Loading...
Loading...
ServiceNow is seeking a Staff Product Security Engineer to lead their bug bounty program within the Product Security Incident Response Team (PSIRT). This senior role involves the technical ownership of bug bounty reports, from initial reproduction and validation of vulnerabilities to assessing severity and ensuring a verified fix. The engineer will also conduct security research, lead incident responses, and perform postmortems. Key responsibilities include triaging complex reports, communicating with researchers and internal stakeholders, and mentoring junior engineers.
It all started when engineer Fred Luddy wrote code that automated a tedious task for his coworker, Phyllis. She cried tears of joy. That moment inspired Fred to build a company that could do that for everyone—freeing people from busywork so they could focus on meaningful work. Today, ServiceNow is the AI control tower for business reinvention. Our ServiceNow AI platform brings together any AI, any data, and any workflow— helping 85% of the Fortune 500® work smarter, faster, and better. We're building an AI-native culture where technology and talent are unstoppable together. And we're just getting started.
Join us to put AI to work for people.
ServiceNow seeks a Staff Product Security Engineer to serve as the technical core of our bug bounty program within the Product Security Incident Response Team (PSIRT). This is the senior engineer who owns bug bounty reports from intake through resolution: reproducing and validating the vulnerability, assessing its severity, and seeing it through to a verified fix.
The work is deeply technical. Reproducing a vulnerability is only the starting point. From there you read the underlying code, identify root cause, and either propose the fix or design it alongside engineering before confirming it holds. You are also the person researchers deal with directly, which makes clear, credible communication as central to the role as the technical analysis itself.
As one of the most senior engineers on the team, you will set the standard for how triage is done and mentor earlier-career engineers. Beyond the bug bounty queue, you will conduct variant hunts, perform original platform security research, lead major product security incidents, and run forensic postmortems when a significant issue reaches production.
Key Responsibilities
Triage and Resolve Bug Bounty Reports
Own Researcher and Stakeholder Communication
Mentor the Team and Raise Triage Standards
Lead Advanced Security Work Beyond Triage
To be successful in this role, you have:
Expertise in:
Code and development fluency:
Work Personas
We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.
Equal Opportunity Employer
ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements.
Accommodations
We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance.
Export Control Regulations
For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities.
From Fortune. ©2026 Fortune Media IP Limited. All rights reserved. Used under license.