ServiceNow SecOps ArchitectStamford, Onsite, Any Visa, Full time, Contract Jobs in USA

Apply Now

ServiceNow SecOps Architect

Location: Stamford, Connecticut (CT)

Contract Type: C2C

Posted: 18 hours ago

Closed Date: 04/23/2026

Skills: ServiceNow SIR & VR module, JavaScript, Glide API, Flow Designer, and REST/SOAP integrations.

Visa Type: Any Visa

Position: ServiceNow SecOps Architect

Location: Stamford, CT (Onsite)

Job Description

12+ years of hands-on development experience in ServiceNow platform.

5+ years of experience specifically in Security Incident Response (SIR) and Vulnerability Response (VR) implementation.

Design, configure and customize ServiceNow SIR & VR module

Design and develop workflows, business rules, client scripts, and integrations supporting the SIR & VR lifecycle.

Integrate VR with external vulnerability scanners and CMDB (Configuration Management Database) to automate import and correlation of vulnerability data.

Configure MID Servers, data sources, and API connections for vulnerability data ingestion.

Develop automation for vulnerability assignment, remediation tracking, and exception management.

Create custom dashboards, reports, and Performance Analytics indicators for vulnerability KPIs and trends.

Strong understanding of SOC operations & Incident response frameworks (NIST, SANS)

Experience working with SIEM, SOAR, EDR, and vulnerability tools.

Strong understanding of ServiceNow CMDB, Discovery, and ITSM processes.

Experience integrating with vulnerability scanners (Qualys, Tenable, Rapid7, Prisma Cloud, etc.).

Knowledge of JavaScript, Glide API, Flow Designer, and REST/SOAP integrations.

Work with business stakeholders, technical stakeholders, onsite and offshore team to own the delivery of work.

Roles & Responsibilities

Lead end-to-end architecture for ServiceNow SecOps SIR & VR, including data model, scopes, and modular design aligned to platform guardrails and performance best practices.
Define SecOps governance standards and design patterns
Define prioritization models and Risk Score formulas to drive actionable SLAs and dashboards.
Design and develop robust CMDB relationships to tie vulnerabilities to assets, services, and business applications (CIs), enabling service-aware remediation and reporting.
Enable bi-directional integration between SIR and ITSM.
Integrate enterprise vulnerability scanners (e.g., Tenable, Qualys, Rapid7) and threat intel feeds; tune parsing, de-duplication, and matching logic.
Optimize Vulnerability Item (VI) normalization, de-duplication, suppression, false positive handling, and asset-vuln correlation at scale.
Implement exception workflows (risk acceptance, compensating controls, deferrals) with risk justification and approvals.
Build executive and operational dashboards (exposure by service, asset tier, business unit, critical vulnerabilities, SLA breach, MTTR).
Establish multi-environment strategies (DEV/TEST/PROD), ATF coverage, upgrade readiness, and platform governance.