ServiceNow SecOps Business Process / Technical Consultant

PRISM is seeking a strategic and technically skilled ServiceNow SecOps Business Process / Technical Consultant to support a U.S. Government customer on a mission-critical cyber operations program. This role is essential for designing, developing, and implementing robust ServiceNow Security Operations (SecOps) solutions that significantly enhance the customer's capability to detect, respond to, and remediate security threats.
This position is a hybrid role, demanding expertise across ServiceNow SecOps development, integration engineering, and process consulting. The successful candidate will collaborate directly with security stakeholders, translate complex mission requirements into definitive technical designs, and deliver scalable, secure, and highly automated SecOps capabilities within the ServiceNow platform.

Key Responsibilities

• ServiceNow SecOps Implementation: Design, prototype, and implement core ServiceNow SecOps applications, including:
  • Security Incident Response (SIR): Develop enrichment, correlation rules, and advanced automated playbooks.
  • Vulnerability Response (VR): Configure scanner integrations (e.g., Tenable), design remediation workflows, and automate patch group assignments.
  • Configuration Compliance (CC): Implement policy exception handling, remediation task automation, and compliance dashboards.
  • Threat Intelligence (TI): Engineer ingestion of Indicators of Compromise (IOCs), sightings search, and enrichment workflows (e.g., VirusTotal, Hybrid Analysis).
• System Integration Engineering: Develop custom integrations with SIEM, scanner, and threat intelligence tools (e.g., Splunk, Tenable) utilizing IntegrationHub, REST/SOAP APIs, and the MID Server.
• Automation & Orchestration: Build and maintain advanced orchestration playbooks, Flow Designer workflows, Business Rules, and Script Includes to automate enrichment and response actions, supporting the customer's roadmap for improved SecOps efficiency.
• Process Consulting: Lead technical workshops with SOC, Incident Response (IR), and Vulnerability Response (VR) teams to capture mission needs, define business requirements, and translate them into sustainable technical solutions.
• Documentation & Governance: Document and maintain comprehensive policies, procedures, and technical designs adhering to Agile development practices and secure coding standards.
• Performance Monitoring: Create and maintain Performance Analytics dashboards and KPIs to provide real-time visibility into the organization's security posture.
• Sustainment & Mentorship: Support incident resolution and sustainment of the production ServiceNow SecOps environment, providing mentorship and knowledge transfer to client staff.

Required Qualifications

• Citizenship & Clearance: U.S. Citizenship is required. Must be able to obtain DHS program suitability and a TS/SCI clearance.
• Experience: 8+ years of software development, IT security, or IT systems engineering experience.
• ServiceNow SecOps Expertise: Minimum 4+ years of ServiceNow experience, with at least 2+ years specifically focused on SecOps applications (SIR, VR, CC, or TI).
• Technical Depth: Strong knowledge of ServiceNow administration, advanced configuration, and custom application development.
• Integration & Automation: Hands-on experience with Flow Designer, Orchestration, IntegrationHub, and MID Server. Proven experience integrating ServiceNow with SIEM, vulnerability scanners, and threat intelligence platforms.
• Web Technologies: Strong technical skills in web technologies (JavaScript, HTML, XML, Angular, CSS) and integration technologies (REST, SOAP, LDAP, SSO).
• Frameworks: Familiarity with federal cybersecurity frameworks (NIST 800-53, FedRAMP, CISA KEV, MITRE ATT&CK).
• Education: Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, Systems Engineering, or a related discipline, plus at least 8 years of directly relevant work experience.
  • Substitution: An additional 10 years of directly relevant work experience (for a total of 18+ years) may be substituted in lieu of a degree.

Desired Skills & Certifications
Desired Skills:

• Experience supporting DHS, DoD, or Intelligence Community customers.
• Experience deploying future-state SecOps processes, including vulnerability management and threat intel workflows.
• Familiarity with Splunk use cases for security operations and event correlation.
• Experience with collaboration tools (MS Teams, Atlassian Jira/Confluence).
• Strong analytical, problem-solving, and consulting skills in complex security environments.
• Information Systems Security Engineering Professional (ISSEP) or Information System Security Architect Professional (ISSAP) certification.

Desired Certifications:

• ServiceNow Certified System Administrator (CSA).
• ServiceNow Certified Application Developer.
• ServiceNow Certified Implementation Specialist - SecOps (SIR, VR, or CC).
• ITIL v4 Foundation certification (or willingness to complete within one year).
• DoD 8570.1-M Compliance at IAT Level I (e.g., CISSP) certification highly desired.