Adventure's around the corner...
Senior/Product Security Engineer
- Department Information Security & Compliance
- Location India - Bangalore
- Security reviews for new products, technologies, features, and services
- Secure design, architecture, and implementation
- Secure development life cycle (SDLC) practices including threat modeling and security testing. Support and consult with product and development teams in the area of application security, including threat modeling and application security reviews
- Perform security-focused code reviews
- Influence decision-makers and stakeholders to achieve a consistently high security bar
- Create security guidance and documentation
- Develop security tooling and automation
- Develop and deliver security training and outreach to internal development teams
- Lead security projects (including security reviews, tool development, and creation of new security practices) with end-to-end ownership
- Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
- Support the bug bounty program.
- Support the preparation of security releases.
- Assist in development of security processes and automated tooling that prevent classes of security issues.
- Validate findings from security scanning tools and ideate data-driven enhancement strategies for dynamic (DAST), static (SAST), open-source application security testing (SCA) and container security scanning including troubleshooting, and continuous process improvement
- Test replicate and validate security vulnerabilities in applications
- Propose product feature enhancements to enhance security of our applications
- Support for mentoring, team building and recruiting activities
- Experience partnering with development and systems engineers on impactful security initiatives.
- Experience identifying security issues through code review.
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- Familiarity with some common security libraries and tools (e.g. static analysis tools, dynamical analysis tools; proxying / penetration testing tools).
- Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
- Experience with tools like Burp Suite, OWASP Zap, SAST, DAST, and SCA tools as well as other various commercial offerings for application security testing and analysis.
- Extensive understanding of common security vulnerabilities such as the OWASP Top 10: SQLi, XSS, CSRF, etc.
- Experience in integrating security solutions into CI/CD pipelines and automating tooling orchestration.
- Experience with AWS architecture
- Knowledge of Java is required
- Development or scripting experience and skills. Python and/or Go are preferred.
- Well versed in web application design, penetration testing, application risk assessment and risk categorization
- BS in Computer Science or related field
- Industry related certifications are preferred (E.g. CSSLP, CISSP, GIAC, Burp, OSCP, etc.)
- Minimum of 5 years of experience with any of the following:
- threat modeling
- secure coding
- identity management and authentication
- penetration testing
- network security
- Must be detail-oriented, self-organized, committed to quality and be capable of tracking multiple issues simultaneously
- Thrive on a high level of autonomy and responsibility
- Able to work in Agile/Scrum/Kanban methodologies
Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. We combine digital, core, analytics, and AI to deliver our platform as a cloud service. More than 450 insurers, from new ventures to the largest and most complex in the world, run on Guidewire.
The perks. The rewards. The good stuff.
We’re proud to boast about our awesome benefits packages. Holistic wellness is a big deal for us. We offer everything you need to support your work and, most importantly, your work-life balance. We’re committed to helping you be the best version of yourself. Inside and outside of work.
Receive market-competitive pay and incentive programs—because you deserve it! To help future-proof your income, we offer generous support through retirement savings plans.
HEALTH AND WELLNESS
Keep your physical and emotional health in tip-top shape with health insurance for you and your family, an employee assistance program, annual wellness reimbursement, and access to wellness resources.
Work in an environment where you’ll have the freedom and trust to make an impact, with time for your life outside of work.
Relax and kick back through our generous paid time-off programs. Make a difference in your community with three volunteer days each year. Take your own personal day of rest with My Day. We also offer ample paid leave for all new parents.
We encourage self-directed learning, giving you every chance to become a better version of yourself, both professionally and personally. At Guidewire, lifelong learning is here for the taking.
Your career opportunities are only limited by your own imagination. Guidewire’s community is filled with chances to expand your horizons across any of our teams or worldwide locations.