Skip to main content
Back to jobs

Senior Manager - Product Red Team

External
Servicenow logoServicenow · Petah Tikva, IL
Full-timeOn-site1d ago
ComplianceDocumentationIncident ResponseLeadershipRisk Management
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role


Responsibilities

  • Establish Operations Objectives, Policies & Procedures
  • Own Product Red Team's operation objectives and engagement selection criteria in alignment with product security roadmap and risk register, CISO directives, and company priorities.
  • Expand upon rules of engagement, threat actor emulation standards, testing policies, and protocols.
  • Establish operational security procedures for covert operations, detection evasion, and incident response protocols.
  • Create escalation procedures and approval frameworks for high-risk engagements.
  • Own campaign selection processes, engagement proposal templates, and findings documentation and readout standards.
  • Define Engagement Framework & Success Metrics
  • Design and implement engagement types: vulnerability risk assessment, product security assessments, and ongoing adversarial campaigns.
  • Establish and report on technical and operational success metrics: kill chain coverage, remediation velocity, and detection engineering insights.
  • Create reporting templates-technical findings, executive briefings, engineering recommendations-that drive actionable remediation.
  • Define boundaries and operational testing windows in coordination with product engineering and detection engineering teams.
  • Lead Offensive Operations Team
  • Build team capability across threat actor emulation, exploit development, persistence mechanisms, supply chain security, and AI-specific attack vectors (prompt injection, model manipulation, data poisoning).
  • Mentor team on operational security tradecraft, documentation discipline, and risk management under ambiguous conditions.
  • Support team members in their time zones, spanning from US West Coast to India.
  • Conduct Complex Offensive Operations
  • Design and execute operations simulating realistic attack paths against synthetic customer instances-from initial access through persistence, lateral movement, and data staging.
  • Demonstrate real-world exploitability of vulnerability chains, design flaws, and configuration gaps.
  • Validate security controls, detection capabilities, and logging sufficiency across kill chain phases.
  • Identify and exploit legitimate ServiceNow features for malicious purposes ("living off the land" testing) to reveal detection gaps.
  • Build and operate proof-of-concept exploits and command & control channels that inform both remediation and detection priorities.
  • Navigate Cross-Functional Complexity
  • Persuade product engineering leadership through threat demonstration, remediation prioritisation, and security feature recommendations based on evidence-based risk assessment.
  • Coordinate with Detection Engineering and Purple Team on testing windows, alert tuning, and detection blind spots identified through campaigns.
  • Collaborate with Product Security leadership on engagement approval, customer data handling exceptions, and privacy/compliance trade-offs.
  • Advise CISO and VP leadership on emerging attack vectors-particularly AI-driven threats-and systemic product security gaps.
  • Manage stakeholder expectations around operational secrecy, testing windows, and capability limitations.
  • Drive Product Security Outcomes
  • Show the business impact of chained vulnerabilities through realistic exploitation scenarios and customer-relevant context.
  • Influence product design decisions through security architecture recommendations and validated control requirements.
  • Identify new vulnerabilities ahead of external researchers and bug bounty programs.
  • Build organisational confidence in product security posture through tested detection maturity and observed remediation effectiveness.
  • 12+ years of offensive security experience, with minimum 5+ years leading offensive operations teams in mission-critical environments.
  • Background in leading covert offensive cyber operations in:
  • Intelligence communities, or
  • Contracted equivalent, or
  • Top-tier private-sector adversary emulation firms or internal teams.
  • Expertise in:
  • Threat actor emulation and MITRE ATT&CK methodologies as translated and applied to product security.
  • Exp

Additional Information

ServiceNow seeks an experienced offensive security leader to build and lead the Product Red Team. This newly established function emulates real-world attacks against synthetic ServiceNow customer instances to identify vulnerabilities, misconfigurations, and design gaps before external threat actors or researchers discover them. This role requires an operator who has led offensive security operations in high-consequence environments-covert intelligence or military settings preferred-with proven ability to establish operational standards, navigate ambiguous mission parameters, and influence cross-functional stakeholders around complex security trade-offs. You will build upon this team's charter, engagement frameworks, and rules of engagement with other teams. You will help drive ServiceNow's product security and response posture through adversary emulation, vulnerability research, exploit development, and collaboration with other offensive and defensive teams.


Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Servicenow? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect