Lead Software Engineer - ServiceNow (Cybersecurity)
Indexed description
- Experience leading design and development of ServiceNow SecOps solutions, including Security Incident Response (SIR), Major Security Incident Management (MSIM), and Service Catalog capabilities.
- Preferred experience leading design and development of Vulnerability Response / Unified Security Exposure Management (USEM) capabilities.
- Serve as technical lead and subject matter expert for ServiceNow SecOps, establishing and promoting best practices across cybersecurity operations workflows and platform implementations.
- Architect and implement end-to-end cybersecurity workflows, including incident intake, triage, investigation, containment, remediation, and closure processes.
- Design and maintain SIR workflows to support detection, enrichment, correlation, and response for security incidents.
- Lead implementation and optimization of USEM / Vulnerability Response processes, including vulnerability ingestion, prioritization, assignment, remediation tracking, and reporting.
- Integrate ServiceNow SecOps modules with external cybersecurity tools (e.g., SIEM, scanners, threat intelligence platforms) to enable automated data ingestion and response.
- Define and enforce cybersecurity workflow standards, including data models, severity/priority frameworks, SLAs, documentation standards, and audit requirements.
- Provide hands-on mentorship and technical coaching to engineers on ServiceNow SecOps development, scripting, workflow design, and documentation practices.
- Lead code reviews, design sessions, and troubleshooting efforts to ensure high-quality, secure, and scalable implementations.
- Partner with cybersecurity, risk, and infrastructure teams to align platform capabilities with enterprise cybersecurity strategy and policies.
- Configure and manage assignment groups, escalation paths, and approval processes for cybersecurity incidents, vulnerabilities, and commensurate operations.
- Drive adoption of automated response and orchestration patterns to reduce manual effort and improve response times.
- Ensure solutions meet security, compliance, and regulatory requirements, including auditability, traceability, and data protection standards.
- Oversee workflow performance and operational metrics (e.g., mean time to detect/respond, SLA adherence, remediation timelines) and drive continuous improvement.
- Support development and enhancement of Service Catalog items for security services, enabling standardized intake and request fulfillment.
- Collaborate with product owners, architects, and stakeholders to translate security requirements into scalable, technical solutions within Agile delivery practices.
- Contribute to platform strategy and roadmap, including expansion of ServiceNow SecOps capabilities and reduction of fragmented tooling.
- Communicate technical designs, risks, and decisions clearly to technical and non-technical stakeholders, including leadership during major incidents.
- Promote a culture of security-first engineering, continuous improvement, knowledge sharing, and Agile execution across the team.
- Produce professional documentation, commensurate with work efforts, following SDLC best practices.
- Associate’s degree and a minimum of 7 years’ systems analysis and/or application development work experience or Bachelor's degree and a minimum of 5 years' systems analysis and/or application development work experience. In lieu of a degree, a combined minimum of 9 years’ education and/or relevant work experience, including a minimum of 5 years’ systems analysis and/or application development work experience
- Expert proficiency in at least one programming language and professional proficiency in at least one additional programming language, with hands-on experience in ServiceNow platform development (server-side and client-side scripting)
- Extensive experience developing and implementing ServiceNow SecOps solutions, including Security Incident Response (SIR), Vulnerability Response / Unified Security Exposure Management (USEM), and Service Catalog
- Proven experience designing and delivering complex security workflows, including incident triage, investigation, escalation, containment, remediation, and closure processes
- Strong understanding of cybersecurity concepts, including incident response lifecycle, vulnerability management, threat detection, and risk-based prioritization of issues
- Experience integrating ServiceNow with security tools (e.g., SIEM, vulnerability scanners, SOAR platforms) to support automated ingestion, enrichment, and response workflows
- Experience designing and implementing workflow-based solutions with approvals, SLAs, escalation paths, task orchestration, and lifecycle management
- Strong understanding of ServiceNow platform architecture, data model, and best practices for secure and scalable implementations
- Experience leading development efforts and guiding implementation of reusable, automated, and scalable security process solutions
- Experience with source control, CI/CD pipelines, and deployment processes aligned to SDLC and security/compliance requirements
- Strong ability to translate cybersecurity and business requirements into secure, scalable, and maintainable technical solutions
- Advanced troubleshooting and debugging skills within ServiceNow SecOps or similar security and workflow platforms
- Expert analytical and problem-solving skills specific to cybersecurity, incident response, and vulnerability management
- Proven experience leading technical initiatives and delivering complex security workflow solutions across multiple teams
- Experience mentoring and coaching engineers on ServiceNow SecOps development, security workflows, and platform best practices
- Experience designing enterprise-scale security workflow architectures, including major incident management (MSIM), incident escalation, and coordinated response processes
- Strong experience partnering with cybersecurity, risk, infrastructure, and application teams to implement integrated security solutions
- Experience implementing automated response and orchestration patterns (e.g., SOAR integrations, automated remediation workflows)
- Familiarity with security frameworks, regulatory requirements, and audit practices (e.g., incident tracking, evidence collection, traceability)
- Experience working with vulnerability management programs, including prioritization, SLA tracking, and remediation lifecycle management
- Strong organizational, time management, and advanced communication skills, including ability to present to both technical and non-technical stakeholders
- Experience driving adoption of standards, automation, and secure engineering practices across teams
- ServiceNow Certified System Administrator (CSA)
- ServiceNow Certified Application Developer (CAD)
- ServiceNow Certified Implementation Specialist – Security Incident Response (CIS-SIR)
- ServiceNow Certified Implementation Specialist – Vulnerability Response (CIS-VR) or equivalent (USEM-aligned)
- ServiceNow Certified Implementation Specialist – IT Service Management (CIS-ITSM)
- Security certifications such as CISSP, CISM, CEH, or Security+
- Automation / SOAR or cloud security-related certifications
- Competitive compensation
- Health, welfare, and retirement benefits
- 401(k) match at 5%
- Work-life balance and flexible work arrangements
- Banking Officers start with 25 days PTO plus 12 paid holidays
- 40 hours paid volunteer hours per year
- Much more. For details, see: M&T Benefits Overview
Location
Buffalo, New York, United States of America
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search