10+ Best Remote Cyber Security Jobs (Hiring Now)

DESCRIPTION

Vault Health is a leading virtual-first healthcare platform that specializes in delivering remote diagnostics and specialty care to consumers directly, through their employers, and through their local public health agencies. Vault also leverages its virtual platform to facilitate decentralized clinical trials for companies in the Pharmaceutical and Biotech industries. Vault is a leading provider of at-home FDA-approved COVID-19 testing in the U.S., whose solution has been deployed to numerous local and state governments, airlines, universities, professional athletic teams, companies, and organizations. Today, Vault employs more than 500 employees across the country and expects to continue growing as we expand our products and services.

About the Opportunity

This is a 100% remote position. 

• Architects, designs, implements, maintains and operates information system security controls and countermeasures; supervises and trains operators in the administration of these systems; documents the operation, use, and expected outputs of these systems.
• Analyzes and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems, and provides oversight to ensure compliance.
• Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and provides oversight to ensure compliance.
• Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends to IT or executive management.
• Oversees the response to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; engages, interacts and coordinates with third-party incident responders, including law enforcement.
• Oversees the administration of authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets.
• Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; oversees risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments.
• Analyzes and oversees the development of information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.
• Oversees the development and administration of information security training and awareness programs.
• Works closely with Engineering and DevSecOps to design best practice and implementation to Cloud Security

About You

• 8 - 10 years years of experience in Information Security/Cyber Security with 3 years in Security Architect role
• 5-7 years experience designing and implementing security controls for single web architect
• Strong experience interacting with DevSecOps team members, working in agile, rapid CI/CD programs, and technologies including microservices, containerized deployments and multiple data sources and repositories
• AWS experience preferred, familiarity with ECS, EKS, Kubernetes is a bonus
• Extensive experience in SAAS
• Experience with HIPAA and SOC2, NIST is a plus
• Experience in Healthcare or other highly regulated industries 
• Bachelors' Degree in Info Sec, Cyber Security or Comp Sci, master's degree preferred
• SANS certification-  ISC2 certification highly desired

Vault Health is an equal opportunity employer. All applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, national origin, age, disability, or veteran status.

LOCATIONS

Anywhere

Apply for this job

DESCRIPTION

Vault Health is a leading virtual-first healthcare platform that specializes in delivering remote diagnostics and specialty care to consumers directly, through their employers, and through their local public health agencies. Vault also leverages its virtual platform to facilitate decentralized clinical trials for companies in the Pharmaceutical and Biotech industries. Vault is a leading provider of at-home FDA-approved COVID-19 testing in the U.S., whose solution has been deployed to numerous local and state governments, airlines, universities, professional athletic teams, companies, and organizations. Today, Vault employs more than 500 employees across the country and expects to continue growing as we expand our products and services.

About the Opportunity

We're looking for a Sr. Associate of Product Security (fully remote) to join our team. You'll perform various functions, including being responsible for the overall implementation of security cloud architecture in an organization. You'll also help to improve and develop new designs and security strategies across all types of cloud-based applications (including infrastructure, platform, and software as a service).

Responsibilities:

• Designs, develop and implements new cloud security technologies to support business and technology solutions    
• Review and assess the current supported tools, apps and processes to determine gaps for meeting the needs of the stakeholders
• Design and implement changes to existing security tools, applications and processes based on changes in scope or needs
• Create process documents for operations, maintenance and integrating output from these tools into daily security operations
• Responsible for the thorough documentation of implementations, via technical documentation and run-books
• Responsible for input and feedback on security architectures
• Apply adept understanding and experience with systems automation platforms and technologies
• Partake in efforts that shape the organization’s security policies and standards for use in cloud environments
• Interpret security and technical requirements into business requirements and communicate security risks to relevant stakeholders ranging from business leaders to engineers
• Assist and influence multi-disciplinary teams in implementing and operating Cyber Security controls
• Collaborate with application developers and database administrators to deliver creative solutions to difficult technology challenges and business requirements
• Execute security architectures for product & platform systems; execute integration with monitoring/alerting systems.
• Responsible for automating security controls, data and processes to provide improved metrics and operational support
• Employ cloud-based APIs when suitable to write network/system level tools for safeguarding cloud environments
• Stay abreast of emerging security threats, vulnerabilities and controls
• Spot and execute new security technologies and best practices into the company’s product and platform offerings

About You

Qualifications:

• Bachelor’s degree in Computer Science, Electrical/Electronic Engineering, Information Technology or another related field
• 3 years experience in security 
• AWS security, CCSK or similar certifications 

Vault Health is an equal opportunity employer. All applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, national origin, age, disability, or veteran status.

