Security Incident Handling & Vulnerability Management ServiceNow

Company Description

Arηs Group, Part of Accenture, specializes in the management of complex public sector IT projects, including systems integration, informatics and analytics, solution implementation and program management. Our team helps lead clients through digital and information systems design, bringing expertise in a variety of areas ranging from software development, data science and security management to machine learning, cloud, and mobile development. Arηs Group was acquired by Accenture in July 2024.

Job Description

• Assess the existing ServiceNow SecOps implementation and its integration within the broader ITSM environment.
• Configure and optimize the ServiceNow Security Incident Response (SIR) and Vulnerability Response (VR) modules to enable automated triage, prioritization, and remediation workflows.
• Develop and formalize security incident handling and vulnerability response processes in alignment with recognized industry standards (e.g., NIST 800-61, ISO/IEC 27035, CIS Controls).
• Integrate external data sources such as vulnerability scanners (e.g. Qualys, Tenable), threat intelligence platforms, and SIEM systems (e.g. Splunk).
• Design and implement performance metrics, dashboards, and reports to monitor Service Level Objectives (SLOs), Mean Time to Respond (MTTR), and remediation compliance.
• Provide documentation, governance recommendations, and knowledge transfer to ensure sustainable operational capability.

Qualifications

• Bachelor's degree plus 9 years of relevant experience.
• Working knowledge of English (B2 or higher)
• Minimum of 5 years of proven hands-on experience with ServiceNow Security Operations modules, specifically SIR and VR.
• Minimum of 5 years of experience in implementing automated remediation workflows through IntegrationHub, Flow Designer, or custom scripting
• Excellent knowledge of ServiceNow Security Operations modules, specifically SIR and VR.
• Excellent knowledge on ServiceNow platform build skills (Workflow Studio/Flow Designer, data modelling, integrations):

1. Proficiency with Flow Designer and subflows in Workflow Studio for automating triage, enrichment, tasking, and handoffs across SecOps and ITSM.

2. Modelling data and relationships used by SIR and VR (incidents, indicators, affected CIs, vulnerable items, groups, exception records) to support automation, reporting, and Performance Analytics.

• Integration design using out of the box connectors and custom actions for email, ticketing, collaboration, and security tools, including scanner and threat intel feeds.
• Understanding of ServiceNow CMDB and its role in correlation of vulnerabilities and security incidents.
• Mandatory Certification: ServiceNow System Administrator and/or ServiceNow Security Operations Certified Implementation Specialist

Desirable:

• Minimum of 5 years of experience with coordinating with Security Operations Centers (SOC), IT service management, and compliance teams to ensure procedural consistency.
• Advanced skills in platform configuration, customization, update set management, and data model design.
• Familiarity with DevOps practices, change control, and scoped application governance within ServiceNow.
• Demonstrated ability to design and document incident response and vulnerability management processes aligned with enterprise policies and international frameworks.
• Expertise in developing operational playbooks that integrate with ServiceNow workflows.
• Knowledge of risk classification models, impact assessment, and incident escalation protocols.