Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Senior Staff Product Security Engineer | Product Security Incident Response Team (PSIRT)

$201.3k - $352.3k
Full-time

ServiceNow

Company Description It all started when engineer Fred Luddy wrote code that automated a tedious task for his coworker, Phyllis. She cried tears of joy. That moment inspired Fred to build a company that could do that for everyone—freeing people from busywork so they could focus on meaningful work. Today, ServiceNow is the AI control tower for business reinvention. Our ServiceNow AI platform brings together any AI, any data, and any workflow— helping 85% of the Fortune 500® work smarter, faster, and better. We're building an AI-native culture where technology and talent are unstoppable together. And we're just getting started. Join us to put AI to work for people. Job Description The ServiceNow Security Organization (SSO) The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact About the role ServiceNow seeks a senior staff-level product security engineer to serve as a senior technical authority within the Product Security Incident Response Team (PSIRT). PSIRT is ServiceNow's awareness, response, and investigation capability for post-release vulnerabilities in ServiceNow-developed products and service offerings. This role is for a recognized expert who can operate independently and as part of a team on the most significant security issues facing the platform—vulnerabilities that require evaluating intangibles. You will lead deep-dive investigations, coordinate resolution across engineering, product, and release teams, and demonstrate calm, decisive leadership during significant security events. This is a role for someone who already understands product development cycles and the engineering and product relationships that drive them—and will use that fluency to lead fixes to completion under incident pressure. You will help shape how ServiceNow responds to product security vulnerabilities at scale and the technical rigor of the entire response capability. Key Responsibilities Lead Through Significant Security Events Provide additional response coverage outside of normal working hours for significant product vulnerabilities as they emerge. Demonstrate technical and organizational leadership during these events—bringing structure and clear decision-making under pressure. Partner with incident commanders, business information security leadership, engineering, and customer-facing teams to maintain clear ownership, workstream prioritization, and hand-offs during these events. Reduce Exposure Window Drive coordinated response across affected releases, balancing risk and remediation feasibility. Leverage an understanding of product development cycles and engineering/product partnerships to move fixes through the release pipeline without stalling on organizational boundaries. Verify fix completeness and guard against incomplete mitigations before release. Drive the CVE & Coordinated Disclosure Process Lead ServiceNow's CVE disclosure process—owning CVE assignment, scoring, advisory content, and publication timing. Collaborate with external security partners, vendors, and researchers on coordinated disclosures, aligning timelines and messaging across parties. Conduct technical accuracy reviews of external advisories, researcher write-ups, and joint disclosure content to ensure correctness before publication. Represent PSIRT's technical position in multi-party coordinated disclosures and researcher engagements. Pursue After-Action Outcomes & Continuous Improvement Author postmortems and drive lessons learned to closure following product security incidents. Participate in retrospectives following significant product security events, translating findings into concrete process and technical improvements. Contribute to partner teams tracking product security risk themes and trends across the portfolio. Contribute to SDLC improvement areas, feeding incident learnings upstream into secure development practices. Qualifications Qualifications Minimum 12 years of related experience with a Bachelor's degree; or 8 years with a Master's degree; or a PhD with 5 years of experience; or equivalent experience. Minimum 5 years of auditing source code for security vulnerabilities. Demonstrated leadership during significant security events or major incidents, with willingness to participate in on-call. Ability to read and comprehend Java and JavaScript code. Strong understanding of common Java and JavaScript vulnerabilities. Proficiency in scripting in both Python and JavaScript for data gathering, processing, and visualization. Development of proof-of-concept exploits for web application vulnerabilities. Written and verbal communication of complex security risk clearly to both technical teams and leadership. Experience with leading fix implementation and release coordination across engineering, product, and test/release teams. Proficiency in deep-dive product security investigations and root-cause analysis spanning design, code, configuration, and operational layers. Exploit analysis and proof-of-concept development that distinguishes real exploitability from theoretical risk. Familiarity with SDLC integration, CI/CD pipelines, SaaS threat models, and secure development practices. Experience leading a CVE disclosure process, including CVE assignment, scoring (CVSS), and advisory publication. Preferred Qualifications Experience in a PSIRT or similar function for a major software or SaaS platform. Recognized expertise in product security incident response, vulnerability research, or application security within a software or SaaS environment. Experience conducting vulnerability assessments on the ServiceNow platform. Experience with emerging threats: AI-specific attack vectors, software supply chain security, and SDLC tooling security. Experience with cloud infrastructure (AWS, Azure, GCP) and containerized environments. Relevant security certifications (e.g., OSWE) or demonstrated equivalent expertise. #SecurityJobs For positions in this location, we offer a base pay of $201,300 - $352,300, plus equity (when applicable), variable/incentive compensation and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, ESPP, matching donations, a flexible time away plan and family leave programs. Compensation is based on the geographic location in which the role is located and is subject to change based on work location. Additional Information Work Personas We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service. Equal Opportunity Employer ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. Accommodations We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact [email protected] for assistance. Export Control Regulations For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. From Fortune. ©2026 Fortune Media IP Limited. All rights reserved. Used under license. Employee Type: Regular Region: AMS - North America and Canada Work Persona: Flexible

Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the Senior Staff Product Security Engineer | Product Security Incident Response Team (PSIRT) in United States vacancy
  • $162.35k - $219.65k

     ...Senior Product Security Engineer – Boeing The Senior Product Security Engineer provides...  ...Works portfolio. Key Responsibilities Support the development,...  ...and lead cross-functional teams, motivating team members...  ...Knowledge of cybersecurity incident response protocols,... 
    Senior
    Contract work
    Work experience placement
    Interim role
    Relocation package
    Flexible hours

    Boeing

    Berkeley, MO
    5 days ago
  •  ...create their own products. Plaid powers the...  ...Plaid's Product Security Team is “Improve our customer...  ...security incidents.” The Product Security team is responsible for managing the...  ...Product Security Engineer at Plaid, you'll...  ...audiences, including senior leadership. Expertise... 
    Senior
    Work experience placement
    Local area

    Plaid

    Seattle, WA
    3 days ago
  •  ...mission to drive a Secure by Design culture...  ...Connected Health products. As a Senior Product Security Engineer , you will play a...  ...s health.   Key Responsibilities: Champion Security...  ...across product teams, ensuring adherence...  ...Monitoring and Incident Response: Oversee... 
    Senior
    Remote work

    Hologic

    Marlborough, MA
    2 days ago
  • $188k - $282k

     ...countries, strong product-market fit, and world...  ...unmatched. Our team moves fast, takes...  ...As a Senior Software Engineer on the Product Security team at Harvey, you...  ...to real security incidents, and learning from...  ...with Detection & Response as well as other teams... 
    Senior
    Work experience placement

    Harvey

    San Francisco, CA
    2 days ago
  •  ...Melbourne, we have a team of over 2,200 of...  ...ideas into real products, and you “get stuff...  ...Airwallex’s Information Security team partners closely with engineering, IT, and other...  ...risk reduction, incident response, audits, and compliance...  .... Your role As a Senior Security Engineer... 
    Senior
    Worldwide

    Airwallex Pty Ltd.

    San Francisco, CA
    3 days ago
  • $15k

     ...Defense, Space & Security (BDS) Air Dominance (AD) Product Security Engineering (PSE) organization is seeking a Senior Product Security...  ...organization, that is responsible for the cyber...  ...products. The AD PSE team’s portfolio spans...  ...cyber security incident response... 
    Senior
    Contract work
    Work experience placement
    Interim role
    Relocation
    Visa sponsorship
    Work visa
    Relocation package
    Flexible hours
    Shift work
    Day shift

    The Boeing Company

    Berkeley, MO
    3 days ago
  •  ...Senior Product Security Engineer DataRobot delivers AI that maximizes...  ...processes so teams can develop, deliver...  ...conversations. Key Responsibilities: Automate Everything...  ...products. Incident Response: Perform initial...  ...to Senior and Staff engineers.... 
    Senior
    Local area
    Remote work
    Worldwide
    Flexible hours

    DataRobot

    United States
    2 days ago
  •  ...Senior Product Security Engineer Mozilla Corporation is the non-profit-backed technology...  ...our review and operations team to provide a first-class...  ..., monitoring, and incident response. Help keep the platform...  ...contributions from Mozilla staff and community members.... 
    Senior
    Immediate start
    Remote work
    Home office