LOCATIONS

Anywhere

Apply for this job

DESCRIPTION

This Senior Security Engineer, Trust and Safety position is 100% remote.

It’s an exciting time to join our team. We're the world’s largest all-remote company, and we've been intentionally building our culture this way from the start. With more than 1,200 team members in 65+ countries, GitLab is a place where you can contribute from almost anywhere. We are an ambitious, productive team that embraces a set of shared ​values​ in everything we do.

The Trust & Safety team are the guardians of the anti-abuse world, who develop the tools and manage the workflows to mitigate abusive activity on GitLab.com with the goal of making the internet a safer place. In order to achieve this we must ensure that we are good internet citizens.

The culture here at GitLab is something we’re incredibly proud of. Some of the benefits you’ll be entitled to vary by the region or country you’re in. However, all GitLab team members are fully remote and receive a "no ask, must tell" paid-time-off policy, where we don’t count the number of days you take off annually -- instead, we focus on your results. You can work the hours you choose, enabled by our asynchronous approach to communication. In addition, you'll have $10k USD per year to go towards your growth and development.

You can also expect stock options and a competitive salary. Our compensation calculator will be shared with selected candidates before any interview.

Diversity, Inclusion, and Belonging (DIB) are fundamental to the success of GitLab. We want to infuse DIB in every way possible and in all that we do. We strive to create a transparent environment where all team members around the world feel that their voices are heard and welcomed. We also aim to be a place where people can show up as their full selves each day and contribute their best. With more than 100,000 organizations using GitLab, our goal is to have a team that is representative of our users.

What you'll do in this role

• Triage and respond to Trust and Safety related incidents originating from GitLab.com
• Assess and integrate new tools and technologies, particularly open-source, in order to improve our operational efficiencies
• Assist with training and onboarding of new team members
• Assist with operational tasks if needed. Examples Include: Processing abuse reports, mitigating active and/or ongoing abusive activity
• Develop systems to detect abusive activity on GitLab.com
• Code reviews related to Trust and Safety tooling
• Identify possible new abuse vectors and communicate them to the relevant stakeholders
• Utilize log ingestion platforms for analyzing and identifying the tactics, techniques and patterns of abusive users
• Contribute to the creation of documentation and runbooks
• Contribute to the production and tuning of anti-abuse detection and mitigation tooling
• Triage and handle escalated issues independently
• Conduct architecture reviews on Trust and Safety tooling/systems
• Interview security candidates during the hiring process*

You should apply if you bring:

• Significant professional experience in Software Engineering with some experience in web or cloud security or abuse detection
• A minimum of 2 years experience working with incident response
• Excellent written and verbal communication skills
• Capability to build working relationships with key stakeholders
• Experience with operating system internals, web applications and browser security
• Experience using log analysis platforms such as ELK, BigQuery, etc
• Familiarity with Google Cloud Platform (GCP), AWS, and/or Azure

Also, we know it’s tough, but please try to avoid the ​​confidence gap​.​​ You don’t have to match all the listed requirements exactly to be considered for this role.

Our hiring process for this Senior Security Engineer, Trust and Safety position typically follows four stages. The details of this process and our leveling structure can be found on our job family page.

Remote-APAC

Country Hiring Guidelines

Please visit our Country Hiring Guidelines page to see where we can hire.

LOCATIONS

Anywhere

Apply for this job

DESCRIPTION

This Security Engineer, Incident Response, or Senior Security Engineer, Incident Response position is 100% remote.

It’s an exciting time to join our team. We're the world’s largest all-remote company, and we've been intentionally building our culture this way from the start. With more than 1,200 team members in 65+ countries, GitLab is a place where you can contribute from almost anywhere. We are an ambitious, productive team that embraces a set of shared ​values​ in everything we do.

