Job details

Senior Product Security Engineer- (US Remote Option)

  • Department: Information Security & Compliance
  • Location: San Mateo, CA, USA
  • Country: USA

This role is responsible for collaborating with security and technology partner teams to secure products and applications across Guidewire’s fast-growing customer facing cloud-based environments and the global IT enterprise infrastructure. Security is a critical part of the Guidewire and you would be working with a team of security professionals helping to protect our brand, reputation, and intellectual property.

 

As a Senior Product Security Engineer, you will report into the InfoSec Product Security function and will be deeply embedded within our Product Development & Services organization.

You will be responsible to drive effective integration and compliance of security controls into the product development and implementation lifecycle

Collaboration with Guidewire remediation treatment owners to provide guidance, best practices and technical assistance in addressing security issues will also be part of the responsibilities.

 

Key responsibilities: (Can Include, But Are Not Limited To)

 

Work to continuously develop, maintain and mature Secure Development Lifecycle Program at Guidewire

Be a resourceful part of the talented team responsible for seamless integration of security controls into Guidewire Software Development Lifecycle. This includes working closely with product security champions in an agile environment for following:

Educate business on Secure Development Life Cycle frameworks

Perform Threat Modeling in design phase and frequently review to identify and eliminate security issues in design or architecture.

Facilitate compliance for Static Application Security Testing & Open-source Security Analysis during the development phase

Facilitate compliance for Dynamic Application Security Testing during the testing phase

Facilitate compliance on Penetration Test prior to Release/GoLive

Providing technical guidance in triaging, addressing security issues and tracking remediation will also be part of your responsibilities

Contribute Guidewire to triage and contain product security incident response or vulnerability disclosures

Develop comprehensive, accurate reports and presentations for both technical and executive audiences

Ensure knowledge creation around common vulnerabilities within Guidewire landscape and corresponding remediation practices.

Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at Guidewire

Own and manage Secure SDLC tools, related automation and innovation. 

Skills and Experience:

Preferred 7-10 years of strong background in software development, architecture, and project management for industry leaders. (Experienced in integrating application security into the SDLC, remediating vulnerabilities, developing and providing security training.).

Experience in threat modeling, static and dynamic application security testing, open-source security testing, developer security training/workshops, etc.

Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.

Experience with cloud service providers and their offerings, preferred AWS

Strong understanding of vulnerabilities and common attack vectors

Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness

Preferred Certifications: CISSP, CSSLP, AWS Solutions Architect, or equivalent.

 

About Guidewire

Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently.

Guidewire combines core, data, digital, analytics, and AI to deliver our platform as a cloud service. 380 insurers, including the largest and most complex in the world, run on Guidewire.

As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 700+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our marketplace provides hundreds of add-ons that accelerate integration, localization, and innovation.

Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.

Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.