Job details

Principal Cloud Security Architect, Container Security - San Mateo, CA/ Remote USA

  • Department: Product Development
  • Location: United States - Remote

Are you passionate about building and securing large scale multi-tenant cloud platforms that can run multiple types of workloads?

Do you have prior experience securing platforms build popular tech stacks like kubernetes to provide SaaS services for our business applications? Are you an expert in container security and network policies? Our workloads that run on the platform range from Java, Scala, NodeJS to Golang. This team owns, builds and closely works with the teams that operates Guidewire cloud platform and SaaS offerings. Guidewire cloud platform is targeted to be best-in-class in enabling our insurance customers with mission critical business capabilities and provide a secure, scalable and highly available system. You will work in a highly collaborative environment building next generation platform and services.  

Required Skills

  • Hands on Experience with Container Security Models and K8s
  • Design and develop security architectures for hybrid and multi-cloud based systems.
  • Excellent programming skills preferably in Java , Scala OR any other OOPS languages.
  • Hands on experience and in-depth knowledge containers, data security, network security, control plane security and governance.  Deep experience with security in cloud environments around GDPR, federated security models and secrets management 
  • Understand practices like FIM, IPSec, SAST, DAST etc.
  • Expertise in crypto primitives, authentication protocols and authorization standards e.g SSL/TLS, SAML, OAuth, JWT, OPA) 
  • Experience working with security systems (e.g. Kerberos, Knox, Sentry) and SIEM 
  • Expertise in Microservice security architecture (AuthN, AuthZ architecture and user/service interaction model) 
  • Prior experience of building and securing large scale distributed systems on AWS
  • Expertise in AWS infrastructure and concepts such as VPC, subnets, security groups, S3, RDS, EC2, Glacier, Lambda, IAM, security, encryption, DevOps, replication and disaster recovery 
  • Eager to learn new things and passionate about technology
  • Expertise working with Kubernetes, AWS, Docker, and Terraform
  • Prior experience handling multiple clusters and effectively managing multiple tenants in these clusters providing good governance and isolation, explain to prospective clients the cloud security model

What you would do

  • Develop technology roadmap, architecture and implement security and compliance for Guidewire Cloud Platform.
  • Architect various security engineering aspects such as GDPR, SOX, PCI etc translate them to engineering implementation.
  • Collaborate with Open Source communities, Engineering and Infosec and provide technical leadership to develop and maintain compliance.
  • Evangelize security best practices across the cloud infrastructure org and Guidewire
  • Create security metrics and work with the teams to achieve the same
  • Work with the Engineers on remediation strategies for security issues
  • Hands-on coding 
  • Own security architecture and provide technical leadership to multiple teams
  • Do test driven unit and end to end testing of any code you develop.
  • Own Continuous Integration (CI) and Continuous Deployment (CD) for your services
  • Own scalability, availability and security for your services
  • Own, troubleshoot & resolve code defects
  • Mentor other developers in best practices

What you would need to succeed

  • Prior deep security experience and passion for building large scale multi-tenant cloud platforms
  • In-depth knowledge and experience in privacy engineering or security engineering
  • Emphasize team wins over individual success
  • Strong technical communication skills
  • Excellent software development skills in one or more of the following languages: Java/Scala
  • System design skills. Ability to design large scale distributed systems
  • Have developed in more than one language and ready to pivot to any language/framework
  • Understand REST API for data interchange. Understand API-driven system designing, mutual TLS and Oauth
  • Understand micro services architecture patterns pattern like Service Discovery/API Gateway/Domain Driven Design etc
  • Understand Serverless function and their relevant use
  • Ability to work in an agile fast paced environment
  • BS or MS degree (Computer Science or Math)
  • Refer to ‘Required Skills’ section more details


  • Experience of building SaaS/PaaS on AWS/GCP/Azure.



About Guidewire

Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently.

Guidewire combines core, data, digital, analytics, and AI to deliver our platform as a cloud service. 380 insurers, including the largest and most complex in the world, run on Guidewire.

As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 700+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our marketplace provides hundreds of add-ons that accelerate integration, localization, and innovation.

Guidewire Software, Inc. is proud to be an equal opportunity and affirmative action employer. We are committed to an inclusive workplace, and believe that a diversity of perspectives, abilities, and cultures is a key to our success. Qualified applicants will receive consideration without regard to race, color, ancestry, religion, sex, national origin, citizenship, marital status, age, sexual orientation, gender identity, gender expression, veteran status, or disability. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.

Disability Accommodations and Guidewire’s Appeals Process. Guidewire provides accommodations to the hiring process to create a fair opportunity for candidates with disabilities to compete contend for open positions. Accommodation requests should be directed to (650) 356-4940 or If things do not go as hoped, we invite you to use our appeals process. Guidewire promises to independently review any denied accommodation and any decision not to offer you the position. The appeals process is the same in either case. Within five business days of receiving a notice of denial of an accommodation, or receiving a notice of your non-selection for a vacancy, call (650) 356-4940 or e-mail to make an appeal. Guidewire will assign a new decision-maker to review the request and/or hiring decision, who will then notify you in writing of a decision within 10 business days.

Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.