It all started when engineer Fred Luddy wrote code that automated a tedious task for his coworker, Phyllis. She cried tears of joy. That moment inspired Fred to build a company that could do that for everyone—freeing people from busywork so they could focus on meaningful work. Today, ServiceNow is the AI control tower for business reinvention. Our ServiceNow AI platform brings together any AI, any data, and any workflow— helping 85% of the Fortune 500® work smarter, faster, and better. We're building an AI-native culture where technology and talent are unstoppable together. And we're just getting started.

Join us to put AI to work for people.

The ServiceNow Security Organization (SSO)

The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact 

ServiceNow’s Security Incident Command (SIC) team is seeking an experienced senior security incident commander to join our fast-growing team. This role will support the orchestration of incident response strategy and communications during critical information security-related incidents.   

About the SIC team  

The SIC team maintains and executes the Major Security Incidents (MSI) lifecycle within ServiceNow, including Preparation, Response, and Recovery. MSIs are our most challenging and impactful security incidents which pose active or heightened risk to the company and/or our customers.    

Key value areas are preparing the company for MSIs through tabletop exercises (TTX), coordination of activity between many response workstream partners, maintenance and development of playbooks and procedures, tracking key MSI metrics and facts to keep everyone oriented, and communicating status, milestones, blockers, and critical decisions needed to senior management and executive stakeholders, including the CISO.    

What you get to do in this role 

• Orchestration of response and remediation of incident response for highest criticality security events.  
• Take ownership and lead response to critical incidents within the company. 
• Establish and mature documentation surrounding protocols and procedures governing the security incident command team. 
• Prepare and deliver communications, including executive summaries and incident briefings, to key stakeholders during and after incident response.  
• Conduct rapid response, mitigation, and investigations on the highest priority cases impacting ServiceNow and user data.  
• Partner with the team members across multiple regions to drive response and investigations globally.  
• Organization and facilitation of scenario-based exercises to test and improve incident management and response strategies. 
• Maintenance of existing playbooks and procedures, as well as developing new ones, to further standardize SIC and its partners' responses when verifying MSIs. 
• Contribute to the organization and completion of Post-Incident Reviews (PIRs) and Root Cause Analyses (RCAs) following major security incidents. 
• Identify new ways to simplify, integrate, automate and refine the major security incident process to better support internal and external stakeholders. 

Qualifications  

• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making or  problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights,  or exploring AI’s potential impact on the function or industry. 
• 12+ years of total cybersecurity professional experience or similar experience with education 
• 5–8+ years of deep domain expertise in incident response and/or incident management 
• Experience leading or supporting complex security incidents to resolution end-to-end.  
• Excellent verbal and written communication skills (English) 
• Comfort communicating complex topics in a clear and concise manner to different tiers of audiences (highly        technical, less technical, executives, practitioners) 
• Problem-solving and decision-making skills 
• Ability to quickly and accurately assess a situation, identify and prioritize risks, and make sound decision 
• Familiarity with cybersecurity principles and frameworks (e.g. MITRE ATT&CK).  
• Knowledge across multiple security domains is a plus.  
• Experience planning and/or orchestrating tabletop exercises is a plus. 

#SecurityJobs 

West Palm Beach Florida (WPB) is available to for Relocation.  Full relocation costs are provided by ServiceNow

For positions in this location, we offer a base pay of $165,500 - $289,600, plus equity (when applicable), variable/incentive compensation and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, ESPP, matching donations, a flexible time away plan and family leave programs. Compensation is based on the geographic location in which the role is located and is subject to change based on work location.

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. 

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact [email protected] for assistance. 

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. 

From Fortune. ©2026 Fortune Media IP Limited. All rights reserved. Used under license.