ServiceNow SecOps Architect

Job Title: ServiceNow SecOps Architect

Location: Stamford, CT



ROLE_DESCRIPTION -



1. 12+ years of hands-on development experience in ServiceNow platform.

2. 5+ years of experience specifically in Security Incident Response (SIR) and Vulnerability Response (VR) implementation.

3. Design, configure and customize ServiceNow SIR & VR module

4. Design and develop workflows, business rules, client scripts, and integrations supporting the SIR & VR lifecycle.

5. Integrate VR with external vulnerability scanners and CMDB (Configuration Management Database) to automate import and correlation of vulnerability data.

6. Configure MID Servers, data sources, and API connections for vulnerability data ingestion.

7. Develop automation for vulnerability assignment, remediation tracking, and exception management.

8. Create custom dashboards, reports, and Performance Analytics indicators for vulnerability KPIs and trends.

9. Strong understanding of SOC operations & Incident response frameworks (NIST, SANS)

10. Experience working with SIEM, SOAR, EDR, and vulnerability tools.

11. Strong understanding of ServiceNow CMDB, Discovery, and ITSM processes.

12. Experience integrating with vulnerability scanners (Qualys, Tenable, Rapid7, Prisma Cloud, etc.).

13. Knowledge of JavaScript, Glide API, Flow Designer, and REST/SOAP integrations.

14. Work with business stakeholders, technical stakeholders, onsite and offshore team to own the delivery of work.





Roles & Responsibilities

1. Lead end-to-end architecture for ServiceNow SecOps SIR & VR, including data model, scopes, and modular design aligned to platform guardrails and performance best practices.

2. Define SecOps governance standards and design patterns

3. Define prioritization models and Risk Score formulas to drive actionable SLAs and dashboards.

4. Design and develop robust CMDB relationships to tie vulnerabilities to assets, services, and business applications (CIs), enabling service-aware remediation and reporting.

5. Enable bidirectional integration between SIR and ITSM.

6. Integrate enterprise vulnerability scanners (e.g., Tenable, Qualys, Rapid7) and threat intel feeds; tune parsing, de-duplication, and matching logic.

7. Optimize Vulnerability Item (VI) normalization, de-duplication, suppression, false positive handling, and asset-vuln correlation at scale.

8. Implement exception workflows (risk acceptance, compensating controls, deferrals) with risk justification and approvals.

9. Build executive and operational dashboards (exposure by service, asset tier, business unit, critical vulnerabilities, SLA breach, MTTR).

10. Establish multi-environment strategies (DEV/TEST/PROD), ATF coverage, upgrade readiness, and platform governance.



Generic Managerial Skills, If any

1. Strong analytical and troubleshooting skills.

2. Excellent communication and documentation skills.

3. Ability to work collaboratively across security, IT, and risk teams.

4. Self-driven and adaptable to fast-paced environments.

Key Words to search in Resume

ServiceNow SecOps, Security Incident Response (SIR) and Vulnerability Response (VR)

Pre-Screening Questionnaire

1. Do you have hands-on experience designing, configuring /customizing the ServiceNow SIR & VR modules? Response should be yes.

2. Do you have hands-on experience with scripting in ServiceNow? Response should be yes