Director, Security Research & Development

It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.

**PLEASE NOTE**:  This role requires a minimum of 2 days per week in the Bay Area Service Now Offices.  If you cannot meet this requirement, we ask that you please do not apply.  Thank you.

The ServiceNow Security Organization (SSO)

The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact.

The Opportunity
ServiceNow’s Product Security organization is investing in a dedicated Security R&D function — a software engineering team embedded within Product Security that builds security capabilities with the same rigor, CI/CD discipline, and quality standards as ServiceNow’s product engineering organization. We are looking for a Director to lead and scale this team.

Security R&D operates in two complementary modes. First, through open contribution to product engineering — writing code alongside and directly into product engineering efforts where security domain expertise adds value. Second, by designing and developing its own security capabilities, both internal tooling and externally facing product features, including AI-powered security automation, third-party integrations, and platform-native security services.

A small US-based team is already in place. The Director will grow and reshape this team while simultaneously standing up a new engineering hub in Israel — a strategic investment committed to by senior leadership. This is primarily a greenfield build: the technical vision, team culture, engineering identity, and hiring bar are yours to define.  This role reports to the Senior Director of Product Security Engineering.

What Makes This Role Unique

• Builder-led culture: Security R&D is defined by engineering output, not advisory reviews. We emphasize building production security capabilities with the same discipline as product engineering.
• Dual operating model: Your team both contributes directly to product engineering and develops its own security products and services — a rare combination that requires deep engineering credibility and strong product instincts.
• Platform advantage: ServiceNow owns the entire stack — runtime, ACLs, data layer, workflow engine. You can build security capabilities that no external vendor can replicate.
• Global scope: Standing up the Israel hub is a strategic investment. You will shape a world-class engineering center from its inception, with direct influence on its culture and technical direction.
• AI intersection: The role collaborates closely with AI Security on agent security tooling, placing you at the frontier of securing AI systems at enterprise scale.

Build and Lead a Globally Distributed Engineering Team

• Scale the existing US-based Security R&D team and stand up a new engineering hub in Israel. Hire engineering managers, senior engineers, and architects across both sites.
• Establish the Israel hub as a high-performing engineering center. Hire local leadership, define operating rhythms across time zones, and travel regularly to build team cohesion and culture.
• Define the org structure, team charters, and technical ownership model across the US and Israel. Ensure seamless collaboration between sites.
• Set the hiring bar and engineering culture: this is a team of software engineers with deep security expertise, not security consultants who happen to write code.

Drive Security Engineering at Platform Scale

• Lead the development of AI-powered automated security review capabilities, integrating in-house models and third-party services to dramatically expand security review coverage across ServiceNow’s codebase.
• Drive open contributions to product engineering in security-critical areas, embedding Security R&D engineers directly into product teams where their domain expertise accelerates delivery.
• Design and build Security R&D’s own capabilities — security tooling, automation, and platform services — both for internal consumption and as externally facing product features.
• Leverage ServiceNow’s unique platform advantages — ownership of the Agent Framework runtime, ACL enforcement, data layer, and workflow engine — to build security capabilities that external vendors cannot replicate.
• Collaborate with the AI Security team on AI agent security tooling, bringing software engineering discipline to securing AI systems at enterprise scale.
   

Operate as an Engineering Peer

• Represent Security R&D credibly to senior engineering leadership. This role demands a leader who is seen as a peer who ships production code, not an advisor who reviews it.
• Partner with embedded product managers to define and execute the Security R&D roadmap, balancing long-term platform investments with near-term delivery milestones.
• Build relationships across Product Security’s other functions to ensure Security R&D amplifies their impact through engineering.

Required

• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI’s potential impact on the function or industry. 
• 20+ years of progressive experience in software engineering and security, spanning hands-on development through engineering leadership OR related experience and education
• Bachelor’s degree in Engineering, Computer Science, or a related technical field.
• Deep expertise across multiple security domains, including application security, infrastructure security, identity and fraud prevention, insider threat, and trust & safety.
• 5+ years of engineering management experience leading and scaling teams of 25+ engineers, including hiring managers and building leadership layers.
• Demonstrated track record of building engineering teams and capabilities from scratch (0→1), not only inheriting and optimizing existing organizations.
• Strong hands-on software engineering foundation with production experience in Python and Java. You started as a builder and never stopped thinking like one.
• Experience managing globally distributed engineering teams across multiple time zones and geographies, including team buildouts in new locations.
• Enterprise-scale software engineering experience at a major SaaS, cloud, or technology company — building systems that serve millions of users with high availability, security, and regulatory compliance requirements.
• Hands-on experience with AI/ML systems, GenAI, or Agentic AI technologies — building, integrating, or securing them within enterprise products.
• Ability to operate as a credible engineering peer to VP and Sr. Director-level product engineering leaders — holding your own in architecture reviews, design discussions, and roadmap negotiations.
   

Preferred

• Experience in fraud prevention, identity security, regulatory compliance technology (OFAC, FinCEN, PCI, SOX), or insider threat programs at a major SaaS or fintech company.
• Familiarity with enterprise security frameworks (NIST, SSDLC) and practical experience translating compliance requirements into engineering solutions.
• Experience with container and Kubernetes security, runtime security (e.g., Falco), OPA policy enforcement, service mesh security, or cloud-native security architectures (AWS preferred).
• Background building security capabilities that ship as part of a commercial product, not only internal tooling.
• Experience with MLOps pipelines, prompt engineering, or agentic frameworks (e.g., LangChain, LangGraph) in a production security context.
   

#SecurityJobs 

For positions in this location, we offer a base pay of $240,100 - $420,200, plus equity (when applicable), variable/incentive compensation and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, ESPP, matching donations, a flexible time away plan and family leave programs. Compensation is based on the geographic location in which the role is located and is subject to change based on work location.

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. 

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact [email protected] for assistance. 

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. 

From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license.