Product Security Response Manager

Company Description

It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.

Job Description

As a Product Security Response Manager, you will be responsible for managing a portion of PSIRT’s global headcount. You will direct the day-to-day activities of product security engineers you lead, including processing root cause analysis of product security vulnerabilities reported as part of the bug bounty and responsible disclosure program, vulnerability remediation collaboration with internal development teams, research projects for reported vulnerability patterns, and process improvements. As a Product Security Response Manager, you will work with ServiceNow’s pool of talented external researchers (i.e., our bug bounty and responsible disclosure programs) to ensure they are equipped to succeed and mitigate uncoordinated disclosures. You will also make hands-on contributions to reducing security risks in ServiceNow's products and services by partnering with other teams in the development and security organisations. 

Team:  

ServiceNow’s Product Security Incident Response Team (PSIRT) is dedicated to managing post-release security vulnerabilities in ServiceNow-developed products. Our mission is to investigate, respond and communicate product risk. PSIRT plays a core role as a strong subject matter expert to the company during major security incidents. PSIRT is responsible for the health and management of ServiceNow’s bug bounty and responsible disclosure programs. PSIRT owns the intake and triage of internally and externally reported product security vulnerabilities. PSIRT also conducts deep-dive security research to discover related vulnerabilities, consults and coordinates with internal development teams on the remediation of complex security issues, and contributes lessons learned into educational workstreams. 

What you get to do in this role: 

• Serve as a people leader. 
• Serve as a project manager for PSIRT-led research projects. 
• Oversee product security incidents, small and large. 
• Stay updated on industry best practices, including the CVE program and FIRST.org special interest groups. 
• Recommend and develop new product security policies and procedures. 
• Partner with key contacts outside of our department. 

Qualifications

To be successful in this role, we need someone who has: 

• An analytical mind for problem solving, abstract thought, and challenging product security problems and solutions. 
• Strong interpersonal skills (written and oral communication) and the ability to work collaboratively in a team environment, both in real-time and asynchronously, and remotely across ServiceNow’s regions. 
• Accountability and the ability to take feedback as a member of a continuous improvement culture. 
• Autonomy and ability to make practical decisions and recommendations in the face of uncertainty and imperfect information. 
• Flexibility in working hours is needed to assist with a global team and product security incident response. 
• Comfort with change as part of being on a growing team. 
• 2+ years of experience managing or supervising individual contributors. 
• 5+ years of experience working in a role focused on web application security. 
• B.S. Degree in Computer Science / STEM field or equivalent job experience. 
• In-depth experience with exploiting OWASP Top 10 application vulnerabilities, such as deserialization and injection attacks. 
• Experience performing Threat Modelling and Penetration Testing. 
• Strong code reading comprehension and code tracing skills, and experience performing source code reviews for security issues. 
• Experience in a fast-paced and demanding security environment. 
• Experience with bounty programs preferred.  

This is a very collaborative and inclusive work environment where individuals strong on aptitude and attitude will have an opportunity to grow their professional careers through working with some of the most advanced technology and talented developers in the business. 

Not sure if you meet every qualification? We still encourage you to apply! We value inclusivity, welcoming candidates from diverse backgrounds, including non-traditional paths. Unique experiences enrich our team, and the willingness to dream big makes you an exceptional candidate!

Additional Information

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work. Learn more here.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. 

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance. 

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. 

From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license.