about 4 hours ago

Logo of ServiceNow

Staff Security Incident Remediation Analyst

$137k - $240k

ServiceNow

North AmericaAmericasRemoteUS

Company Description

It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.

Job Description

The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact    

ServiceNow’s Security Incident Command (SIC) team is seeking an experienced Business System Analyst (BSA) with experience in the information security domain to improve our post-incident Recovery lifecycle.  

This is a new role and new position. This role provides an opportunity for a very large impact by directly enabling the improvement of the state of ServiceNow’s security for the whole company and our customers. 

 

About the SIC team 

The SIC team maintains and executes the Major Security Incidents (MSI) lifecycle within ServiceNow, including Preparation, Response, and Recovery. MSIs are our most challenging and impactful security incidents which pose active or heightened risk to the company and/or our customers. 

Key value areas are preparing the company for MSIs through tabletop exercises (TTX), coordination of activity between many response workstream partners, tracking key MSI metrics and facts to keep everyone oriented, and communicating status, milestones, blockers, and critical decisions needed to senior management and executive stakeholders, including the CISO. 

A Note on Industry Equivalent Roles and Terms 

Similar terms for this role and the functions the SIC team serves can include Major Incident Management, Security Crisis Management, Crisis Lead, Problem Management and SSIRP. 

 

What you get to do in this role 

  • Establish, maintain, and evolve documentation and processes governing MSI Recovery activity. 

  • Document all Recovery findings. Employ data analysis skills to interpret incident data and generate actionable insights. 

  • Meet with stakeholders and owners of Recovery findings to agree on a path forward for resolution. 

  • Serve as a key point of contact for all Recovery item owners. 

  • Track the status of each Recovery item, ensuring accountability and progress towards resolution. 

  • Report regularly on the status and milestones of Recovery items to senior management and executive stakeholders  

  • Collaborate effectively with cross-functional teams to ensure cohesive Recovery item resolution strategies and implementations. 

  • Develop and maintain strong communication channels across the organization to facilitate timely and clear information sharing. 

  • Serve as a key driver to tangibly and meaningfully improve the security of the ServiceNow platform, our infrastructure, and the many ways our customers use the platform.  

Qualifications

A successful candidate will have: 

  • 8+ years of experience as a Business System Analyst or similar role. 

  • High motivation to own and drive change. This is a key role with critical importance. 

  • Excellent demonstrable oral and written communication skills. 

  • Experience developing and maintaining business process documentation. 

  • Experience maintaining and improving large complex datasets with meticulous detail. 

  • Experience communicating with an executive audience. 

  • Experience in incident response at a global company. 

  • Familiarity with the security incident response lifecycle. 

 

Nice to haves, but not required 

  • Experience within the application security domain, particularly hyperscale hosted software-as-a-service (SaaS) applications. 

  • Demonstrable experience driving change in a complex organization. 

  • Experience managing security incidents. 

  • Familiarity with cybersecurity frameworks (e.g., MITRE ATT&CK). 

  • Working understanding of the Agile framework. 

  • Knowledge across multiple security domains (e.g., security engineering, security architecture, security governance). 

 

## SecurityJobs 

 

 

 

For positions in this location, we offer a base pay of $137,500 to $240,500, plus equity (when applicable), variable/incentive compensation and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, ESPP, matching donations, a flexible time away plan and family leave programs. 

 

Compensation is based on the geographic location in which the role is located and is subject to change based on work location.

Additional Information

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work. Learn more here.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. 

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact talent.acquisition@servicenow.com for assistance. 

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. 

From Fortune. ©2024 Fortune Media IP Limited. All rights reserved. Used under license.