ServiceNow SecOps Engineer: Automation & Incident Orchestration in City of Westminster

A ServiceNow SecOps Engineer designs, implements, and optimizes security operations workflows within the ServiceNow platform. The role bridges security tooling and IT service management, enabling efficient incident response, vulnerability remediation, and threat intelligence handling through automation and orchestration. Working closely with SOC teams, this engineer ensures security events are actionable, traceable, and continuously improved.

Key Responsibilities

• Incident Response
  • Configure and manage ServiceNow Security Incident Response (SIR) module
  • Integrate SIEM tools (e.g., Splunk) for real-time alert ingestion
  • Develop automated playbooks for triage, containment, and escalation
  • Collaborate with SOC analysts to streamline response workflows
  • Ensure proper documentation, tracking, and reporting of incidents
• Vulnerability Management
  • Implement and maintain ServiceNow Vulnerability Response (VR)
  • Integrate vulnerability scanners (e.g., Tenable, Qualys)
  • Prioritize vulnerabilities using risk-based scoring models
  • Automate remediation workflows and track SLA compliance
  • Provide dashboards and reporting for security posture visibility
• Threat Intelligence
  • Configure ServiceNow Threat Intelligence (TI) module
  • Ingest and normalize threat feeds from external sources
  • Correlate threat intelligence with incidents and vulnerabilities
  • Support proactive threat hunting initiatives
  • Maintain indicators of compromise (IOCs) and threat libraries
• Security Orchestration & Automation
  • Design and implement workflows using ServiceNow Flow Designer and IntegrationHub
  • Integrate endpoint security tools (e.g., CrowdStrike) and other security platforms
  • Build orchestration playbooks to reduce manual intervention
  • Continuously improve automation efficiency and coverage
  • Ensure secure and scalable API integrations across systems

Required Skills & Experience

• Strong experience with ServiceNow SecOps modules (SIR, VR, TI)
• Hands-on integration experience with tools such as Splunk, CrowdStrike, Qualys, or Tenable
• Knowledge of security frameworks (e.g., NIST, ISO 27001)
• Experience with REST APIs, scripting (JavaScript), and automation tools
• Solid understanding of SOC operations and incident lifecycle
• Familiarity with cloud and endpoint security concepts

Preferred Qualifications

• ServiceNow Certified Implementation Specialist - Security Operations
• Experience with SOAR platforms and automation design
• Knowledge of threat intelligence frameworks (e.g., MITRE ATT&CK)
• Background in cybersecurity operations or engineering roles

LA International is an award-winning partner of choice for many of the world's most influential companies and government organisations. Holding Enhanced Government Security Accreditation, we are recognised as the European market leader in the delivery of Security Cleared talent to organisations that demand the very highest levels of security, compliance and assurance.

A multiple award-winning organisation, having secured the prestigious Queens Award for Enterprise: International Trade over consecutive years. We are committed to fostering an inclusive, equitable and accessible workplace where everyone feels valued and supported. We welcome applications from all individuals, regardless of background or identity, and we encourage candidates who may not meet every listed requirement to still apply. If you require any adjustments or support during the recruitment process, please let us know and we will work with you to ensure a fair and accessible experience.

Please Note: If a high volume of applications is received, only candidates shortlisted will be contacted.