Security Operations Triage Lead | 20411

IT Hyderabad, India


This role will be part of the ServiceNow Security Office, responsible for analyzing  , responding to events across a large and complex environment in order to identify security incidents, protect ServiceNow and protect ServiceNow customers. Candidate  will use their exceptional judgment and security expertise to distinguish truly interesting events from "noise". In a typical hour, an analyst might examine a malicious email, investigate an unusual login, and analyse a PC with a potential malware issue. Between these events, they will interact with ServiceNow colleagues around the world.


A successful candidate will have acute attention to detail, a healthy dose of paranoia and a logical approach to analysis and problem solving. This role also needs exceptional communication skills (verbal and written), and an ability quickly understand complex information while recognizing familiar elements within complex situations. This position is based in our new facility in Hyderabad, India. The role is a key part of our global security office, involving daily interaction with other security teams and other non-security teams, which means fluent English is essential. Must be willing to work weekends, when necessary.


Required Skills & Experience At least 7 years of full-time experience within a security monitoring team, Security Operations Centre (SOC) ,  Incident Response team or lead for  SOC team.


Familiarity with system administration and security controls on Microsoft Windows , Linux Experience  , MAC OS and investigating security issues and / or complex operational issues


Knowledge of email security threats and security controls, including experience analysing email headers


Knowledge on analysing events from Endpoint controls for Windows , Linux , MAC.


Strong technical understanding of network fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS / TLS, and SMTP


Working Experience using log analytical solution to triage security events and respond to security incidents


Experience reviewing system and application logs (e.g., web or mail server logs), either to investigate security issues or complex operational issues


Strong interest in information security, including awareness of current threats and security best practices



Desired Skills & Experience

The following items are not hard requirements but would be an advantage:

A relevant specialist degree (e.g., information security)

Relevant information security certifications such as GCIH, GCIA, GSEC, CEH, Security+, SSCP, or CISSP

Familiarity with system administration in a Windows Domain / Active Directory environment.

Familiarity with core concepts of security incident response, e.g., the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc.

Experience coordinating incident response, troubleshooting, or other complex issues across a global organization

Familiarity with ServiceNow Product

Knowledge of scripting and common web technologies (e.g., Python, Perl, Unix shell scripts, PowerShell, JavaScript)

Active involvement in the information security community

ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, or veteran status. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at (408) 501-8550, or for assistance.