Principal Outbound Product Security Manager
- Full-time
- Employee Type: Regular
- Region: AMS - North America and Canada
- Work Persona: Flexible
Company Description
It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.
Job Description
**PLEASE NOTE** This role has a minimum of 2 days per week in Santa Clara, CA or San Diego, CA offices requirement. If you are unable to come into the Santa Clara or San Diego Office for a minimum of 2 days per week, please do not apply. Thank you.
The ServiceNow Security Organization (SSO)
The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact
The Opportunity
ServiceNow's Product Security organization is undergoing a fundamental transformation—from reactive to proactive, from reporting issues to delivering solutions. This role is critical to that transformation to bridge the gap between cutting-edge AI security challenges and practical, implementable solutions that our engineering teams will actually adopt.
This is not a traditional PM role. You'll need technical depth to earn credibility with skeptical engineers and product excellence to drive adoption without friction.
The Challenge
Our world-class engineering organization needs a security partner they can trust—someone who understands their constraints, speaks their language, and brings solutions, not just problems. Your technical depth must earn their trust, while your product acumen drives adoption of security solutions that enhance, rather than hinder, developer productivity.
Our Guiding Principles
- Protect the Brand: Reduce the impact of major security incidents.
- Enable the Business: Maintain and automate regulatory compliance (FedRAMP, GDPR, etc.).
- Secure by Default: Ship secure products with minimal friction for customers.
- Partner Seamlessly: Integrate security ("shift left") without slowing down engineering.
What You'll Do
- Own the AI Security Product Strategy (40%)
- Define and drive the product roadmap for securing agentic AI across internal systems and customer offerings
- Balance emerging AI threats (prompt injection, model extraction, data poisoning) with implementation realities
- Transform Red Team findings and security research into a prioritized, data-driven backlog
- Shift the narrative from "security as tax" to "security as competitive advantage"
Be the Technical Authority (35%)
- Lead architectural reviews with deep expertise in:
- Agentic AI frameworks (LangChain, LangGraph) and their attack surfaces
- Authentication patterns for distributed AI systems (OAuth 2.0, OIDC, MCP, A2A protocols
- LLM vulnerabilities and practical mitigations
- Provide hands-on guidance that minimizes friction while maximizing protection
- Earn engineering trust through demonstrated technical depth, not position or process
Drive Cross-Functional Execution (25%)
- Partner with Platform and Product Engineering PMs to embed AI security into development lifecycles
- Define success metrics that balance security effectiveness with developer experience
- Coordinate with Documentation, Training, and Professional Services for smooth rollouts
- Engage key enterprise customers on their AI security requirements
Qualifications
To succeed in this role, you have:
- Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI’s potential impact on the function or industry.
- 15+ years in product management, product ownership, or technical product analysis within commercial software product companies.
- 3-5+ years focus on Security, AI Security, or GenAI
- Hands-on experience with agentic AI frameworks and their security implications
- Deep understanding of authentication/authorization protocols and emerging AI-specific patterns
- Track record of shipping security products in collaborative, cross-functional environments
- Technical credibility - ability to read code, review architectures, and challenge technical decisions
What Sets Great Candidates Apart
- Experience at an AI Security startup or leading AI security at an enterprise company
- Published research, blog posts, or conference talks on AI security
- Security certifications that demonstrate depth (CISSP, OSCP, SANS GIAC)
- Success turning skeptical engineering partners into security champions
- Program management experience driving complex, multi-team initiatives
The Intangibles We Value
- Exceptional communication - can influence both senior engineers and executives
- Data-driven decision making with strong product instincts
- Comfortable with ambiguity in a rapidly evolving domain
- Builder mentality - more interested in shipping solutions than writing reports
Our Four Guiding Principles
Your work will directly support our transformation goals:
- Protect the Company: Reduce impact of major security incidents and protect ServiceNow's brand reputation.
- Unlock Regulated Markets: Maintain and automate compliance with evolving government requirements (FedRAMP, GDPR, EU AI Act)
- Delight Customers: Ship secure-by-default products that protect customer data without adding complexity to their experience—security that just works.
- Empower Engineering: Partner seamlessly with development teams, shifting security left while enhancing (not hindering) developer productivity through low-friction tools and processes.
Why This Role Matters
You'll shape how thousands of enterprises secure their AI implementations while working with industry-leading security researchers and engineers. This high-visibility role reports to the Sr. Director of Product Security Engineering and offers the opportunity to define the future of enterprise AI security.
If you're equally comfortable debating threat models with security researchers and roadmap priorities with VPs of Engineering—and you thrive in turning technical complexity into elegant product solutions—we want to hear from you.
#SecurityJobs
Additional Information
Work Personas
We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.
Equal Opportunity Employer
ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements.
Accommodations
We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact [email protected] for assistance.
Export Control Regulations
For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities.
From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license.