As a Security Engineer in our Security Incident Response Team, you'll be at the forefront of our security. You'll maintain a safe and secure operating environment for our organization, respond to active security incidents, and build & maintain the tools we use to detect and respond to emerging threats.

The culture here at GitLab is something we’re incredibly proud of. Some of the benefits you’ll be entitled to vary by the region or country you’re in. However, all GitLab team members are fully remote and receive a "no ask, must tell" paid-time-off policy, where we don’t count the number of days you take off annually -- instead, we focus on your results. You can work the hours you choose, enabled by our asynchronous approach to communication. You can also expect stock options and a competitive salary. Our compensation calculator will be shared with selected candidates before any interview.

Diversity, Inclusion, and Belonging (DIB) are fundamental to the success of GitLab. We want to infuse DIB in every way possible and in all that we do. We strive to create a transparent environment where all team members around the world feel that their voices are heard and welcomed. We also aim to be a place where people can show up as their full selves each day and contribute their best. With more than 100,000 organizations using GitLab, our goal is to have a team that is representative of our users.

What you'll do in this role

• Detect and respond to company-wide security incidents, coordinating cross-functional teams to mitigate and eradicate threats
• Monitor and analyze emerging threats, vulnerabilities, and exploits
• Develop and implement scalable preventative security measures (detection, monitoring, exploitation)
• Incorporate current security trends, advisories, publications, and academic research
• Communicate risks and mitigations across multiple audiences
• Detect and respond to basic security incidents across the organization or GitLab.com
• Implement and monitor security measures for the protection of corporate and production infrastructure
• Utilize log ingestion platform for security analytics and identification of tactics, techniques, and patterns of attackers
• Contribute to the creation of runbooks
• Contribute to the production and tuning of detection rules
• Participate in the Security Engineer On-Call rotation
• Digital forensics & incident response (DFIR)
• Identify and mitigate complex security vulnerabilities before an attacker exploits them

As a Senior Security Engineer, you will also

• Detect and independently respond to security incidents across the organization or GitLab.com
• Conduct proactive threat hunting based on threat intel
• Perform forensic analysis of infected hosts independently
• Analyze network traffic and identify attacker activity
• Mentor other members of the Security Incident Response Team
• Build and maintain scalable log ingestion and analytics platforms and tooling
• Perform root cause analysis (RCA) and incident reviews

You should apply if you bring:

• A minimum of 2 years experience working with incident response
• Good written and verbal communication skills
• Experience using log analysis platforms such as Splunk, ELK, bigquery, etc
• Familiarity with Google Cloud Platform (GCP), AWS, and/or Azure
• A substantial engineering mindset and a desire to utilize automation wherever possible!

If applying as a Senior, you should apply if you bring:

• 5+ years of demonstrated experience in web, cloud security, or system engineering, and/or penetration testing
• A minimum of 2 years experience working with incident response
• Excellent written and verbal communication skills
• Capability to build working relationships with key stakeholders
• Experience with operating system internals and hardening, web application and browser security, and monitoring and intrusion detection

Also, we know it’s tough, but please try to avoid the ​​confidence gap​.​​ You don’t have to match all the listed requirements exactly to be considered for this role.

Our hiring process for this Security Engineer, Incident Response position typically follows six stages. The details of this process and our leveling structure can be found on our job family page.

Remote-North America

Remote-EMEA

Remote-US

Country Hiring Guidelines

Please visit our Country Hiring Guidelines page to see where we can hire.

LOCATIONS

Anywhere

Apply for this job

DESCRIPTION

This Security Analyst, Trust and Safety position is 100% remote.

It’s an exciting time to join our team. We're the world’s largest all-remote company, and we've been intentionally building our culture this way from the start. With more than 1,200 team members in 65+ countries, GitLab is a place where you can contribute from almost anywhere. We are an ambitious, productive team that embraces a set of shared ​values​ in everything we do.

The Trust & Safety team are the guardians of the anti-abuse world, who develop the tools and manage the workflows to mitigate abusive activity on GitLab.com with the goal of making the internet a safer place. In order to achieve this we must ensure that we are good internet citizens.