    Mozilla Ventures

    United States
    3 days ago
  • $146k - $175k

     ...Senior Application Security Engineer, AI & Product Security Artera is seeking a hands‑on Senior Application Security...  .../output filtering, and give our team the logging, scanning, and safe...  ...protection, access control, and incident response protocols. Familiarity with regulatory... 
    Senior
    Temporary work
    Summer work
    Summer holiday
    Work at office
    Immediate start
    Flexible hours
    Shift work

    TenOneTen

    Seattle, WA
    3 days ago
  •  ...At 7AI, security is foundational to everything we build. Our customers...  ...every day. We are seeking a Senior Product Security Engineer to join our Platform team. In this role, you will help shape...  ...rather than process. Responsibilities Define and evolve secure architecture... 
    Senior

    Seven AI

    Boston, MA
    4 days ago
  • $168k - $280k

     ...We’re looking for a hands‑on staff security engineer to play a key role in building Rippling’s Product Security program. Rippling’s...  ...member of Rippling’s security team, you’ll have a meaningful impact...  ...’s priorities and direction. Responsibilities Build guardrails and controls... 
    Senior
    Work at office
    Relocation
    3 days per week
    1 day per week

    Rippling

    Austin, TX
    2 days ago
  • $221k - $250k

     ...AI, cryptography, mobile engineering, and global operations. Our teams come from OpenAI, Tesla,...  ...more about the newest product launches from our Liftoff...  ...event. About the Team The Security team at Tools for...  ...hands‑on technical leader responsible for safeguarding the products... 
    Senior
    Flexible hours

    Tools-For-Humanity

    San Francisco, CA
    3 days ago
  • $123.55k - $142k

     ...Location Indianapolis, IN Responsibilities Serve as security point of contact for software, firmware, and physical product development teams across the enterprise, addressing data privacy...  .... College degree in Computer Engineering, Computer Science, Software Engineering... 
    Senior
    Temporary work
    Flexible hours

    Interflex Datensysteme GesmbH

    Golden, CO
    4 days ago
  • $142.6k - $196k

     ...Position Overview We are looking for a Senior Product Security Engineer to support security initiatives for...  ...at Bose. Principal Duties and Responsibilities Architect and design products to ensure...  ...Collaborate with cross‑functional teams such as product firmware, devOps,... 
    Senior

    Bose Corporation, U.S.A

    Framingham, MA
    3 days ago
  •  ...Our First Security-Focused Engineer Takes high-level direction (e.g., "identify...  ...in all areas of the product. Day-to-day: Select...  ...can drive alignment across teams). ~ Comfortable using...  ...agree with the day-to-day responsibilities. About LanceDB: LanceDB... 
    Senior
    Remote work

    LanceDB

    United States
    1 day ago
  •  ...The Senior Product Security Engineer will work within Allegion’s global cybersecurity organization, collaborating...  ...with product development teams to ensure a high standard of quality...  ...: Indianapolis, IN 8750 Hague Responsibilities Serve as the security point of contact... 
    Senior
    Temporary work
    Flexible hours

    Allegion, PLC

    Indianapolis, IN
    3 days ago
  •  ...SR. PRODUCT SECURITY ENGINEER (STARLINK) the company was founded under the belief that a future where...  ...security Secure/Authenticated boot Incident response and adversary detection...  ...relationships with other engineering teams are paramount to success. If you are... 
    Senior
    Permanent employment
    Worldwide
    Flexible hours
    Weekend work

    United States Digital Space LLC

    Bastrop, TX
    2 days ago
  • $290k - $365k

    Incident Response Manager - Product & Engineering About Anthropic Anthropic’s mission is to create reliable...  ...society as a whole. Our team is a quickly growing...  ...engineering, product, security, legal, go-to-market, and...  ...Currently, we expect all staff to be in one of our offices... 
    Visa sponsorship

    Anthropic

    New York, NY
    1 day ago
  • $290k - $365k

     ...Role We are looking for an Incident Response Manager to serve as the...  ...them. You will work across engineering, product, security, legal, go-to-market, and...  ...Partner with engineering teams to develop and maintain incident...  ...Currently, we expect all staff to be in one of our... 
    Work at office
    Visa sponsorship
    Flexible hours

