Threat and Vulnerability Manager - San Mateo, Ca
San Mateo, CA
Applications have closed
Guidewire Software
Elevate your P&C insurance with Guidewire's industry-leading software! Streamline workflows, enhance customer experience, and drive growth. Learn more today!ESSENTIAL DUTIES AND RESPONSIBILITES
- Deploy, configure and manage infrastructure vulnerability management products, tools and solutions to help augment security threat monitoring, detection, prevention and compliance as part of Guidewire’s cloud security architecture (Rapid 7, Qualys, Nessus, Risk Based Scanning Tools)
- Work with Cloud Operations, IT and product teams to perform POCs and track deployments for initiatives and/or changes in the Guidewire’s public cloud environment
- Responsible for the vulnerability management program that includes periodic scanning, reporting, and tracking remediation of the security vulnerabilities discovered in AWS and data center assets
- Develop and enforce cloud security standards in AWS including IAM policies, security groups, S3 bucket policies, encryption, network security, cloud workload and container security, logging, monitoring etc.
- Any experience (technology or non-technology) related to managing a team or people would be desirable since this role will be helping build a program and team
- Willingness to be on call and serve as the point of contact for information security alerts and incidents
REQUIREMENTS
- 5+ years of previous experience working in security operations, administration, threat and vulnerability management – experience with automation and familiarity with “Infrastructure as Code” in the public cloud
- Minimum 5 years of experience deploying, testing and configuring multiple security technologies including Vulnerability Scanners, AWS Cloud Security platform tools. He/she should be able to share some of the success and failure stories they have had to go through in the past around build an effective vulnerability management program
- Thorough knowledge of the TCP / IP protocol suite, securing and hardening Operating Systems, Networks, Databases and Web Applications Information
- Hands on experience in running vulnerability scans, analyzing and tracking vulnerabilities with asset owners for timely remediation
- Basic hands-on experience with a public Cloud platform (AWS, Azure, GCP) with understanding/working knowledge of IaaS platforms and services (i.e., VPC, EC2, S3, RDS, Lambda, AWS WAF, CloudFront, ECS, Flow Logs etc.) is required
- Experience developing and maintaining hardening and configuration standards and procedures
- Security certifications like CISSP, GSEC, CEH, AWS certification etc. are highly desired
- Familiarity with industry common information technology control frameworks, particularly SOC1/2, Cloud Security Alliance, and ISO 27001/2.
- Excellent verbal and written communication skills and ability to document and explain technical details, standards and reports clearly and concisely
- B.S. degree in Computer Science or related field or equivalent combination of professional development training and experience
Guidewire combines core, data, digital, analytics, and AI to deliver our platform as a cloud service. 380 insurers, including the largest and most complex in the world, run on Guidewire.
As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 700+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our marketplace provides hundreds of add-ons that accelerate integration, localization, and innovation.
Guidewire Software, Inc. is proud to be an equal opportunity and affirmative action employer. We are committed to an inclusive workplace, and believe that a diversity of perspectives, abilities, and cultures is a key to our success. Qualified applicants will receive consideration without regard to race, color, ancestry, religion, sex, national origin, citizenship, marital status, age, sexual orientation, gender identity, gender expression, veteran status, or disability. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.
Disability Accommodations and Guidewire’s Appeals Process. Guidewire provides accommodations to the hiring process to create a fair opportunity for candidates with disabilities to contend for open positions. Accommodation requests should be directed to (650) 356-4940 or Accommodations@guidewire.com. If things do not go as hoped, we invite you to use our appeals process. Guidewire promises to independently review any denied accommodation and any decision not to offer you the position. The appeals process is the same in either case. Within five business days of receiving a notice of denial of an accommodation, or receiving a notice of your non-selection for a vacancy, call (650) 356-4940 or e-mail Accommodations@guidewire.com to make an appeal. Guidewire will assign a new decision-maker to review the request and/or hiring decision, who will then notify you in writing of a decision within 10 business days.
Tags: Analytics Automation AWS Azure C CEH CISSP Cloud CloudFront Compliance Computer Science EC2 Encryption GCP GSEC IaaS IAM ISO 27001 Lambda Monitoring Nessus Network security POCs Qualys R&D S3 SOC 1 Threat intelligence Vulnerabilities Vulnerability management Vulnerability scans
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs