flexible spending accounts - Paid holidays - Three weeks paid time off - And more