    Anthropic

    New York, NY
    3 days ago
  • $168k - $210k

     ...Joining Collibra's Product Security team Collibra is seeking a Senior Product Security Engineer to join our high-impact team. You will be a key individual responsible for identifying vulnerabilities and providing expert remediation consulting for our global product... 
    Senior
    Work experience placement
    Remote work
    Flexible hours

    Collibra

    United States
    4 days ago
  • $173.4k - $234.6k

     ...The Boeing Company is looking for a Senior Product Security Engineer to join the Enterprise Product Security...  .... The successful candidate will be responsible for driving the development,...  ...delivery Leads interactions across Boeing teams, Airline Operators, Industry Standards... 
    Senior
    Permanent employment
    Work experience placement
    Relocation
    Visa sponsorship
    Work visa
    Flexible hours
    Shift work
    Day shift

    The Boeing Company

    Seattle, WA
    2 days ago
  • $131.42k - $216.87k

     ...Fortune500 companies. Job Summary RedHat Product Security ( is looking for a Senior Product Security Engineer to join our global Resilient Development team. RedHat’s Resilient Development...  ...recruitment agencies. We are not responsible for, and will not pay, any fees, commissions... 
    Senior
    Permanent employment
    Full time
    Contract work
    Work experience placement
    Work at office
    Remote work
    Flexible hours

    Dormont Manufacturing Company

    Raleigh, NC
    2 days ago
  • $152k - $224k

     ...may impact your candidacy. About The Team The Information Security and Technology team is responsible for keeping Life360 safe - our systems,...  ...programs. We build things that work in production, earn adoption from engineering teams, and get better over time - and... 
    Senior
    Summer work
    Remote work
    Flexible hours

    Life360

    United States
    4 days ago
  • $113k - $125k

     ...deployments, application security, reliability,...  ...outer loop," helping teams ship software faster...  ...About the Role Product Security is responsible for ensuring the continuous...  ...partnerships with engineering and product teams to...  ...by design. The Senior Product Security... 
    Senior
    Local area
    Immediate start
    Remote work
    Shift work

    Harness

    United States
    1 day ago
  •  ...career and customer-oriented Senior Incident Response Cybersecurity Analyst to join our team in Doral, FL. This position...  ...limited to: Active monitoring of security alerts from SIEM, EDR, IDS/IPS...  ...a computer and other office productivity machinery, such as a computer... 
    Senior
    Work at office
    Shift work
    Night shift

    MANTECH

    Doral, FL
    4 days ago
  • $156k - $214.5k

     ...sound isn’t just a product — it’s part of how people...  ...We’re looking for a Senior Product Security Engineer to help protect the...  ...— enabling teams across Bose to ship...  ...handling, and post-launch response. ~Keep these services...  ...product security incident response. ~Review... 
    Senior
    Full time

    Bose Corporation

    Remote
    8 days ago
  • $127k - $165k

     ...Description We are seeking a Senior Product Security Engineer with medical device...  ...regulatory, quality, and privacy teams to embed security across...  ...requirements. Key Responsibilities ~FDA Cybersecurity Compliance...  ...early in the SDLC. ~Incident Response: Support... 
    Senior
    Full time
    Remote work

    iRhythm Technologies, Inc.

    Remote
    3 days ago
  •  ...Overview: Serve as a senior security engineering resource supporting multiple product and development teams. Lead application and platform security assessments for new...  ...software development organization. Support incident response efforts and participate in an on-call... 
    Senior
    Full time

    aqua IT

    Remote
    24 days ago
  • $218k - $235k

     ...Description We're seeking a Senior Product Security Engineer who is passionate about...  ...the United States. Key Responsibilities ~Product Security...  ...product and engineering teams to integrate security throughout...  ...toil. ~Security Incident Response: Serve as an incident... 
    Senior
    Full time
    Remote work

    Tines

    Remote
    3 days ago
  •  ...directly within the product development...  ...understanding to product security decisions,...  ...initiatives across product teams, embedding...  ...adoption; embed responsible AI principles—traceability...  ...to product and engineering on security risk,...  ..., and cloud incident response. ~... 
    Senior
    Minimum wage
    Full time
    Local area

    Vertex Inc.

    Remote
    8 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Senior Staff Product Security Engineer | Product Security Incident Response Team (PSIRT). Be the first to apply!