Full-Time Senior Security Detection Engineer

The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider.

Threat Detection is looking to hire a Senior Detection Engineer. This role focuses on building detections, workflows, and services to improve incident response efficiency. An engineering mindset is needed to deliver high-quality solutions for internal security operations teams.

The daily tasks utilize Agile processes with a strong emphasis on the ServiceNow platform. Coordination with peer teams on development status is crucial for success. This role requires a combination of technical development and customer support skills in a hyper-collaborative environment.

This high-visibility role is critical for scaling threat detection and response functions. It includes supporting US Federal customers and requires a ServiceNow background screening, USFedPASS, including a credit check, criminal/misdemeanor check, and drug test. Employment is contingent upon passing the screening. Only US citizens, US naturalized citizens, or US Permanent Residents with a green card will be considered.

What you get to do:

• Build threat detection use cases leveraging threat intelligence and incident response data.
• Document products and deliver demos to operational teams.
• Work with security platform engineering teams, platform Development teams, and product managers on requirements and future product roadmaps.
• Collaborate with detection engineers and incident responders on new detections.
• Design and build systems in various public cloud ecosystems.
• Provide input on future products for a digital transformation cloud company.
• Work with a data scientist on training novel ML models.
• Experience in leveraging or integrating AI into work processes, decision-making, or problem-solving (using AI tools, automating workflows, analyzing insights).

To be successful:

• 6+ years of experience in Security Engineering or Security Operations.
• 3+ years of experience writing advanced Splunk queries (field extractions with regex).
• Strong understanding of attacks against JavaScript and Java applications.
• 1+ year of experience with public cloud technology (AWS/Azure/GCP).
• Familiar with incident response/digital forensics processes.
• Experience working with security operations teams.
• Strong interpersonal skills.
• Familiar with the ServiceNow platform (preferred).
• Open mind for exploring innovative ideas to automate repetitive tasks.
• Bachelor's degree in technical science or equivalent experience.

What is the last date for applying to the job?

Which countries are accepted for this remote job?