Lead Software Engineer - ServiceNow (Cybersecurity)

Responsible at the expert level for writing code and the overall team's technical requirements gathering. Completes work following banking technology standards and contributes to the overall stability and resiliency of banking technology within the Software Development Lifecycle (SDLC) while also coaching others.

• Experience leading design and development of ServiceNow SecOps solutions, including Security Incident Response (SIR), Major Security Incident Management (MSIM), and Service Catalog capabilities.
• Preferred experience leading design and development of Vulnerability Response / Unified Security Exposure Management (USEM) capabilities.
• Serve as technical lead and subject matter expert for ServiceNow SecOps, establishing and promoting best practices across cybersecurity operations workflows and platform implementations.
• Architect and implement end-to-end cybersecurity workflows, including incident intake, triage, investigation, containment, remediation, and closure processes.
• Design and maintain SIR workflows to support detection, enrichment, correlation, and response for security incidents.
• Lead implementation and optimization of USEM / Vulnerability Response processes, including vulnerability ingestion, prioritization, assignment, remediation tracking, and reporting.
• Integrate ServiceNow SecOps modules with external cybersecurity tools (e.g., SIEM, scanners, threat intelligence platforms) to enable automated data ingestion and response.
• Define and enforce cybersecurity workflow standards, including data models, severity/priority frameworks, SLAs, documentation standards, and audit requirements.
• Provide hands-on mentorship and technical coaching to engineers on ServiceNow SecOps development, scripting, workflow design, and documentation practices.
• Lead code reviews, design sessions, and troubleshooting efforts to ensure high-quality, secure, and scalable implementations.
• Partner with cybersecurity, risk, and infrastructure teams to align platform capabilities with enterprise cybersecurity strategy and policies.
• Configure and manage assignment groups, escalation paths, and approval processes for cybersecurity incidents, vulnerabilities, and commensurate operations.
• Drive adoption of automated response and orchestration patterns to reduce manual effort and improve response times.
• Ensure solutions meet security, compliance, and regulatory requirements, including auditability, traceability, and data protection standards.
• Oversee workflow performance and operational metrics (e.g., mean time to detect/respond, SLA adherence, remediation timelines) and drive continuous improvement.
• Support development and enhancement of Service Catalog items for security services, enabling standardized intake and request fulfillment.
• Collaborate with product owners, architects, and stakeholders to translate security requirements into scalable, technical solutions within Agile delivery practices.
• Contribute to platform strategy and roadmap, including expansion of ServiceNow SecOps capabilities and reduction of fragmented tooling.
• Communicate technical designs, risks, and decisions clearly to technical and non-technical stakeholders, including leadership during major incidents.
• Promote a culture of security-first engineering, continuous improvement, knowledge sharing, and Agile execution across the team.
• Produce professional documentation, commensurate with work efforts, following SDLC best practices.

SKILLS AND EDUCATION REQUIRED

• Associate’s degree and a minimum of 7 years’ systems analysis and/or application development work experience or Bachelor's degree and a minimum of 5 years' systems analysis and/or application development work experience. In lieu of a degree, a combined minimum of 9 years’ education and/or relevant work experience, including a minimum of 5 years’ systems analysis and/or application development work experience
• Expert proficiency in at least one programming language and professional proficiency in at least one additional programming language, with hands-on experience in ServiceNow platform development (server-side and client-side scripting)
• Extensive experience developing and implementing ServiceNow SecOps solutions, including Security Incident Response (SIR), Vulnerability Response / Unified Security Exposure Management (USEM), and Service Catalog
• Proven experience designing and delivering complex security workflows, including incident triage, investigation, escalation, containment, remediation, and closure processes
• Strong understanding of cybersecurity concepts, including incident response lifecycle, vulnerability management, threat detection, and risk-based prioritization of issues
• Experience integrating ServiceNow with security tools (e.g., SIEM, vulnerability scanners, SOAR platforms) to support automated ingestion, enrichment, and response workflows
• Experience designing and implementing workflow-based solutions with approvals, SLAs, escalation paths, task orchestration, and lifecycle management
• Strong understanding of ServiceNow platform architecture, data model, and best practices for secure and scalable implementations
• Experience leading development efforts and guiding implementation of reusable, automated, and scalable security process solutions
• Experience with source control, CI/CD pipelines, and deployment processes aligned to SDLC and security/compliance requirements
• Strong ability to translate cybersecurity and business requirements into secure, scalable, and maintainable technical solutions
• Advanced troubleshooting and debugging skills within ServiceNow SecOps or similar security and workflow platforms

PREFERRED SKILLS

• Expert analytical and problem-solving skills specific to cybersecurity, incident response, and vulnerability management
• Proven experience leading technical initiatives and delivering complex security workflow solutions across multiple teams
• Experience mentoring and coaching engineers on ServiceNow SecOps development, security workflows, and platform best practices
• Experience designing enterprise-scale security workflow architectures, including major incident management (MSIM), incident escalation, and coordinated response processes
• Strong experience partnering with cybersecurity, risk, infrastructure, and application teams to implement integrated security solutions
• Experience implementing automated response and orchestration patterns (e.g., SOAR integrations, automated remediation workflows)
• Familiarity with security frameworks, regulatory requirements, and audit practices (e.g., incident tracking, evidence collection, traceability)
• Experience working with vulnerability management programs, including prioritization, SLA tracking, and remediation lifecycle management
• Strong organizational, time management, and advanced communication skills, including ability to present to both technical and non-technical stakeholders
• Experience driving adoption of standards, automation, and secure engineering practices across teams
• ServiceNow Certified System Administrator (CSA)
• ServiceNow Certified Application Developer (CAD)
• ServiceNow Certified Implementation Specialist – Security Incident Response (CIS-SIR)
• ServiceNow Certified Implementation Specialist – Vulnerability Response (CIS-VR) or equivalent (USEM-aligned)
• ServiceNow Certified Implementation Specialist – IT Service Management (CIS-ITSM)
• Security certifications such as CISSP, CISM, CEH, or Security+
• Automation / SOAR or cloud security-related certifications

We support our team members with generous benefits. 

• Competitive compensation 
• Health, welfare, and retirement benefits 
• 401(k) match at 5% 
• Work-life balance and flexible work arrangements 
• Banking Officers start with 25 days PTO plus 12 paid holidays  
• 40 hours paid volunteer hours per year 
• Much more. For details, see: M&T Benefits Overview