Job details

Senior Product Security Engineer- (US Remote Option)

  • Department: Information Security & Compliance
  • Location: United States - Remote

Security is core to Guidewire's strategy to be the leader in the insurance software industry. As a Senior Product Security Engineer, you will be part of InfoSec Product Security within the Product Development & Services organization and work with security colleagues to protect Guidewire's brand, reputation, and intellectual property. You'll collaborate with product security champions and technology partner teams in an agile environment to secure products and applications across Guidewire’s fast-growing customer-facing cloud environments and the global IT enterprise infrastructure.

This will include driving effective integration and compliance of security controls into the product development and implementation lifecycle. You'll also collaborate with Guidewire remediation treatment owners to provide guidance, effective practices, and technical assistance in resolving security issues.

Key Responsibilities

  • Continuously develop, maintain, and mature Secure Development Lifecycle Program at Guidewire
  • Educate business on Secure Development Life Cycle frameworks
  • Perform Threat Modeling in design phase and frequently review to identify and eliminate security issues in design or architecture
  • Facilitate compliance for: Static Application Security Testing and Opensource Security Analysis (development phase); Dynamic Application Security Testing (testing phase); and Penetration Test (prior to Release/Go Live)
  • Contribute technical guidance in prioritizing security incidents, addressing security issues, remediation, and containing vulnerability disclosures
  • Develop comprehensive, accurate reports and presentations for both technical and executive audiences
  • Ensure knowledge creation around common vulnerabilities within Guidewire landscape and corresponding remediation practices
  • Research the latest security leading practices and technologies, keep abreast of new threats and vulnerabilities, and help disseminate information within the groups at Guidewire
  • Own and handle Secure SDLC tools, related automation, and innovation

Skills and Experience

  • 7-10 years of strong background in software development, architecture, and project management for industry leaders preferred
  • Experience integrating application security into the SDLC, remediating vulnerabilities, and developing and providing security training
  • Experience in threat modeling, static and dynamic application security testing, open-source security testing, developer security training/workshops, etc.
  • Deep knowledge and understanding in various specialty areas such as security engineering, system and network security, authentication and security protocols, cryptography, and application security
  • Experience with cloud service providers and their offerings, preferably AWS
  • Strong understanding of vulnerabilities and common attack vectors
  • Excellent written, verbal, and presentation skills
  • Strong teamwork skills and demonstrated resourcefulness
  • Preferred Certifications: CISSP, CSSLP, AWS Solutions Architect, or equivalent

#LI-Remote

About Guidewire

Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently.

Guidewire combines core, data, digital, analytics, and AI to deliver our platform as a cloud service. 380 insurers, including the largest and most complex in the world, run on Guidewire.

As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 700+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our marketplace provides hundreds of add-ons that accelerate integration, localization, and innovation.

Guidewire Software, Inc. is proud to be an equal opportunity and affirmative action employer. We are committed to an inclusive workplace, and believe that a diversity of perspectives, abilities, and cultures is a key to our success. Qualified applicants will receive consideration without regard to race, color, ancestry, religion, sex, national origin, citizenship, marital status, age, sexual orientation, gender identity, gender expression, veteran status, or disability. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.

Disability Accommodations and Guidewire’s Appeals Process. Guidewire provides accommodations to the hiring process to create a fair opportunity for candidates with disabilities to contend for open positions. Accommodation requests should be directed to (650) 356-4940 or Accommodations@guidewire.com. If things do not go as hoped, we invite you to use our appeals process. Guidewire promises to independently review any denied accommodation and any decision not to offer you the position. The appeals process is the same in either case. Within five business days of receiving a notice of denial of an accommodation, or receiving a notice of your non-selection for a vacancy, call (650) 356-4940 or e-mail Accommodations@guidewire.com to make an appeal. Guidewire will assign a new decision-maker to review the request and/or hiring decision, who will then notify you in writing of a decision within 10 business days.

Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.