The culture here at GitLab is something we’re incredibly proud of. Some of the benefits you’ll be entitled to vary by the region or country you’re in. However, all GitLab team members are fully remote and receive a "no ask, must tell" paid-time-off policy, where we don’t count the number of days you take off annually -- instead, we focus on your results. You can work the hours you choose, enabled by our asynchronous approach to communication. In addition, you'll have $10k USD per year to go towards your growth and development.

You can also expect stock options and a competitive salary. Our compensation calculator will be shared with selected candidates before any interview.

Diversity, Inclusion, and Belonging (DIB) are fundamental to the success of GitLab. We want to infuse DIB in every way possible and in all that we do. We strive to create a transparent environment where all team members around the world feel that their voices are heard and welcomed. We also aim to be a place where people can show up as their full selves each day and contribute their best. With more than 100,000 organizations using GitLab, our goal is to have a team that is representative of our users.

What you'll do in this role

• Process abuse reports and DMCA notices relating to GitLab.com
• Contribute to the creation of documentation, runbooks and workflows
• Mitigate detected abusive activity on GitLab.com and it's related products and services
• Manage internal requests from other teams inside and outside the Security Department
• Assit with the creation and updates of runbooks, processes and workflows
• Utilize log ingestion platforms for analyzing and identifying the tactics, techniques and patterns of abusive users

You should apply if you bring:

• A minimum of 2 years experience working in either a Security, Data, or Trust and Safety (anti-abuse) Analyst type role
• Good written and verbal communication skills
• Basic experience using log analysis platforms such as ELK, bigquery, etc
• Familiarity with security and abuse concepts

Also, we know it’s tough, but please try to avoid the ​​confidence gap​.​​ You don’t have to match all the listed requirements exactly to be considered for this role.

Our hiring process for this Senior Security Engineer, Trust and Safety position typically follows four stages. The details of this process and our leveling structure can be found on our job family page.

Country Hiring Guidelines

Please visit our Country Hiring Guidelines page to see where we can hire.

LOCATIONS

Anywhere

Apply for this job

DESCRIPTION

You will be responsible for helping drive the security of Twitter’s Cloud infrastructure. You will help identify and manage risks and work with partner teams to reduce and manage them. You will design, advocate, and help build secure-by-default infrastructure that closes off entire classes of security problems.

As a security engineer, you will:

• Model and identify potential risks in designs, configuration, code, or deployed systems along with designing and implementing mitigation options.
• Identify the trade-offs necessary between security and engineering velocity.
• Drive infrastructure directions, configurations, and solutions in collaboration with other teams.
• Use data to drive identification of risk areas and solutions.
• Analyze the security of systems via testing.
   

Qualifications

You care about security and building a secure environment for the people using Twitter everyday. You are curious, and have experience with the tools of the trade, comfortable digging into the details, and eager to help others protect our systems. Ideally, you have most of the following:

• 2 or more years of relevant experience (other jobs, grad school, etc) in information security including topics such as infrastructure security, pentesting, vulnerability management, or security research.
• 3 or more years of experience working with GCP in a production environment.
• Experience with deploying, configuring, and managing cloud infrastructure with at-least 5,000 distinct resources.
• Have built and operated cloud security infrastructure including policy, scanning, detection, and log analysis.
• Knowledge of at least one of: Go, Python, or Java.
• Undergraduate degree or equivalent (engineering, social sciences, arts, etc. are all fine)
   

Company Description

Twitter is what’s happening and what people are talking about right now. For us, life's not about a job, it's about purpose. We believe real change starts with conversation. Here, your voice matters. Come as you are and together we'll do what's right (not what's easy) to serve the public conversation.

LOCATIONS

United States

Apply for this job

DESCRIPTION

You will be responsible for helping drive the security of Twitter’s macOS and iOS device fleets. You will help identify and manage risks and work with partner teams to reduce and manage them. You will design, advocate, and help build secure-by-default infrastructure that closes off entire classes of security problems.

As an security engineer, you will:

• Model and identify potential risks in designs, configuration, code, or deployed systems along with designing and implementing mitigation options.

• Identify the trade-offs necessary between security and engineering velocity.

• Help drive infrastructure directions and solutions in collaboration with other teams.

• Use data to drive identification of risk areas and solutions.

• Analyze the security of systems via testing.

