Principal Software Engineer | DevSecOps | Product Security

**PLEASE NOTE THIS ROLE REQUIRES A MINIMUM OF 2 DAYS A WEEK IN ANYONE OF OUR SERVICENOW OFFICES THROUGH THE you cannot commit to 2 days per week in a ServiceNow Office..........PLEASE DO NOT APPLY THANK YOU VERY MUCH** 

The ServiceNow Security Organization (SSO)  

The ServiceNow Security Organization (SSO) delivers world-class innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact 

The DevSecOps team within Product Security is responsible for building integrating and operating resilient security services that protect the NOW platform store applications mobile applications and internal services. We empower over 9000 developers globally to build secure software by embedding automated security tools and services throughout the software development lifecycle. We are a collaborative and innovative team driving a security-first culture through automation and continuous improvement. 

Role

As a Principal Engineer on the DevSecOps team you will lead the development deployment integration and scale of security services to support SAST Secret Detection Deep Code Search and other Source Code Security functions across ServiceNow. You will support Product Engineers and Product Management across hundreds of BUs and understand how security is an enabler to reduce product delivery cycle time and security risk.   

In addition you will ensure our embedded security services provide the best developer experience with high fidelity findings and actionable remediation guidelines.  Finally you will lead the build of ServiceNow Apps and Services to support the Product Security Organizations security activities at scale and make the world of work work better for all of us.  

What you get to do in this role: 

• Use your software engineering expertise to engage in deep technical conversations with lead engineers across the company balancing security risk prioritization with empathy for speed-to-market pressures. 
• Clearly articulate and prioritize security risk to engineering peers and business unit leaders (VP/SVP level) exercising diplomacy in high-visibility situations and building metrics dashboards that resonate with both technical and executive audiences. 
• Innovate with AI/ML technologies to proactively identify prioritize and remediate security risks at scale applying intelligent automation to improve signal quality reduce false positives and accelerate secure software delivery. 
• Lead the architecture and development of our next-gen source code security tools including a suite of SAST Secret detection Code Search and other services to secure our platform store applications and cloud native services.  You can see the forest through the trees and prioritize service development areas by risk and organizational readiness.  
• Design and advocate for security service integrations at optimal points in the software development lifecycle enabling developers to discover and remediate issues with zero friction. 
• Coach and mentor team members in their personal and professional development identify training opportunities and seek diverse perspectives to continuously improve team capabilities. 
• Create targeted security training and translate technical findings into actionable practical guidance that makes secure-by-default choices easier than insecure ones for the entire engineering organization. 

Qualifications :

To be successful in this role you have: 

• Experience in leveraging or critically thinking about how to integrate AI into work processes decision-making or problem-solving. This may include using AI-powered tools automating workflows analyzing AI-driven insights or exploring AIs potential impact on the function or industry. 
• 15 years of software engineering experience with a proven track record of influencing and delivering high-impact projects across large organizations and a demonstrated ability to reduce complex systems into maintainable solutions that less experienced engineers can operate with confidence. 
• Or similar experience in combination with education 
• Deep expertise in application security tooling and DevSecOps including 5 years architecting integrating and operating security testing pipelines (SAST secret detection SCA DAST container/IaC scanning) with understanding of each tool classs strengths limitations false positive tuning optimal SDLC placement and risk-based policy enforcement. 
• Passion for security as an enableryou believe security accelerates innovation when implemented thoughtfully and strive to create developer experiences that make security invisible and effortless. 
• Demonstrated ability to challenge conventional security approaches and evolve practices to meet the needs of modern cloud native high velocity engineering organizations. 
• Expert-level secure software development skills including secure architecture design threat modeling (STRIDE or similar frameworks) security-conscious code review secure API development and polyglot programming capabilities across multiple languages and paradigms. 
• Proven ability to influence senior leadership and drive cross-functional collaboration with experience communicating security risk to VP/SVP-level stakeholders making tough decisions under pressure and building trust across engineering product and security organizations. 
• Strong foundation in distributed systems CI/CD and automation with experience designing secure scalable distributed architectures implementing security gates in continuous deployment pipelines and building test automation frameworks that embed security validation throughout the SDLC. 
• Track record of coaching training and elevating organizational security capabilities through mentorship creating targeted training programs and translating complex security findings into practical secure-by-default guidance that empowers thousands of developers 
• Experience with security metrics KPIs and program maturity assessment including establishing meaningful metrics (MTTR vulnerability density coverage escape rates) benchmarking against frameworks (BSIMM SAMM) and translating technical findings into risk-quantified narratives for executive audiences. 
• Proficiency with AI-enabled security practices and generative AI security fundamentals including leveraging AI tooling to accelerate security workflows while maintaining critical evaluation of AI outputs and understanding both AI attack surfaces and adversarial AI use cases. 
• BS in computer science or equivalent work experience. 

Nice to have: 

• Hands-on experience with modern security tooling such as Semgrep CodeQL or Checkmarx for SAST; GitGuardian TruffleHog or detect-secrets for secret detection; Snyk Dependabot or Grype for SCA; or equivalent tools in the application security ecosystem 
• ServiceNow platform and application development experience including familiarity with the NOW platform architecture Scoped Applications Flow Designer or custom app development that would accelerate your ability to build native security services 
• Experience scaling security programs at high-growth technology companies with engineering organizations of 5000 developers demonstrating patterns for balancing security rigor with developer velocity at scale 
• Security certifications such as CISSP OSCP CEH CSSLP or equivalent that demonstrate formal security training and commitment to the discipline 
• Open-source security contributions including contributions to security tools vulnerability disclosures security research publications or active participation in security communities (OWASP BSides Black Hat etc.) 
• Cloud-native security expertise with experience securing Kubernetes containerized workloads serverless architectures or infrastructure-as-code in AWS Azure or GCP environments 

#SecurityJobs 


For positions in this location we offer a base pay of $240100 to $420200 plus equity (when applicable) variable/incentive compensation and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the base pay shown is a guideline and individual total compensation will vary based on factors such as qualifications skill level competencies and work location. We also offer health plans including flexible spending accounts a 401(k) Plan with company match ESPP matching donations a flexible time away plan and family leave programs. Compensation is based on the geographic location in which the role is located and is subject to change based on work location.

Additional Information :

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible remote or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race color creed religion sex sexual orientation national origin or nationality ancestry age disability gender identity or expression marital status veteran status or any other category protected by addition all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. 

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process or are unable to use this online application and need an alternative method to apply please contact for assistance. 

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations including the U.S. Export Administration Regulations (EAR) ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. 

From Fortune. 2025 Fortune Media IP Limited. All rights reserved. Used under license. 

Remote Work :

No

Employment Type :

Full-time