Manager, Security Operations | 24248

IT Sydney, New South Wales


Manager, Security Operations

Reports to: Senior Manager, Security Operations

ServiceNow is building a global 24x7 incident response team, with people located in North America, APJ and EMEA. ServiceNow is looking to expand and mature the team in Australia to help cover its rapidly growing operations. The manager of the security operations team in Sydney will be responsible for managing and leading the existing team located there, increase capabilities and maturity of the Sydney team, recruit and hire new staff, perform relevant administrative tasks, and oversee monitoring, detection and response to security incidents within that team's area of responsibility. 

The Incident Response personnel investigate, analyze and manage response activities related to computer security incidents and data acquisition efforts within ServiceNow. These tasks include, but are not limited to: creating and maintaining incident tracking information; planning, coordinating, and directing recovery activities; and incident analysis tasks, including examining all available information, and supporting evidence or artifacts collection related to a security incident or event.

The manager will be expected to manage and coach the response team members to ensure that response to cyber security incidents are being performed consistently, adequately, and in a timely manner, train and develop the response team members, and bring thought leadership to ServiceNow in an effort to continuously improve incident response and security operations, overall. Additionally, coordinate response to significant incidents and assist with identifying information security risks and gaps, and assist with developing recommendations and plans to address risks and gaps.

The team based in Sydney is part of a larger global security operations team which monitors, detects, and responds to threats, analyzes threat intelligence, hunts for threats and is a key element of ServiceNow’s defense posture.

Periodically, will be called upon to handle incident escalations, interface and collaborate with other managers within ServiceNow, respond to priority situations in a timely manner, and may be required to brief executive level management.

Key Responsibilities Include:

Act as the primary escalation point for cyber security incidents within your area of responsibility, coordinating activity as needed and escalating when appropriate

Provide leadership to the security incident response team, act as a coach for incident responders and provide overall management of the team

Assess incident scope and impact

Prepare formal reports on incident findings

Act as a first responder for cyber security incidents as needed

Technical security leader responsible for monitoring of a global SaaS platform

Driver of the organization’s security incident response program and all associated processes

Measure and track KPIs and security incident response metrics

Responsible for hiring and retaining skilled security professionals

Utilize extensive technology resources to protect a massive multi-national datacenter production network

Instrument security monitoring technologies and alerting

Manage the team performing real-time computer security Incident Handling including forensic collections, intrusion correlation, threat analysis, and direct system remediation tasks to support Incident Response Teams (IRT)

Manage the team performing computer security incident triage to include determining scope, urgency, and potential impact as well as identification the specific vulnerabilities and make recommendations that enable remediation

Serve as a technical expert and liaise with other internal investigative and legal groups by providing support in reviewing forensic analysis, reports, and data and collaborate with other teams within ServiceNow

Manage the team performing analysis of logs from a variety of sources within the enterprise, to include individual host logs, network traffic logs, firewall logs, and intrusion detection system logs

Track and document security incidents from initial detection through final resolution including documenting requests and activities in case management system

Coordinate with and provide expert technical support to resolve computer security incidents working with other information security specialists to correlate threat assessment data, as needed

Document new and update current program procedures providing guidance and reports on incident findings to appropriate constituencies


In order to be successful in this role, we need someone who has:

Prior experience managing a security incident response team

Advanced understanding of Security Operations Center and Security Incident Response Team protocols and procedures

Ability to author clear and concise incident reports

Ability to work independently without direction for day to day activities

Ability to analyze and understand technical information

Ability to successfully interact with other managers and stakeholders

Manage resource scheduling during the time zone to ensure meeting SLAs and critical security incident handling coverage

Demonstrate strategic and tactical thinking, quantitative and analytical skills, while under pressure

Familiarity with general information security concepts and practices

Familiarity with change and incident management concepts and processes

Capable of learning new concepts and processes quickly, and adapting to a constantly changing environment.

Significant knowledge of security incident response processes and the ability to document and manage these processes

Strong communication skills with the ability to develop and maintain productive relationships across multiple teams in ServiceNow’s Saas and corporate environments

Experience gathering and auctioning threat intelligence data

Background working with data logging applications (SIEM)

Knowledge of internet security protocols and technologies.

The ability to analyze event and systems logs, perform forensic analysis, analyze malware, and other incident response related data, as needed.

Familiarity with intrusion detection systems and tools.

Knowledge of attack vectors, threat tactics and attacker techniques.

Understanding of Windows and Linux operating systems

Deep network and application security monitoring expertise preferably in a SaaS or multi-tenant computing environment

GSEC, GCIH, CEH, or GCIA certifications are a plus

ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, or veteran status. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at (408) 501-8550, or for assistance.