Karan Khanna

Staff Software Engineer @ ServiceNow | Distributed Systems | Application Security | AI Engineering | DevSecOps | Cloud Security | Ex NatWest Group | NIT Allahabad

Bengaluru, Karnataka, India

About

I build secure, scalable software platforms that solve complex engineering challenges at enterprise scale. Over the past 10+ years, I've worked across backend engineering, distributed systems, application security, and cloud-native platform development, delivering products used by Fortune 500 organizations. My focus is on designing resilient systems that improve performance, scale efficiently, and simplify complex engineering workflows. Currently, as a Staff Software Engineer at ServiceNow, I lead the design and delivery of high-impact platform capabilities spanning Software Bill of Materials (SBOM), application security, cloud security, and AI-powered engineering solutions. One of my recent initiatives transformed a sequential SBOM processing pipeline into a highly scalable parallel processing architecture, improving processing throughput by 3–4x while maintaining reliability and quality through specification-driven development. Throughout my career, I've enjoyed working at the intersection of architecture and execution—translating complex technical problems into practical, scalable solutions. Beyond building software, I actively mentor engineers, drive architectural decisions, collaborate across product and platform teams, and help shape engineering best practices that improve long-term maintainability and developer productivity. Before ServiceNow, I worked at NatWest Group, building enterprise banking solutions where reliability, security, and performance were fundamental to every design decision. I enjoy working on challenging problems involving distributed systems, platform engineering, AI engineering, application security, cloud security, and large-scale backend architectures. I'm particularly interested in building intelligent developer platforms and secure, cloud-native systems that can operate reliably at global scale. Core Expertise: Distributed Systems • Platform Engineering • Application Security • AI Engineering • Cloud Security • DevSecOps • Java • Microservices • Spring Boot • REST APIs • Distributed Processing • System Design • Performance Engineering • Kubernetes • Docker • CI/CD • Software Architecture • SBOM • Secure Software Supply Chain

Experience

  • ServiceNow (Full-time · 7 yrs 4 mos)
    • Staff Software Engineer
      Dec 2025 - Present · 8 mos

      Building enterprise-scale Application Security, Cloud Security, and AI-powered security platforms used by Fortune 500 organizations. What I Do • Define technical strategy and platform architecture across Application Security, Cloud Security, DevSecOps, and Software Supply Chain Security (SBOM). • Design scalable, resilient distributed systems that enable enterprise customers to manage vulnerabilities and software supply chain risk at scale. • Drive engineering excellence through architecture reviews, technical mentorship, and cross-team collaboration. Key Achievements ✔ Re-architected the SBOM processing pipeline from sequential execution to a highly scalable parallel processing architecture, improving processing throughput by 3–4× while maintaining reliability through specification-driven development. ✔ Led the architecture and delivery of security platform capabilities spanning Application Security, Cloud Security, DevSecOps, and Software Supply Chain Security. ✔ Advanced AI-powered vulnerability management by contributing to intelligent remediation workflows and next-generation security automation initiatives. ✔ Expanded the security ecosystem through partner integrations and certifications with Apiiro, Qualys, Akamai, Checkmarx, Mend, Snyk, and other leading security platforms. ✔ Designed scalable platform services that support enterprise-grade performance, extensibility, and long-term maintainability. Technical Leadership • Mentor engineers through design reviews, architectural guidance, and technical coaching. • Drive system design discussions and engineering best practices across multiple teams. • Champion scalable architecture, high engineering standards, and long-term platform evolution. Core Technologies Java • Distributed Systems • REST APIs • Application Security • Cloud Security • DevSecOps • AI Engineering • SBOM • Secure Software Supply Chain • System Design • Performance Engineering • CI/CD