Qualifications

You care about security and building a secure environment for the people using Twitter everyday. You are curious, and have experience with the tools of the trade, comfortable digging into the details, and eager to help others protect our systems. Ideally, you have most of the following:

• 1 or more years of relevant experience (other jobs, grad school, etc) in information security including topics such as infrastructure security, pentesting, vulnerability management, or security research.

• 2 or more years of experience supporting or managing macOS or iOS devices in a corporate environment. Prior IT experience counts.

• Undergraduate degree or equivalent (engineering, social sciences, arts, etc. are all fine)

• You are familiar with macOS and iOS and their security features.

• You have worked with MDM and management systems for macOS and iOS such as JAMF, Workspace ONE, or similar systems.

• You have worked with configuration management systems such as Chef or software distribution systems such a Munki.

• You are able to work closely with IT and other teams dedicated to supporting macOS or iOS devices, and to help these teams understand and mitigate security risks in these systems.

• You are able to understand the needs of end users, and how these needs will be impacted by or might constrain security solutions on macOS or iOS devices.

• Knowledge of at least one of: Go, Python, or Java.

Company Description

Twitter is what’s happening and what people are talking about right now. For us, life's not about a job, it's about purpose. We believe real change starts with conversation. Here, your voice matters. Come as you are and together we'll do what's right (not what's easy) to serve the public conversation.

LOCATIONS

United States

Apply for this job

DESCRIPTION

"The front page of the internet,” Reddit brings over 430 million people together each month through their common interests, inviting them to share, vote, comment, and create across thousands of communities. Come for the cats, stay for the empathy.

The Reddit Security team is rapidly developing, and this is an opportunity to get in and have an outsized impact on a highly skilled and motivated team. We look for humble experts with a relentlessly resourceful and entrepreneurial, “can do” view of security. We want to deliver facts and not FUD to the business to enable Reddit to manage risk more effectively. Culture is important to us and a learning and developing mentality is vital regardless of the work assigned. 

If you work tirelessly to break into computer networks and just as tirelessly to ensure others cannot, we need you. The ideal candidate will work to modernize Reddit’s security controls and monitoring across our cloud environments, operating systems, and authentication and admin services.

Primary Job Responsibilities:

• Build tools and processes for automating security controls and monitoring at scale
• Assist the team in improving our incident response capabilities
• Guide our infrastructure teams in implementing security best practices for cloud environments. 
• Lead security initiatives across the organization and harden our infrastructure against attack
• Represent Reddit’s security program outside of the company at security conferences

Qualifications:

• 5+ years Unix and network administration experience
• Experience securing large and diverse networks and services
• Architecture and design experience for modern SIEMs, commercial or open source
• Cloud security experience with Amazon AWS (Flow logs, CloudTrail, GuardDuty, VPCs, Security Groups, CloudWatch, Kinesis, Lambda, etc.). GCP experience a plus
• Familiarity with common cloud security monitoring services such as Evident, ThreatStack, DivvyCloud, Cloud Custodian
• 2+ years securing Kubernetes environments and familiarity with common commercial and open source Kubernetes security services
• Ability to communicate effectively with business representatives in explaining security topics clearly and where necessary, in layman's terms
• Understanding of modern network protocols including HTTPS and TLS
• Understanding of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML
• Familiarity with dynamic and static analysis tools
• Ability to code in Python and shell scripts. Experience with Go, Rust, Scala, Lua, C, and/or C++ a plus
• Familiarity with common reconnaissance, exploitation, and post exploitation frameworks
• Experience with common security compliance initiatives such as SOC2, CSA, ISO27001

Qualities:

• Humble expert with a sense of urgency
• Skilled at taking complex topics and making them simple
• Comfortable explaining and justifying difficult decisions to any audience

LOCATIONS

United States

Apply for this job

DESCRIPTION

InVision is the leading product design and development platform for teams building world-class digital products. It’s every company’s imperative to continuously innovate and improve on their customer experience: InVision’s platform, education, and community enable creative collaboration across teams and geographies for improved speed-to-market and powerful business results.

