Lead Software Engineer - ServiceNow; Cybersecurity

Responsible at the expert level for writing code and the overall team’s technical requirements gathering. Completes work following banking technology standards and contributes to the overall stability and resiliency of banking technology within the Software Development Lifecycle (SDLC) while also coaching others.

• Lead design and development of Service Now Sec Ops solutions, including Security Incident Response (SIR), Major Security Incident Management (MSIM), and Service Catalog capabilities.
• Serve as technical lead and subject matter expert for Service Now Sec Ops, establishing and promoting best practices across cybersecurity operations workflows and platform implementations.
• Architect and implement end‑to‑end cybersecurity workflows, including incident intake, triage, investigation, containment, remediation, and closure processes.
• Design and maintain SIR workflows to support detection, enrichment, correlation, and response for security incidents.
• Lead implementation and optimization of USEM / Vulnerability Response processes, including vulnerability ingestion, prioritization, assignment, remediation tracking, and reporting.
• Integrate Service Now Sec Ops modules with external cybersecurity tools (SIEM, scanners, threat intelligence platforms) to enable automated data ingestion and response.
• Define and enforce cybersecurity workflow standards, including data models, severity/priority frameworks, SLAs, documentation standards, and audit requirements.
• Provide hands‑on mentorship and technical coaching to engineers on Service Now Sec Ops development, scripting, workflow design, and documentation practices.
• Lead code reviews, design sessions, and troubleshooting efforts to ensure high‑quality, secure, and scalable implementations.
• Partner with cybersecurity, risk, and infrastructure teams to align platform capabilities with enterprise cybersecurity strategy and policies.
• Configure and manage assignment groups, escalation paths, and approval processes for cybersecurity incidents, vulnerabilities, and commensurate operations.
• Drive adoption of automated response and orchestration patterns to reduce manual effort and improve response times.
• Ensure solutions meet security, compliance, and regulatory requirements, including auditability, traceability, and data protection standards.
• Oversee workflow performance and operational metrics (e.g., mean time to detect/respond, SLA adherence, remediation timelines) and drive continuous improvement.
• Support development and enhancement of Service Catalog items for security services, enabling standardized intake and request fulfillment.
• Collaborate with product owners, architects, and stakeholders to translate security requirements into scalable, technical solutions within Agile delivery practices.
• Contribute to platform strategy and roadmap, including expansion of Service Now Sec Ops capabilities and reduction of fragmented tooling.
• Communicate technical designs, risks, and decisions clearly to technical and non‑technical stakeholders, including leadership during major incidents.
• Promote a culture of security‑first engineering, continuous improvement, knowledge sharing, and Agile execution across the team.
• Produce professional documentation, commensurate with work efforts, following SDLC best practices.

• Associate’s degree with a minimum of 7 years of systems analysis and/or application development experience, or Bachelor’s degree with a minimum of 5 years of such experience.
• Alternatively, a combined minimum of 9 years of education and/or relevant work experience, including at least 5 years of systems analysis and/or application development.
• Expert proficiency in at least one programming language and professional proficiency in at least one additional programming language.
• Hands‑on experience in Service Now platform development (server‑side and client‑side scripting).
• Extensive experience developing and implementing Service Now Sec Ops solutions (SIR, USEM, and Service Catalog).
• Proven experience designing and delivering complex security workflows, including incident triage, investigation, escalation, containment, remediation, and closure…