ServiceNow Vulnerability Response (VR) Architect

Job Title: ServiceNow Vulnerability Response (VR) Architect
Location: Seattle WA (Remote)

Contract

Role Summary

The ServiceNow Vulnerability Response Architect defines the overall technical and functional architecture for ServiceNows Vulnerability Response (VR) within the broader GRC/IRM ecosystem. This role ensures the solution is scalable OOTB aligned CMDB integrated and ready for enterprise level integrations with vulnerability scanners ITSM and security tools.

Key Responsibilities

• Define the VR solution architecture and data flow for ingestion prioritization tracking and remediation.
• Design the vulnerability ingestion grouping and remediation framework including workflows approvals and integration points (e.g. Tenable Qualys Rapid7 Splunk).
• Define risk models scoring logic and SLA strategy based on CVSS business criticality threat intelligence and CMDB derived context.
• Ensure CMDB alignment and CI attribution strategy so every vulnerability is tied to the right configuration item (CI) service and business function.
• Guide developers and configuration teams on best practice VR configuration patterns (e.g. scoped apps data models automation integrations).
• Review and approve technical design documents configuration changes and integration designs to maintain platform standards and security posture.
• Collaborate with GRC IRM ITSM and security teams to ensure VR aligns with governance risk and compliance requirements.

Mandatory Skills

• ServiceNow CMDB Deep experience linking vulnerabilities to CIs services and business assets.
• ServiceNow GRC/IRM Strong understanding of Governance Risk and Compliance (GRC) and Integrated Risk Management (IRM) applications including risk scoring SLAs and remediation workflows.
• Vulnerability Response (VR) Architecture Hands on experience designing and implementing ServiceNow VR solutions.
• Integration & Automation Experience with vulnerability scanner integrations REST APIs data ingestion pipelines and automated remediation workflows.
• Security & Risk Modeling Familiarity with risk based vulnerability management CVSS and business impact based prioritization.

Nice to Have Skills

• Experience with ServiceNow SecOps Security Incident Response or Threat Intelligence modules.
• Prior experience implementing GRC/IRM modules (Risk Management Policy & Compliance Vendor Risk Management).
• Working knowledge of security operations (SecOps) SOC and vulnerability scanner ecosystems.
• Strong stakeholder management and communication skills for bridging security and IT leaders.