© Snowycode 2025. All rights reserved.
Back To All Jobs
Vision
ServiceNow SIR Architect
Posted 5 months ago
Full-time, Contract •Ridgeland, MS
Description
- SIR Plugin Installation & Activation
Activate SIR plugins to ensure that all modules, tables, forms, notifications, and dashboards are installed as part of the base application, including:
- Security Incident Response
- Security Integration Framework
- Security Operations Spoke
- Security Incident Analytics
- Security Incident Response Support
- Security Operations SIEM Integration
- Security Support Common
- Security Support Core
- Security Support Orchestration
- Trusted Security Circles Client
- Security Incident Analysis
- Major Security Incident Management Installation & Activation
The ServiceNow Major Security Incident Management application is installed on the platform to support the security team’s processes for responding to significant security incidents.
- MSI Configuration Settings
Example configurations include adjustments to major security incident management settings such as:
- Security analysts' actions (Propose major security incident, promote major security incident, link to major security incident)
- Tagging (Tag Name - Propose as a candidate, Tag Name - Promotion to major security incident)
- Notifications (Notification for proposing a major security incident, notification for promoting a major security incident)
- Automated Closure Actions (e.g., Archive Collaboration Channels, Remove Collaboration Folder Access)
- Performance Analytics for SIR Installation & Activation
Activate all Performance Analytics plugins for Security Incident Response, including:
- Performance Analytics Premium for Security Incident Response
- Performance Analytics for Security Incident Response
- Security Incident Analytics
- Installation & Configuration of Security Analyst Workspace
- Manage security incidents in the new user interface (UI) to use the playbook and associated tabs for more efficient incident response. Adjust fields as needed.
- Assignment Groups, Roles, Personas & Types
- Create organizational groups and assign specific roles to manage access to Security Operations applications. Key personas include: Security Incident Admin, Security Manager, Security Incident Analyst, Security Basic, Read-only, CISO, Integration User, Knowledge Admin, MSI Admin, MSI Manager, and MSI Responder.
- Security Incident Form - Close Codes
- Include a Close Codes field within the Closure Information tab on the Security Incident form when it is in the reviewed state, showing the reasons for closure.
- Security Incident Categories & Subcategories
- Assign a category and subcategory while handling a security incident in any active state to organize incidents and guide workflow.
- Security Incident Form - Mandatory Fields
- Certain fields will be mandatory based on conditions; when a security incident is active, it ensures that no critical data is missed.
- Security Incident Assignment Rules
- Assign security incidents to specific groups upon creation based on certain details and conditions to route them to the appropriate assignment group.
- Security Incident Form - Related Lists
- Display certain (to be determined) related lists at the bottom of the security incident form with read privileges, allowing for easy viewing and interaction with records related to the incident.
- Escalation Groups
- Facilitate escalation to a predefined escalation group using the "escalate" button on the Security Incident form when assigned to a primary group, streamlining escalation paths and transferring incidents efficiently.
- Security Incident Response Task Form
- Display specific fields on the response task form to capture data relevant to ongoing security incident response tasks.
- Integration: Creation of Security Incidents from SIEM (ACL)
- Update ACLs to permit SIEM integration users to write records to the import set table, allowing import set records to be transformed into security incidents.
- Integration: Security Incident Observable Population from SIEM
- Ensure that security incidents created in ServiceNow from SIEM events have observables populated, making this data accessible within the security incident record.
- SLA Workflow
Utilize the out-of-the-box (OOB) default SLA workflow for security incidents, ensuring that the assigned personnel receive notifications at 50% and 75% of the SLA duration, with the assigned manager notified of the SLA breach.
- Notifications
- Proposed as MSI: Email notification for major security incident proposals
- Promoted as MSI: Email notification for promotions to major security incidents
- Assigned to Group: Email notification when a security incident is assigned to my group
- Assigned to Me: Email notification when a security incident is assigned to me
- SI Commented: Email notification for comments on a security incident
- SIR Service Catalogue
- Define catalog items planned for use (there are OOB options).
- Trusted Security Circle Sharing Properties
- Define catalog items planned for use (there are OOB options) to ensure the application performs as expected.
- Observable Types
- Create new observables while managing a security incident, specifying observable types.
- Integrations (Snow Side)
- Build integration capabilities based on functionality rather than the destination; these capabilities will need to be defined.
- Integrations (3rd Party)
- To be determined by the third party.
Job Types: Full-time, Contract
Pay: Up to $88.00 per hour
Education:
* Bachelor's (Required)
Experience:
* SIR Plugin Installation & Activation: 8 years (Required)
* Security Incident Response: 8 years (Preferred)
* Security Integration Framework: 8 years (Required)
* Security Operations Spoke: 8 years (Required)
* Security Incident Analytics: 8 years (Required)
* Security Incident Response Support: 8 years (Required)
* Security Operations SIEM Integration: 8 years (Required)
* Security Support Common: 7 years (Required)
* Security Support Core: 8 years (Required)
* Security Support Orchestration: 8 years (Required)
* Security Incident Analysis: 8 years (Required)
* Security Incident Management application: 8 years (Required)
Ability to Commute:
* Ridgeland, MS 39157 (Required)
Work Location: In person
Vision
