Remote Technology Researcher

At ServiceNow, our technology makes the world work for everyone, and our people make it possible.

We move fast because the world cant wait, and we innovate in ways no one else can for our customers and communities...

By joining ServiceNow, you are part of an ambitious team of change makers who have a restless curiosity and a drive for ingenuity. We dream big together, supporting each other to make our individual and collective dreams come true.

With more than 7,700+ customers, we serve approximately 85% of the Fortune 500, and we're proud to be one of FORTUNE 100 Best Companies to Work For and World's Most Admired Companies. Learn more on Life at Now blog ( and hear from our employees ( about their experiences working at ServiceNow. At ServiceNow, we are committed to creating an inclusive environment where all voices are heard, valued, and respected. The Security Research team produces investigative reports that drive a reduction in operational security risk.

Paired with a toolkit of code/program and dynamic environmental analysis skills, Security Research provides guidance on primary security controls, best practices, and product enhancement. Exploration techniques focus on problems broadly, measuring product insecurity across ServiceNows cloud environment. A goal of the Security Research team is to continually improve ServiceNows cloud security reputation.

• *As a Security Researcher, youll be responsible for security auditing of ServiceNow products and researching the nuances of securing SaaS platforms, together with other members of the Security Research team. This will require an in-depth knowledge of various approaches to application auditing including secure code review, static analysis, debugging, dynamic web application analysis and threat modeling. Youll work closely with product engineering teams to assist with providing investigative reports for remediation and platform roadmap planning.
• *Perform software auditing services to discover, communicate, and recommend remediation activities for software vulnerabilities, including: + Performing tailored software security investigations to identify and report on areas and sources of risk
• Devising actionable, tailored remediations and recommendations focused on reducing risk
• Proactively research attack vectors that may affect ServiceNow
• Perform public-facing research demonstrating technical security expertise, such as through blog posts, technical security advisories, open-source code publication, and whitepapers
• Work with engineering teams on platform roadmap planning
• *3-4 years of experience of web application security auditing including code review
• Strong verbal and written communication skills with an emphasis on application remediation processes
• Experience in security auditing and code review of Java and JavaScript
• Developer-level proficiency in at least one language
• Python, Java, and JavaScript preferred
• Strong understanding of web application security assessment techniques
• In-depth knowledge of common web application vulnerabilities (OWASP Top Ten)
• Experience in software and SaaS platform threat modeling strongly preferred
• Knowledge of software supply chain risk and mitigation preferred
• Experience with Python Data Science and Machine Learning frameworks preferred
• Experience with network and system security hardening recommended
• Degree in computer science/engineering, informatics, mathematics/statistics, or equivalent work experience
• Offensive Security OSWE and/or OSCP certification(s) preferred ServiceNow is an Equal Employment Opportunity Employer.

All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status or any other category protected by law. At ServiceNow, we lead with flexibility and trust in our distributed world of work.

Click here ( to learn about our work personas: flexible, remote and required-in-office.

If you require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at talent.acquisition@servicenow.

For positions requiring access to technical data subject to export control regulations, including Export Administration Regulations (EAR), ServiceNow may have to obtain export licensing approval from the U.All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by the U.All genuine ServiceNow job postings can be found through the ServiceNow Careers site ( . Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of, ServiceNow