SecOps ServiceNow Technical Consultant

It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.

Job Description 

The Customer Outcomes SecOps Technical Consultant is the technical authority in customer engagements focused on ServiceNow Security Operations. This role combines deep cybersecurity operations knowledge with ServiceNow platform expertise to design and deliver implementations that accelerate threat detection, vulnerability remediation, and security incident response. The Senior TC operates independently, leads technical workshops, and drives complex integrations between the ServiceNow platform and the customer's broader security ecosystem. 

 

What you get to do in this role: 

Lead technical workshops with customer security teams to assess current security operations processes and design future-state workflows on the ServiceNow platform. 

Configure and deliver ServiceNow SecOps solutions — Security Incident Response (SIR), Vulnerability Response (VR), and Threat Intelligence — following ServiceNow leading practices and technical standards. 

Design and implement integrations between ServiceNow SecOps and external security tooling: SIEM (Splunk, QRadar, Microsoft Sentinel), vulnerability scanners (Qualys, Tenable, Rapid7), and threat intelligence platforms. 

Advise customers on how to leverage SecOps automation and orchestration to reduce MTTR and improve vulnerability SLAs. 

Provide oversight and technical review of configuration and integration work delivered by partner or customer developers. 

Guide customers through required documentation — business requirement workbooks, integration architecture diagrams, vulnerability remediation SLA frameworks. 

Provide feedback to ServiceNow product development based on implementation learnings and emerging customer security needs. 

Maintain and develop skills and certifications aligned to SecOps, cybersecurity, and platform integration. 

 

Key Responsibilities: 

• Design and deliver end-to-end SecOps implementations: Security Incident Response (SIR), Vulnerability Response (VR), Threat Intelligence 

• Build and maintain integrations with SIEM platforms (Splunk, QRadar, Microsoft Sentinel) and vulnerability scanners (Qualys, Tenable, Rapid7) via REST APIs and MID Server 

• Configure CMDB to support asset-aware vulnerability response and accurate risk scoring 

• Design automated orchestration and remediation workflows using Flow Designer and IntegrationHub spokes 

• Apply security frameworks (NIST, MITRE ATT&CK, CVE/CVSS) to define detection, triage, and remediation logic within the platform 

• Architect ServiceNow CMDB as the foundation for security operations — asset coverage, CI relationships, and risk-aware prioritization 

• Deliver technical design sessions and solution walk-throughs for CISO, SOC, and IT Security leadership audiences 

• Develop internal knowledge base, integration playbooks, and reusable implementation assets for the LATAM delivery team 

 

To be successful in this role you have: 

• Experience in leveraging AI or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving — including security automation, AI-driven threat detection, or AI-assisted vulnerability prioritization 

• 8+ years of experience in professional services, cybersecurity engineering, or security operations roles; or equivalent education/experience 

• Deep technical knowledge of cybersecurity operations: vulnerability management, security incident response, threat intelligence, and SOC workflows 

• Hands-on ServiceNow SecOps configuration experience — SIR, VR, or Threat Intelligence modules 

• Strong integration experience: REST APIs, JSON, MID Server, IntegrationHub — particularly with security tooling (Splunk, QRadar, Qualys, Tenable, Rapid7, Sentinel) 

• Solid CMDB knowledge — CI classes, discovery patterns, asset relationships — critical for vulnerability response accuracy 

• Familiarity with security frameworks: NIST CSF, MITRE ATT&CK, CVE/CVSS scoring, ISO 27001 

• ServiceNow certifications strongly preferred: CSA (Certified System Administrator); CIS-SecOps preferred 

• Ability to communicate complex security concepts clearly to both technical and executive audiences (CISO, SOC Manager, IT Director) 

• Professional-level English required; Spanish a strong differentiator for LATAM regional delivery 

• Ability to travel up to 30% across Brazil and LATAM region 

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. 

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact [email protected] for assistance. 

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. 

From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license.