Adventure's around the corner...

Principal Security Engineer

  • DepartmentInformation Security
  • LocationIndia - Bangalore
  • Location TypeHybrid
Come and join our Guidewire PSIRT (Product Security Incident Response Team) and be a part
of a high-powered and high-performing team that regularly works across the entire organization,
with everyone from product teams to executives. Urgent escalations from enterprise customers,
investigating reported vulnerabilities, performing root cause analysis and working with security
researchers.

Guidewire PSIRT (Product Security Incident Response Team) is responsible for:

  • Guidewire product vulnerability management process for all Guidewire applications.
  • Coordination of customer/external product security incidents and reported security issues affecting various Guidewire products and applications.
  • Working cross-functionally with all business units, sustaining engineers, product security team members, customer support, legal and external security researchers to ensure timely resolution of security incidents and events.
  • Development, maintenance and continuous improvement of the product security incident monitoring, detection and response tools and process, including all required supporting materials.
  • Pen testing Guidewire applications to ensure timely discovery of the vulnerabilities.
  • Security Review and Code Review of Guidewire applications

We are looking for a new team member who will be responsible to perform following activities (but not limited to):

  • Lead and own PSIRT Process - triage security related issues (external / internal), verify those on different versions, products.
  • Perform root cause analysis to ensure validity of reported issues.
  • Triage code defect based issues, quantitatively evaluate risk and provide guidance to engineering teams regarding the impact of security issues using industry standard metrics such as CVSS.
  • Work closely with project management, product management, engineering and sustaining teams to drive issues to closure.
  • Cultivate strong working relationships with external researchers, reporting organizations and customers to ensure effective collaboration. Work with customer facing and internal teams to continually improve processes used to identify and fix product security issues
  • Enhance existing product security incident response program
  • Coordinate with internal product development teams in accomplishing regular security reviews and penetration testing assessments.
  • Execute the penetration tests internally to identify security vulnerabilities.
  • Perform security-focused code reviews
  • Support the preparation of security releases.
  • Create security guidance and documentation
  • Develop security tooling and automation
  • Develop and deliver security training and outreach to internal development teams
  • Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
  • Validate findings from security scanning tools and ideate data-driven enhancement strategies for dynamic (DAST), static (SAST), open-source application security testing (SCA) and container security scanning including troubleshooting, and continuous process improvement
  • Influence decision-makers and stakeholders to achieve a consistently high security bar
  • Support for mentoring, team building and recruiting activities

Requirements:

  • Bachelor's/master’s in computer science or equivalent
  • Industry related certifications are preferred (E.g. CSSLP, CISSP, GIAC, OSCP, etc.)
  • Minimum 12-14 years of relevant Application Security Experience
  • At least 3-5 years of experience with PSIRT functions
  • At least 4 years of managing security team
  • Solid understanding of OWASP Top 10, common classes of product security vulnerabilities and attack/defense methodologies.
  • Strong written and verbal communications skills
  • Proven ability to build relationships and influence individuals at all levels, as well as external security researchers, vendors and service providers
  • Experience with various application security tools - Static code analysis, dynamic code analysis, vulnerability scanning, pen testing
  • Ability to track and lead numerous parallel activities
  • AWS/Cloud Experience a strong plus
  • Bug bounty program participation a plus
  • Knowledge of the security research community is a strong plus
  • Scripting skills (i.e. Python/Perl/Ruby, shell scripting) or development experience (Java/C++/Python) is a significant plus!

About Guidewire

Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. We combine digital, core, analytics, and AI to deliver our platform as a cloud service. More than 540+ insurers in 40 countries, from new ventures to the largest and most complex in the world, run on Guidewire.


As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 1600+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our Marketplace provides hundreds of applications that accelerate integration, localization, and innovation.

For more information, please visit www.guidewire.com and follow us on Twitter: @Guidewire_PandC.

Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. 
Talent rewards

The perks. The rewards. The good stuff.

We’re proud to shout about our awesome benefits packages. Holistic wellness is a big deal for us. We offer everything you need to support your work and, most importantly, your work-life balance. We’re committed to helping you be the best version of yourself. Inside and outside of work.

FINANCIAL

FINANCIAL

Receive market-competitive pay and incentive programs—because you deserve it! To help future-proof your income, we offer generous support through retirement savings plans.

HEALTH AND WELLNESS

HEALTH AND WELLNESS

Keep your physical and emotional health in tip-top shape with health insurance for you and your family, an employee assistance program, annual wellness reimbursement, and access to wellness resources.

FLEXIBLE WORKING

FLEXIBLE WORKING

Work in an environment where you’ll have the freedom and trust to make an impact, with time for your life outside of work.

DOWNTIME

DOWNTIME

Relax and kick back through our generous paid time-off programs. Make a difference in your community with three volunteer days each year. Take your own personal day of rest with My Day. We also offer ample paid leave for all new parents.

CONTINUAL DEVELOPMENT

CONTINUAL DEVELOPMENT

We encourage self-directed learning, giving you every chance to become a better version of yourself, both professionally and personally. At Guidewire, lifelong learning is here for the taking.

CAREER MOBILITY

CAREER MOBILITY

Your career opportunities are only limited by your own imagination. Guidewire’s community is filled with chances to expand your horizons across any of our teams or worldwide‌‌‌‌‌‌‌ locations.