Lead Software Engineer - ServiceNow (Cybersecurity)

About the role

Responsible at the expert level for writing code and the overall team's technical requirements gathering. Completes work following banking technology standards and contributes to the overall stability and resiliency of banking technology within the Software Development Lifecycle (SDLC) while also coaching others. Experience leading design and development of ServiceNow SecOps solutions, including Security Incident Response (SIR), Major Security Incident Management (MSIM), and Service Catalog capabilities. Preferred experience leading design and development of Vulnerability Response / Unified Security Exposure Management (USEM) capabilities. Serve as technical lead and subject matter expert for ServiceNow SecOps, establishing and promoting best practices across cybersecurity operations workflows and platform implementations. Architect and implement end-to-end cybersecurity workflows, including incident intake, triage, investigation, containment, remediation, and closure processes. Design and maintain SIR workflows to support detection, enrichment, correlation, and response for security incidents. Lead implementation and optimization of USEM / Vulnerability Response processes, including vulnerability ingestion, prioritization, assignment, remediation tracking, and reporting. Integrate ServiceNow SecOps modules with external cybersecurity tools (e.g., SIEM, scanners, threat intelligence platforms) to enable automated data ingestion and response. Define and enforce cybersecurity workflow standards, including data models, severity/priority frameworks, SLAs, documentation standards, and audit requirements. Provide hands-on mentorship and technical coaching to engineers on ServiceNow SecOps development, scripting, workflow design, and documentation practices. Lead code reviews, design sessions, and troubleshooting efforts to ensure high-quality, secure, and scalable implementations. Partner with cybersecurity, risk, and infrastructure teams to align platform capabilities with enterprise cybersecurity strategy and policies. Configure and manage assignment groups, escalation paths, and approval processes for cybersecurity incidents, vulnerabilities, and commensurate operations. Drive adoption of automated response and orchestration patterns to reduce manual effort and improve response times. Ensure solutions meet security, compliance, and regulatory requirements, including auditability, traceability, and data protection standards. Oversee workflow performance and operational metrics (e.g., mean time to detect/respond, SLA adherence, remediation timelines) and drive continuous improvement. Support development and enhancement of Service Catalog items for security services, enabling standardized intake and request fulfillment. Collaborate with product owners, architects, and stakeholders to translate security requirements into scalable, technical solutions within Agile delivery practices. Contribute to platform strategy and roadmap, including expansion of ServiceNow SecOps capabilities and reduction of fragmented tooling. Communicate technical designs, risks, and decisions clearly to technical and non-technical stakeholders, including leadership during major incidents. Promote a culture of security-first engineering, continuous improvement, knowledge sharing, and Agile execution across the team. Produce professional documentation, commensurate with work efforts, following SDLC best practices. SKILLS AND EDUCATION REQUIRED Associate's degree and a minimum of 7 years' systems analysis and/or application development work experience or Bachelor's degree and a minimum of 5 years' systems analysis and/or application development work experience. In lieu of a degree, a combined minimum of 9 years' education and/or relevant work experience, including a minimum of 5 years' systems analysis and/or application development work experience Expert proficiency in at least one programming language and professional proficiency in at least one additional programming language, with hands-on experience in ServiceNow platform development (server-side and client-side scripting) Extensive experience developing and implementing ServiceNow SecOps solutions, including Security Incident Response (SIR), Vulnerability Response / Unified Security Exposure Management (USEM), and Service Catalog Proven experience designing and delivering complex security workflows, including incident triage, investigation, escalation, containment, remediation, and closure processes Strong understanding of cybersecurity concepts, including incident response lifecycle, vulnerability management, threat detection, and risk-based prioritization of issues Experience integrating ServiceNow with security tools (e.g., SIEM, vulnerability scanners, SOAR platforms) to support automated ingestion, enrichment, and response workflows Experience designing and implementing workflow-based solutions with approvals, SLAs, escalation paths, task orchestration, and lifecycle ma

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at mtb? Share your experience