ServiceNow Vulnerability Response (VR) Architect
VDart
AnywherePosted 20 hours ago
Job Title: ServiceNow Vulnerability Response (VR) Architect
Location: Seattle, WA (Remote)
Role Summary:
The ServiceNow Vulnerability Response Architect defines the overall technical and functional architecture for ServiceNow’s Vulnerability Response (VR) within the broader GRC/IRM ecosystem. This role ensures the solution is scalable, OOTB‑aligned, CMDB‑integrated, and ready for enterprise‑level integrations with vulnerability scanners, ITSM, and security tools.
Key Responsibilities:
Define the VR solution architecture and data flow for ingestion, prioritization, tracking, and remediation.Design the vulnerability ingestion, grouping, and remediation framework, including workflows, approvals, and integration points (e.g., Tenable, Qualys, Rapid7, Splunk).Define risk models, scoring logic, and SLA strategy based on CVSS, business criticality, threat intelligence, and CMDB‑derived context.Ensure CMDB alignment and CI attribution strategy so every vulnerability is tied to the right configuration item (CI), service, and business function.Guide developers and configuration teams on best‑practice VR configuration patterns (e.g., scoped apps, data models, automation, integrations).Review and approve technical design documents, configuration changes, and integration designs to maintain platform standards and security posture.Collaborate with GRC, IRM, ITSM, and security teams to ensure VR aligns with governance, risk, and compliance requirements.
Mandatory Skills:
ServiceNow CMDB – Deep experience linking vulnerabilities to CIs, services, and business assets.ServiceNow GRC/IRM – Strong understanding of Governance, Risk, and Compliance (GRC) and Integrated Risk Management (IRM) applications, including risk scoring, SLAs, and remediation workflows.Vulnerability Response (VR) Architecture – Hands‑on experience designing and implementing ServiceNow VR solutions.Integration & Automation – Experience with vulnerability‑scanner integrations, REST APIs, data ingestion pipelines, and automated remediation workflows.Security & Risk Modeling – Familiarity with risk‑based vulnerability management, CVSS, and business‑impact‑based prioritization.
Nice‑to‑Have Skills:
Experience with ServiceNow SecOps, Security Incident Response, or Threat Intelligence modules.Prior experience implementing GRC/IRM modules (Risk Management, Policy & Compliance, Vendor Risk Management).Working knowledge of security operations (SecOps), SOC, and vulnerability scanner ecosystems.Strong stakeholder‑management and communication skills for bridging security and IT leaders.
