Data Scientist (Security Research)

Job Title: Data Scientist (Security Research)
Location: Remote, WA

Company

Work matters. It’s where we spend a third of our lives. And the workplace of the future is going to be a great place. We’re dedicated to bringing that to life for people everywhere. That’s why we put people at the heart of everything we do.

People matter. Our people have a passion for learning, building, and innovating. Whether you’re an engineer, a sales professional, a finance professional, or anything in-between, our roles aim to provide each person with meaningful impact and plenty of space to grow.

Team

The Security Research team responds to application security escalation and focuses on risk reduction. Using a toolkit of code/program analysis and dynamic approaches, the Research team performs application deep dives to isolate problem root causes. Additionally, exploration techniques focus on problems broadly, measuring insecurity across ServiceNow’s cloud environment. A goal of the Research team is to maintain ServiceNow customer’s security enablement and continually improve ServiceNow’s cloud security reputation.

Role

As a Data Science focused Product Security Engineer on the Security Research team, you’ll be responsible for conducting and analyzing audits for reported application security vulnerabilities. Additionally, you will be responsible for applying data science to optimize existing workflows. You will also work with customers, external security researchers and developers to proof & document reported vulnerabilities. This will require data science and web application security knowledge as well as analytical debugging skills and strong programming language proficiency.

What you get to do in this role:

• Perform and analyze security audits to discover, communicate, and recommend remediation activities for vulnerabilities.
• Apply Data Science to optimize workflows with Customer Penetration tests, Bug Bounty, and Responsible Disclosure Programs.
• Help customers secure their environments and deal with respective regulatory requirements.
• Proactively research and quantify new attack vectors that may affect ServiceNow.
• Research security topics which are a risk to ServiceNow

In order to be successful in this role, we need someone who has:

• A passion for security
• Background in Statistics or Applied Mathematics
• 3-5 years of experience with common Python Data Science Libraries (eg. Pandas, NumPy)
• 1-2 years of experience of security auditing including code review
• Additional developer level proficiency in at least one language - Python, Java, or JavaScript preferred
• Experience with Machine Learning Packages (scikit-learn, nltk, Keras, Tensorflow, z3) preferred
• Ability to deliver technical reports and communicate technical concepts to both non-technical business users as well as technical stakeholders.

EEOE Statement Section

ServiceNow’s EEOE statement is automatically added to each U.S. based job description.