    • Senior Software Engineer
      Mar 2022 - Dec 2025 · 3 yrs 10 mos

      Led the design and delivery of enterprise Application Security capabilities, driving scalable integrations, security intelligence, and platform architecture that laid the foundation for next-generation Security Operations. What I Did • Partnered with Product Management to translate customer requirements and long-term product vision into extensible platform capabilities. • Collaborated directly with strategic enterprise customers to solve complex security challenges and improve vulnerability management workflows. • Served as the technical lead for multi-source security integrations, ensuring scalable ingestion, normalization, correlation, and remediation of application vulnerabilities. Key Achievements ✔ Architected in-house integrations that significantly expanded Application Security coverage across multiple Static, Dynamic, Software Composition Analysis (SCA), and API Security solutions. ✔ Designed and delivered SBOM and Open Source Vulnerability Management capabilities, strengthening software supply chain security and vulnerability visibility. ✔ Implemented machine learning–driven remediation intelligence and automated exception management workflows to improve remediation efficiency. ✔ Contributed to early GenAI research initiatives focused on vulnerability management, security automation, and penetration testing innovation. Technical Leadership • Mentored engineers through technical coaching, code reviews, and system design guidance. • Collaborated across Engineering, Product Management, UX, and Customer Success teams to deliver enterprise-scale security capabilities. Core Technologies Java • Distributed Systems • REST APIs • Application Security • Vulnerability Management • DevSecOps • SBOM • Software Supply Chain Security • Machine Learning • GenAI • System Design • Security Integrations • CSDM • CI/CD

    • Application Developer
      Apr 2019 - Mar 2022 · 3 yrs

      Built core platform capabilities for ServiceNow Vulnerability Response, delivering intelligent automation, application security integrations, and scalable workflows that expanded the product from infrastructure vulnerability management into enterprise Application Security. What I Did • Designed and developed scalable backend capabilities across vulnerability ingestion, correlation, remediation, and exception management. • Contributed to the evolution of Vulnerability Response by introducing intelligent automation and data-driven security workflows. Key Achievements ✔ Designed and delivered automated vulnerability triage workflows, enabling multi-source vulnerability ingestion and significantly reducing manual remediation effort. ✔ Developed AI/ML-powered assignment group prediction capabilities, improving automated ownership resolution and accelerating vulnerability remediation. ✔ Built scalable integrations with leading Application Security Testing (AST) platforms, enabling customers to manage application and infrastructure vulnerabilities through a unified control plane. ✔ Designed and implemented automated exception management workflows, streamlining governance, approvals, and security policy enforcement. Technical Growth • Took ownership of end-to-end feature delivery, from technical design through production deployment. • Developed expertise in enterprise security platforms, distributed backend systems, and large-scale product development. • Built a strong foundation in Application Security, Vulnerability Management, system design, and scalable backend engineering that paved the way for broader architectural responsibilities. Core Technologies Java • Spring Boot • REST APIs • Vulnerability Management • Application Security • AI/ML • Distributed Systems • Software Architecture • Secure Software Development • CI/CD • SQL • Git

  • Software Engineer at NatWest Group
    Jul 2016 - Apr 2019 · 2 yrs 10 mos

    Contributed to large-scale digital banking and regulatory technology platforms, delivering performance optimizations, automation initiatives, and enterprise-grade Java solutions across Digital and Risk & Finance domains. Digital Engineering Services (PBB Digital) • Introduced engineering best practices that improved product definition, release governance, and application customization aligned to user requirements • Analyzed and optimized a high-volume customer messaging system (Java-based), designing a solution that increased email delivery throughput by 3x and improved system scalability under peak load Risk & Finance Solutions • Automated regulatory reporting workflows for deposits and derivatives, eliminating ~600+ manual hours per quarter and improving reporting accuracy and compliance readiness • Developed robust Java-based automation for RBS sub-ledger extract processing, embedding complex Oracle SQL-driven business logic into scalable backend workflows • Participated in feasibility analysis, requirement engineering, and client engagements to design efficient solutions for regulatory and change-driven initiatives • Recognized by stakeholders for consistent on-time delivery and operational reliability Leadership & Organizational Impact Served as Employee-Led Network (ELN) Chair – Multi-Generations Workstream under Diversity & Inclusion, leading organization-wide engagement initiatives to improve cross-generational collaboration, inclusivity, and workplace culture.

  • Internship at NatWest Group
    Jun 2015 - Jul 2015 · 2 mos

    As a CIB Intern. Part of the Finance Technology team. Role: - Performed a successful POC on the migration of the existing GWT framework to an HTML5 framework for the concerned team as a part of the Regulatory Changes. - Developed the sample screens for the Endor Team in HTML5 framework which suggested an easy transformation. - Had good technical level exposure to languages like Java, Javascript, GWT framework and HTML5 framework comprising of HTML, CSS, Angular JS, JSON and Oracle DB.

  • Summer Intern at RightWave
    May 2014 - Jul 2014 · 3 mos

    As Intern, - Successful development and deployment of a software pertaining to Human Resource Management. - It was deployed on the Apache Tomcat server to maintain tasks related to the Human Resourcing and the timestamp entry of the staff. - Exposure to the digital marketing world.