Senior Information Security Analyst

Job DescriptionAbout The ServiceNow Security Office The ServiceNow Security Organization is dedicated to delivering world-class, innovative security solutions that minimize risk and protect both our company and our customers.By enabling the secure migration of sensitive data and workloads to the cloud, we help accelerate ServiceNow's position as the most trusted SaaS provider in the industry.We are committed to fostering an environment where our employees feel empowered, take pride in their work, and have the opportunity to make a meaningful impact.About the Team – Global Security Support Center (GSSC) The Global Security Support Center (GSSC) at ServiceNow is a diverse and highly skilled team of security professionals who play a pivotal role in strengthening both our internal and external security posture.The team collaborates closely with various functions across the company and serves as a key interface with our customers on security-related matters.Through expertise, communication, and a commitment to excellence, the GSSC team reinforces ServiceNow's reputation as a security-first organization, consistently demonstrating our commitment to protecting our platform, our data, and our customers.GSSC Mission Statement: To provide external & internal facing security support on behalf of the Security Organization to improve our customers' security posture and build Customer trust.Job Description Responsibilities on the role: Represent security organization in customer-facing Security Incidents, cases, Security findings, tasks and questions and calls related to Security & Privacy.Own, triage, investigate and respond to security matters of ServiceNow platform, ensuring timely communication, resolution and enhance customer experience and processes.Act as the primary point of contact for all security-related matters in ServiceNow, supporting both internal and external stakeholders.Facilitate the efficient workflow/triage of security-related incidents/cases by collaborating with customers and other internal ServiceNow teams.Build and maintain a high level of customer trust and confidence through exceptional service and communication.Customer Outreach Communications on Security & escalation handling.Understand and deliver excellent capability maturity models to fine tune Security processes.Create and enhance documentation and processes to strengthen security maturity and operational excellence.Develop and deliver training/enablement programs on Security, for internal and external customers on security awareness and best practices.Develop AI Solutions for automating repetitive activities & design new solutions leveraging AI.Work with Legal on security/privacy-related matters & a global team spread across different time zones, so flexibility of times is required.Provide support and be available as a responsible resource for the On-Call rotation (weekends, public holidays, and after hours) as rostered.QualificationsTo be successful in this role, you have: Experience: A minimum of 3-5+ years of professional experience in information security or application security roles.Certifications: Relevant certifications are highly preferred, including but not limited to:Required: ServiceNow Certified System Administrator (CSA)Preferred (Two or more): Azure AI Fundamentals, AWS Certified AI Practitioner, Offensive Security Web Assessor (OSWA), GIAC Web Application Penetration Tester (GWAPT), GIAC Security Essentials Certification (GSEC), GIAC Certified Incident Handler (GCIH), CISSP, CISM.Skills & CompetenciesTechnical Skills:Solid understanding of cloud computing models and major hyperscaler cloud models.Hands-on experience with using and understanding security tools and technologies, including: SIEM solutions, logging tools, load balancers, firewalls, WAFs, IDS/IPS, vulnerability management platforms, encryption techniques etc.Basic to Intermediate-level programming knowledge in Java/JavaScript with the ability to read, interpret & understand to explain code effectively.Intermediate to Advanced proficiency in using web proxy tools for security testing and assessments.Application Security: In-depth understanding of web application vulnerabilities (e.g., OWASP Top Ten) and corresponding mitigation strategies.Risk Management: Ability to clearly explain security risks to non-technical stakeholders using straightforward, non-technical language.Compliance & Regulatory Knowledge: Good knowledge of key compliance and regulatory frameworks including: NIST, CIS, GDPR, HIPAA, PCI DSS, ISO standards etc.Artificial Intelligence: Experience working with AI technologies and designing AI-based solutions.Analytical Thinking: Strong analytical and problem-solving capabilities, with the ability to evaluate and address complex security challenges.Communication: Excellent verbal and written communication skills, with the ability to convey technical information to non-technical audience.Team Collaboration: Demonstrated ability to thrive in a team-oriented, collaborative environment working in a follow the sun model.Security Concepts: Good understanding of Security concepts and articulating Security and risk in simple terms without using jargons and make sense to customers.Education: Bachelor's degree in computer science or information security or relevant information security experience.Preferred Additional Experience: Hands-on experience with web-based vulnerability exploitation and experience is a strong plus to succeed in this role.At GSSC, we pride ourselves on fostering a culture of inclusivity, innovation, and excellence.Our team and customers are at the heart of everything we do, and we are committed to providing a supportive and engaging work environment.As an Information Security and Application Security resource in the region, you will be an integral part of our mission to deliver secure and reliable solutions to our clients.FD21Additional InformationWork PersonasWe approach our distributed world of work with flexibility and trust.Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location.Learn more here.To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.Equal Opportunity EmployerServiceNow is an equal opportunity employer.All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law.In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements.AccommodationsWe strive to create an accessible and inclusive experience for all candidates.If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact ****** for assistance.Export Control RegulationsFor positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals.All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities.From Fortune.©**** Fortune Media IP Limited.All rights reserved.Used under license.