More than 7 million people across global enterprises and small teams come to us when they are looking for digital transformation. That process doesn’t start and end in any design tool: it encompasses ideation, conversation, visual collaboration and so much more. Teams use InVision to create, prototype and test new ideas; develop repeatable and streamlined processes in design, product and engineering; and improve workflows to move more efficiently from inspiration to production and drive innovation. The InVision platform allows teams to collaborate throughout the process with every stakeholder, giving individuals the visibility and know-how they require. Customers include 100 percent of the Fortune 100 and organizations including American Express, Adidas, Boeing, Ford Motor, Netflix, HBO, Ikea, Slack and Virgin Atlantic.

InVision is a fully distributed company with people in more than 20 countries. Investors include Accel, ICONIQ, FirstMark, Tiger Global, Battery Ventures, and Spark Capital. Visit us at InVisionApp.com and InVisionApp.com/blog.

Our team is in search of a Staff Product Security Engineer to help us change the way digital products are designed.

About the Team:

We’re looking for technical experts who can turn product ideas into reality and operate a diverse scalable of products for millions of customers, from the small to the behemoth. We’re excited by challenges of scale—both the number and size of customers—and a diverse set of products. If you’re looking for variety, we have it. We work in scrum agile iterations on short-term deliverable cycles. Every team ships code every day, and we push launches every few months. We’re motivated to not only deliver the best products, but also to personally achieve. We work in small teams and have growth tracks for both technical and management.

What you'll do:

• Bake security into the InVision product. You'll work with engineers and product teams to create product security features that protect millions of designers around the globe.
• Secure our products. As a member of the security team, you'll identify and help resolve design, architectural, and implementation vulnerabilities in the InVision platform. 
• Design custom solutions to help identify security weaknesses and/or concerns in the InVision platform
• Be a security advocate. Every day brings exciting new challenges, and opportunities for you to share your ideas and security expertise throughout InVision’s engineering product and design teams.
• You'll design and launch innovative solutions that help us stay in compliance with industry regulations.

What you’ll bring:

• 6+ years of software development experience including 4 or more years focussed on product security
• A strong understanding of security architecture at scale and fluency with a range of security architectures, technologies, and design patterns.
• Proficiency with JavaScript and at least one other backend programming language. Experience with developing and securing SaaS products is a big plus
• An advanced knowledge of common application security vulnerabilities and strategies for mitigating them both architecturally and programmatically.
• Experience with threat modeling, penetration testing, code analysis, and common security tools

About InVision:

InVision offers an incredibly unique work environment. The company employs a diverse team all over the world. Each InVision team member is given the freedom and tools to do their best work from wherever they choose.

The benefits we offer in the United States and Canada include competitive health plans and retirement plans. Some InVision-wide benefits offered to all employees across the globe include a flexible vacation policy, monthly coffee shop stipends, annual allowances for books related to your profession, and home office setup & wellness reimbursements. InVision is an international employer so some benefit offerings will vary from country to country.

InVision is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please let us know.

LOCATIONS

Anywhere

Apply for this job

DESCRIPTION

ServiceNow is making the world of work, work better for people. Our cloud‑based platform and solutions deliver digital workflows that create great experiences and unlock productivity for employees and the enterprise. We're growing fast, innovating faster, and making an impact on our customers' and employees' lives in significant and important ways. With over 6,900 customers, we serve approximately 80% of the Fortune 500, and we're on the 2020 list of FORTUNE World's Most Admired Companies.®
 
We're looking for people who are ready to roll up their sleeves and help us build on our incredible momentum, our diverse, engaged workforce, and our purpose to make the world of work, work better.  
 
Learn more on Life at Now blog and hear from our employees about their experiences working at ServiceNow.

Job Description

What you get to do in this role:
ServiceNow’s Office of the CISO team leverages its diverse security background and expertise to help enhance ServiceNow’s security and communicate ServiceNow’s security features to the world.  The team works closely with all other departments in ServiceNow’s security organisation as well as with the sales, legal, privacy, IT and product teams on security-related topics.  Most importantly, the Office of the CISO team works with prospects, customers and partners to address questions related to the security of ServiceNow’s cloud-based service.

This team values integrity, quality, expertise, precision, communication, and efficiency and is looking for a Cloud Security Professional with broad security backgrounds and excellent communication skills. You will be a member of the EMEA team of the Office of the CISO with a focus on German-speaking countries.

