Senior Product Security Engineer- (US Remote Option)

San Mateo, CA

Guidewire Software logo
Guidewire Software
Apply now Apply later

Posted 2 weeks ago

This role is responsible for collaborating with security and technology partner teams to secure products and applications across Guidewire’s fast-growing customer facing cloud-based environments and the global IT enterprise infrastructure. Security is a critical part of the Guidewire and you would be working with a team of security professionals helping to protect our brand, reputation, and intellectual property. As a Senior Product Security Engineer, you will report into the InfoSec Product Security function and will be deeply embedded within our Product Development & Services organization.You will be responsible to drive effective integration and compliance of security controls into the product development and implementation lifecycleCollaboration with Guidewire remediation treatment owners to provide guidance, best practices and technical assistance in addressing security issues will also be part of the responsibilities. Key responsibilities: (Can Include, But Are Not Limited To) Work to continuously develop, maintain and mature Secure Development Lifecycle Program at GuidewireBe a resourceful part of the talented team responsible for seamless integration of security controls into Guidewire Software Development Lifecycle. This includes working closely with product security champions in an agile environment for following:Educate business on Secure Development Life Cycle frameworksPerform Threat Modeling in design phase and frequently review to identify and eliminate security issues in design or architecture.Facilitate compliance for Static Application Security Testing & Open-source Security Analysis during the development phaseFacilitate compliance for Dynamic Application Security Testing during the testing phaseFacilitate compliance on Penetration Test prior to Release/GoLiveProviding technical guidance in triaging, addressing security issues and tracking remediation will also be part of your responsibilitiesContribute Guidewire to triage and contain product security incident response or vulnerability disclosuresDevelop comprehensive, accurate reports and presentations for both technical and executive audiencesEnsure knowledge creation around common vulnerabilities within Guidewire landscape and corresponding remediation practices.Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at GuidewireOwn and manage Secure SDLC tools, related automation and innovation. Skills and Experience:Preferred 7-10 years of strong background in software development, architecture, and project management for industry leaders. (Experienced in integrating application security into the SDLC, remediating vulnerabilities, developing and providing security training.).Experience in threat modeling, static and dynamic application security testing, open-source security testing, developer security training/workshops, etc.Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.Experience with cloud service providers and their offerings, preferred AWSStrong understanding of vulnerabilities and common attack vectorsStrong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulnessPreferred Certifications: CISSP, CSSLP, AWS Solutions Architect, or equivalent. About Guidewire
Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently.
Guidewire combines core, data, digital, analytics, and AI to deliver our platform as a cloud service. 380 insurers, including the largest and most complex in the world, run on Guidewire.
As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 700+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our marketplace provides hundreds of add-ons that accelerate integration, localization, and innovation.
Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.
Job tags: AI Analytics Architecture Automation AWS C CISSP Cryptography Incident response Network security Vulnerabilities