Staff Software Engineer - Product Security
ServiceNow’s Product Security organisation is building a dedicated Security R&D function — a software engineering team that builds security capabilities with the same engineering rigour as ServiceNow’s product organisation. We are looking for a Staff Security Engineer to be a core contributor on this team. Security R&D operates in two complementary modes: open contribution to product engineering — writing code alongside product teams where security expertise adds value — and developing its own security capabilities , including internal tooling, externally facing product features, AI-powered security automation, and third-party integrations. This is a new team being stood up in Petah Tikva, Israel, co-located with ServiceNow’s AI Security Research team. You will help shape the team’s engineering practices and technical foundation from day one. This role reports to the Sr. Engineering Manager, Security R&D. What You Will Do Build Security Capabilities Design and develop security tooling, automation, and platform services that operate at ServiceNow’s enterprise scale. Contribute code directly into ServiceNow product engineering codebases, embedding security capabilities where they have the highest impact. Build AI-powered security automation by integrating in-house models and third-party services into production workflows. Leverage ServiceNow’s platform — Agent Framework runtime, ACL enforcement, data layer, and workflow engine — to create security capabilities that external vendors cannot match. Collaborate Across Teams Work closely with the AI Security Research team on tooling for AI agent security, translating research insights into production-grade engineering. Partner with product engineering teams during open contribution engagements, earning trust through code quality, reliability, and delivery. Participate in design reviews, code reviews, and architecture discussions, contributing to the team’s technical standards and engineering culture. Grow with the Team Help define engineering best practices as a founding member of the Security R&D team. Contribute to hiring and onboarding as the team scales, helping maintain the engineering bar. Stay current on emerging AI/ML technologies and security threats, bringing new ideas into the team’s roadmap. What Makes This Role Unique Builder-led culture: Security R&D is defined by engineering output, not advisory reviews. We build production security capabilities with the same discipline as product engineering. Dual operating model: The team both contributes directly to product engineering and develops its own security products and services. Platform advantage: ServiceNow owns the entire stack — runtime, ACLs, data layer, workflow engine. You will build security capabilities that no external vendor can replicate. Founding team: This is a new team being built from scratch. You will shape its engineering culture, technical standards, and identity from day one. AI intersection: The role sits alongside the AI Security Research team, placing you at the frontier of securing AI systems at enterprise scale. To be successful in this role, you have: 8+ years of professional software engineering experience building production systems at scale. Bachelor’s degree in Computer Science, Engineering, or a related technical field. Strong hands-on proficiency in Python and Java. You write production code daily and take pride in software craftsmanship. Solid foundation in distributed systems, cloud-native architectures, and building services that meet enterprise requirements for scalability, reliability, and performance. Experience working in collaborative engineering environments, contributing to shared codebases with high code quality standards. Interest in or exposure to security engineering concepts — application security, infrastructure security, identity systems, or trust & safety. A security mindset is valued; deep security expertise can be developed on the team. Curiosity about AI/ML and next-generation AI technologies. You don’t need to be an AI expert, but you should be excited about building at the intersection of security and AI. Preferred Experience with security tooling development, SSDLC automation, or building security features into a product. Familiarity with container/Kubernetes environments, cloud security, or infrastructure-as-code. Exposure to AI/ML pipelines, LLM integration, or agentic frameworks. Experience in a SaaS or platform company building multi-tenant enterprise software. Experience working in a globally distributed engineering team.