Key Responsibilities:

Engage in multifaceted security conversations Support ServiceNow’s Sales and Customer Support teams in Pre- and Post-Sales efforts

This job has the ability to grow in the role of Cloud Security specialist and to excel into Field Information Security Officer in the future. As part of the job you will have the opportunity to regularly attend common security trainings such as CISSP, CISM or CIH and to obtain the associated certifications.

• Answer security questionnaires
• Investigate and provide answers to specific prospect and customer questions related to security
• Conduct security calls with customers and other stakeholders
• Review and discuss security-related terms in contracts together with our Legal departments
• Support ServiceNow partners on questions regarding security
• Ensure the ServiceNow Customer Success team is supported
• Work with internal teams to resolve security issues arising from investigations
• Contribute to the overall messaging and positioning of the ServiceNow Security Office
• Work with international, cross-functional teams to accomplish your goals

 

Qualifications

To be successful in this role you have:

Must haves:

Good communication and presentations skills (i.e. strong interpersonal and customer-facing skills) Minimum 2 to 5 years experience in IT

 

• Solid understanding of IT Security technologies and procedures.
• Ability to discuss complex issues together with customers and other
• Self-motivated and -driven; ability to perform and excel with little supervision.
• Excellent collaborator and teammate; ability to foster and feed off of coworkers.
• Ability to travel on a European and on international level occasionally
• Fluent in German (this is a must) and English language

Desirable to have:

• Experience with Cloud Operations (either as a customer or provider)
• Knowledge on cloud-specific security aspects
• Experience in enterprise cyber defense techniques
• A general understanding of ITIL and ITSM equivalent
• Understanding of the sales life cycle.
• Prior RFP and Contract experience is a plus.

LOCATIONS

Anywhere

Apply for this job

DESCRIPTION

ServiceNow is making the world of work, work better for people. Our cloud‑based platform and solutions deliver digital workflows that create great experiences and unlock productivity for employees and the enterprise. We're growing fast, innovating faster, and making an impact on our customers' and employees' lives in significant and important ways. With over 6,900 customers, we serve approximately 80% of the Fortune 500, and we're on the 2020 list of FORTUNE World's Most Admired Companies.®

We’re looking for people who are ready to jump right in and help us build on our incredible momentum, our diverse, engaged workforce, and our purpose to make the world of work, work better.

Learn more on Life at Now blog and hear from our employees about their experiences working at ServiceNow.

Job Description

What you get to do in this role:

 

• Team

  The Security Research team responds to application security escalation and focuses on risk reduction. Using a toolkit of code/program analysis and dynamic approaches, the Research team performs application deep dives to isolate problem root causes. Additionally, exploration techniques focus on problems broadly, measuring insecurity across ServiceNow’s cloud environment. A goal of the Research team is to maintain ServiceNow customer’s security enablement and continually improve ServiceNow’s cloud security reputation.

   

  Role

  As a Sr. Product Security Engineer on the Security Research team, you’ll be responsible for perform security auditing of the ServiceNow platform and products. This will require an in-depth knowledge of various approaches to application auditing including secure code review, debugging, dynamic web application analysis and threat modeling. You’ll also work with Product engineering teams to assist with platform roadmap planning.

   

  What you get to do in this role:

• Perform security audits to discover, communicate, and recommend remediation activities for vulnerabilities.
• Proactively research and quantify new attack vectors that may affect ServiceNow.
• Research security topics which are a risk to ServiceNow
• Work with engineering teams on platform roadmap planning

 

Qualifications

To be successful in this role you have:

 

• A passion for security and problem solving
• Background in software security auditing and computer security
• 7+ years of experience performing software security auditing including code review, thick app analysis and blackbox web application testing
• 4+ years of experience performing threat modeling for software products
• 1-2 years of experience with binary analysis and Java reverse engineering
• Network and System security engineering skills a plus
• Experience with Java Debugging and Binary Instrumentation
• Developer level proficiency in Java and JavaScript, including modern client-side JavaScript frameworks
• Experience programming in Python a plus
• Experience writing static code analysis rules a plus
• Strong understanding of application security vulnerabilities and respective coding anti-patterns
• Degree in computer science / engineering or equivalent work experience
• OSWE and OSCP certifications a plus
• Ability to deliver technical reports and communicate technical concepts to both non-technical business users as well as technical stakeholders.

LOCATIONS

Anywhere

Apply for this job