ServiceNow SecOps Engineer

Role Overview

A Service Now Sec Ops Engineer designs, implements, and optimizes security operations workflows within the Service Now platform. The role bridges security tooling and IT service management, enabling efficient incident response, vulnerability remediation, and threat intelligence handling through automation and orchestration. Working closely with SOC teams, this engineer ensures security events are actionable, traceable, and continuously improved.

• Configure and manage Service Now Security Incident Response (SIR) module
• Integrate SIEM tools (e.g., Splunk) for real‑time alert ingestion
• Develop automated playbooks for triage, containment, and escalation
• Collaborate with SOC analysts to streamline response workflows
• Ensure proper documentation, tracking, and reporting of incidents

• Implement and maintain Service Now Vulnerability Response (VR)
• Integrate vulnerability scanners (e.g., Tenable, Qualys)
• Prioritize vulnerabilities using risk‑based scoring models
• Automate remediation workflows and track SLA compliance
• Provide dashboards and reporting for security posture visibility

• Configure Service Now Threat Intelligence (TI) module
• Ingest and normalize threat feeds from external sources
• Correlate threat intelligence with incidents and vulnerabilities
• Support proactive threat hunting initiatives
• Maintain indicators of compromise (IOCs) and threat libraries

• Design and implement workflows using Service Now Flow Designer and Integration Hub
• Integrate endpoint security tools (e.g., Crowd Strike) and other security platforms
• Build orchestration playbooks to reduce manual intervention
• Continuously improve automation efficiency and coverage
• Ensure secure and scalable API integrations across systems

• Strong experience with Service Now Sec Ops modules (SIR, VR, TI)
• Hands‑on integration experience with tools such as Splunk, Crowd Strike, Qualys, or Tenable
• Knowledge of security frameworks (e.g., NIST, ISO 27001)
• Experience with REST APIs, scripting (JavaScript), and automation tools
• Solid understanding of SOC operations and incident lifecycle
• Familiarity with cloud and endpoint security concepts

• Service Now Certified Implementation Specialist – Security Operations
• Experience with SOAR platforms and automation design
• Knowledge of threat intelligence frameworks (e.g., MITRE ATT&CK)
• Background in cybersecurity operations or engineering roles

We welcome applications from all individuals, regardless of background or identity, and we encourage candidates who may not meet every listed requirement to still apply. If you require any adjustments or support during the recruitment process, please let us know and we will work with you to ensure a fair and accessible experience.

Please Note:

If a high volume of applications is received, only candidates shortlisted will be contacted.