Senior Product Security Engineer
Ireland - Dublin
Applications have closed
Guidewire Software
Elevate your P&C insurance with Guidewire's industry-leading software! Streamline workflows, enhance customer experience, and drive growth. Learn more today!Responsibilities:
- Security reviews for new products, technologies, features, and services
- Secure design, architecture, and implementation
- Secure development life cycle (SDLC) practices including threat modeling and security testing. Support and consult with product and development teams in the area of application security, including threat modeling and application security reviews
- Perform security-focused code reviews
- Influence decision-makers and stakeholders to achieve a consistently high security bar
- Create security guidance and documentation
- Develop security tooling and automation
- Develop and deliver security training and outreach to internal development teams
- Lead security projects (including security reviews, tool development, and creation of new security practices) with end-to-end ownership
- Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
- Support the bug bounty program.
- Support the preparation of security releases.
- Assist in development of security processes and automated tooling that prevent classes of security issues.
- Validate findings from security scanning tools and ideate data-driven enhancement strategies for dynamic (DAST), static (SAST), open-source application security testing (SCA) and container security scanning including troubleshooting, and continuous process improvement
- Test, replicate and validate security vulnerabilities in applications
- Propose product feature enhancements to enhance security of our applications
- Support for mentoring, team building and recruiting activities
Requirements:
- Experience partnering with development and systems engineers on impactful security initiatives.
- Experience identifying security issues through code review.
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- Familiarity with some common security libraries and tools (e.g. static analysis tools, dynamical analysis tools; proxying / penetration testing tools).
- Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
- Experience with tools like Burp Suite, OWASP Zap, SAST, DAST, and SCA tools as well as other various commercial offerings for application security testing and analysis.
- Extensive understanding of common security vulnerabilities such as the OWASP Top 10: SQLi, XSS, CSRF, etc.
- Experience in integrating security solutions into CI/CD pipelines and automating tooling orchestration.
- Experience with AWS architecture
- Knowledge of Java is required
- Development or scripting experience and skills. Python and/or Go are preferred.
- Well versed in web application design, penetration testing, application risk assessment and risk categorization
Basic Qualifications
- BS in Computer Science or related field
- Industry related certifications are preferred (E.g. CSSLP, CISSP, GIAC, Burp, OSCP, etc.)
- threat modeling
- secure coding
- identity management and authentication
- penetration testing
- network security
- Must be detail-oriented, self-organized, committed to quality and be capable of tracking multiple issues simultaneously
- Thrive on a high level of autonomy and responsibility
- Able to work in Agile/Scrum/Kanban methodologies
5 years of experience with any of the following:
#LI-CE1
About Guidewire
Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. We combine digital, core, analytics, and AI to deliver our platform as a cloud service. More than 450 insurers, from new ventures to the largest and most complex in the world, run on Guidewire.
As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 1000+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our Marketplace provides hundreds of add-ons that accelerate integration, localization, and innovation.
For more information, please visit www.guidewire.com and follow us on Twitter: @Guidewire_PandC.
Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
CONSENT and ACKNOWLEDGEMENT By clicking the submitting your application on the following page:
1. You consent to Guidewire collecting, retaining, disclosing and using your Personal Data as outlined above, and to its transfer of your Personal Data outside the country where you live or work, and/or to third parties for the above purposes. 2. In the event that you submit any Sensitive Personal Data, you explicitly consent to Guidewire collecting, retaining, disclosing and transferring your Sensitive Personal Data on the terms and for the same purposes as described above in relation to Personal Data. 3. You acknowledge that you have the right to access your Personal Data and Sensitive Personal Data at any time and have the right to correct any errors. 4. You acknowledge that your Personal Data will be retained for up to 24 months.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Analytics Application security Automation AWS Burp Suite C CI/CD CISSP Cloud Computer Science CSRF DAST GIAC Java Kanban Network security OSCP OWASP Pentesting Product security Python R&D Risk assessment SAST Scripting Scrum SDLC Vulnerabilities XSS
Perks/benefits: Career development Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs