Application Security Researcher
This position reports to: Sr. Manager, Product Security
ServiceNow is changing the way people work. With a service-orientation toward the activities, tasks and processes that make up day-to-day work life, we help the modern enterprise operate faster and be more scalable than ever before.
We’re disruptive. We work hard but try not to take ourselves too seriously. We are highly adaptable and constantly evolving. We are passionate about our product, and we live for our customers. We have high expectations and a career at ServiceNow means challenging yourself to always be better.
What you get to do in this role:
As an Application Security Researcher, you will be a member of the Product Security Team, helping managed the ServiceNow Product Secure Development lifecycle. You will work with internal development teams to review source code and perform dynamic analysis of the ServiceNow platform. In this role you will be responsible for identifying new platform vulnerabilities, managing vulnerability detection processes, coordinating vendor testing efforts and developing automations to assist in vulnerability management. A key part of this position is understanding and documenting common web application vulnerabilities in addition to vulnerabilities specific to the Service Now platform.
In order to be successful in this role, we need someone who has:
- An analytical mind for problem solving, abstract thought, and offensive security tactics.
- Strong interpersonal skills (written and oral communication)
- Operating System Security knowledge including Linux/Unix/Darwin and Windows
- Direct experience coding in one or more of the following languages:
- ServiceNow’s Glide API
- High level of language reading comprehension for Java and C++
- Experience with build and dependency management software
- Experience working with data science and operational analytics tools is a plus
- Experiencing performing source code reviews for Security issues
- Experience performing binary analysis, reverse engineering and exploit development
- Advanced knowledge and experience in Pentesting:
- Custom web applications
- Complex cloud environments
- Web services (REST & SOAP)
- In-depth experience with exploiting OWASP Top 10 application vulnerabilities, such as deserialization and injection attacks.
- Experience with dynamic web application scanners, software composition analysis and static analysis tools
- Experience with mobile malware analysis, the Android Security Model and app-to-app attacks on mobile platforms.
- Experience performing Threat Modeling and design analysis
- Ability to articulate complex issues to executives and customers.
- Ability to pass a practical examination
- 3+ years experience working in Product Security or as an Application Security Consulting
- 2+ years experience working as a developer and writing/maintaining applications
- Bachelor’s degree in Computer Science/Engineering or equivalent experience.
We provide competitive compensation, generous benefits and a professional atmosphere. This is a very collaborative and inclusive work environment where individuals strong on aptitude and attitude will have an opportunity to grow their professional careers through working with some of the most advanced technology and talented developers in the business.
ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, or veteran status. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at (408) 501-8550, or [email protected] for assistance.