Director, Product Security

Company Description

It all started when engineer Fred Luddy wrote code that automated a tedious task for his coworker, Phyllis. She cried tears of joy. That moment inspired Fred to build a company that could do that for everyone—freeing people from busywork so they could focus on meaningful work. Today, ServiceNow is the AI control tower for business reinvention. Our ServiceNow AI platform brings together any AI, any data, and any workflow— helping 85% of the Fortune 500® work smarter, faster, and better. We're building an AI-native culture where technology and talent are unstoppable together. And we're just getting started.

Join us to put AI to work for people.

Job Description

What you get to do in this role:

Lead a global offensive security team chartered to think and operate like the adversaries targeting our customers. Direct multi-quarter product red team campaigns whose findings drive material risk reduction across ServiceNow's platform. Influence engineering and security leadership with credible, business-framed assessments of customer-impacting risk.

Qualifications

To be successful in this role, you have:

15 years in offensive security, with at least 5 years leading red team or penetration testing teams
Demonstrated experience running multi-week adversary emulation campaigns against complex software products or cloud platforms — not just point-in-time pentests
Track record translating technical findings into business-impact language for executive and engineering audiences
People management experience, including hiring, performance management, and developing senior individual contributors
Experience red-teaming multi-tenant SaaS, enterprise platforms, or other shared-infrastructure products where cross-tenant impact is a primary risk
Deep technical fluency in at least two of: web application exploitation, cloud (AWS/Azure/GCP) attack paths, identity and authorisation systems, sandbox/runtime escape
History of partnering with product security, engineering, and detection teams to drive remediation through to closure — not just report-and-move-on
Background managing globally distributed teams across multiple time zones

Nice to have:

Prior work in product security, PSIRT, or vulnerability research at a major software vendor
Published research, conference talks, or recognised contributions to the offensive security community

Additional Information

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements.

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact [email protected] for assistance.

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities.

From Fortune. ©2026 Fortune Media IP Limited. All rights reserved. Used under license.