Lead Artificial Intelligence Cyber Security Engineer

• Establish and guide enterprise standards for the responsible use of AI in cybersecurity, including governance, risk management, and compliance considerations.
• Define and promote best practices for AI/ML model development, validation, deployment, and lifecycle management within security operations.
• Develop, enhance, configure, and support ServiceNow Security Operations workflows, applications, integrations, forms, scripts, and custom artifacts.
• Design, build, and maintain scalable automation solutions-including AI-enabled workflows-to improve threat detection, triage, and incident response efficiency.
• Leverage Python programming and data science techniques to develop, operationalize, and optimize machine learning models and data-driven security use cases.
• Develop and implement advanced data correlation, enrichment, and processing strategies leveraging automation, data science, AI/ML, and LLM capabilities for threat hunting and incident response analysis.
• Apply AI engineering principles within security operations to design, deploy, and maintain intelligent detection and response capabilities.
• Design and execute automated and intelligent response actions to validate, contain, eradicate, and remediate security incidents.
• Architect, integrate, and operationalize AI and automation capabilities across security platforms and enterprise workflows.
• Prototype, evaluate, and deploy emerging AI-driven technologies to enhance detection accuracy, reduce false positives, and accelerate response times.
• Ensure Security Operations applications, automation pipelines, and incident ingestion processes remain healthy, resilient, and performant.
• Drive continuous improvement by identifying gaps, recommending enhancements, and implementing innovative SOAR and AI-driven solutions.
• Collaborate with incident response, threat intelligence, and threat hunting teams to strengthen detection and response capabilities.
• Act as a technical SME and leader in SOAR and AI-driven cybersecurity, providing mentorship, strategic guidance, and continuously advancing technical expertise.

• Experience should include a minimum of 6 years of programming experience with at least one modern language such as JavaScript or Python
• Experience with API development and integration.
• ServiceNow application and component development; Security Operations applications is preferred.
• Experience in modern software engineering practices and principles, including AI/ML/GenAI, Agile methodologies and DevSecOps

Licenses/Certifications:

• One or more of the following certifications highly preferred: ServiceNow CSA, ServiceNow CAD, ServiceNow CIS-SIR, ServiceNow CIS-VR, CISSP, SANS GCIH (Incident Handler), SANS GCIA (Intrusion Analyst), Offensive Security Certified Professional (OSCP)