Senior Cloud Security Engineer - Foster City, CA
The Senior Cloud Security Engineer role is tasked with defining and supporting the implementation and execution of the Guidewire Security Operations program, with an emphasis on Information Security Engineering & Operational activities relating to Cloud Platforms (AWS, GCP, Azure, etc) and systems with-in them. The role will report to the Senior Manager, Security Operations and is part of the Guidewire team accountable for Security Operations with-in the global Information Security group. This role will serve as the team leader for cloud security operations, engineering, and architecture.
Essential Duties & Responsibilities
(1) Information Security Engineering & Architecture (40%)
- Define a cohesive information security tools architecture that emphasizes integration, proper implementation and configuration, and balances in-sourcing and outsourcing options.
- Develop and evaluate information security requirements for planned cloud initiatives and/or changes in the Guidewire technology environment as part of the SDLC and Change Management processes.
- Define configuration standards and configure information security tools, both in-sourced and outsourced, inclusive of event management, monitoring, and other specific cloud security platforms and tools.
- Provide information security consulting services to internal users, both within and outside of the IT, Delivery, and Product Development departments.
(2) Information Security Operations (40%)
- Oversee the day to day administration and management of cloud security tools and third-party/managed security service providers;
- Oversee threat and vulnerability management processes, inclusive of vulnerability scanning, remediation efforts, notifications for cloud environments, etc.;
- Review system events and incidents on a daily basis
- Lead investigation of potential incidents
- Lead incident response processes as the incident coordinator
- Serve as the primary point of contact for information security operational matters, 24x7x365;
- Provide 3rd level support for information security tools and operational processes
(3) Information Technology Governance, Risk Management, and Compliance (20%)
- Design and implement security controls
- Lead the joint effort to define and update configuration standards for key technology platforms.
- Design and implement processes and technology solutions to assess, monitor, and enforce compliance with internal and regulatory requirements, such as SOC1, SOC2, PCI-DSS, and others.
- Interface with external partners, customers, and other 3rd-parties for matters involving information security and information risk management.
- Support IT compliance activities for SOC1/2, ISO27001, PCI-DSS, etc
- Produce and gather evidence as required
- Monitor and enforce compliance with Guidewire policies and control requirements
Communication & Interpersonal Skills
- Proven analytical and problem-solving abilities.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Good written, oral, and interpersonal communication skills.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed.
- Keen attention to detail.
- Team-oriented and skilled in working within a collaborative environment.
Desired Background and Experience
- PC or Apple Mac literacy required; MS Office skills (Outlook, Word, Excel, PowerPoint);
- 4 years’ experience in Information Security/Risk Management, ideally in a mix of consulting and industry roles at publicly traded company.
- 2 years’ hands-on experience with public Cloud platforms (AWS, Azure, GCP)
- Excellent understanding/working knowledge of public cloud IaaS, platforms, and services (i.e. VPC, EC2, S3, RDS, Route53, AWS SDK, Lambda, AWS WAF, CloudFront, ECS, etc).
- Hands-on experience with cloud security platform tools (i.e. Redlock, Evident.io, Dome9).
- Experience with SDN and SDI tooling such as Terraform, CloudFormation, and Ansible.
- Information Security expertise in cloud security architectures, designs, and engineering using technologies, solutions, or frameworks inclusive of OWASP, SIEMs, firewalls, IDS/IPS, SAML/SSO, IDM, data encryption & enterprise key management, PKI, IDS/IPS, anti-malware, etc.
- Excellent understanding of software development lifecycle models, as well as the approach and options for implementing a Secure Development Lifecycle (SDL).
- Hands-on experience with industry common information technology control frameworks, particularly SOC1/2, Cloud Security Alliance, and ISO 27001/2.
- Strong familiarity with DevOps and Agile methodologies/systems.
- Fluent with one or more scripting/coding languages (e.g. Bash, Python, Powershell, Golang).
Licenses or Certifications:
One or more of the following desired:
- GIAC Information Security Professional
- AWS Certifications
Guidewire exists to deliver the industry platform that P&C insurers rely upon to adapt and succeed in a time of accelerating change—and to ensure that every customer succeeds in the journey. We provide the software, services, and partner ecosystem to enable our customers to run, differentiate, and grow their business.
Guidewire InsurancePlatform is the P&C industry platform that unifies software, services, and partner ecosystem to power our customers’ business. InsurancePlatform provides the standard upon which insurers can engage their customers, optimize their operations, drive smart decisions, and innovate quickly. We are privileged to serve more than 350 P&C insurers in 32 countries. We invest heavily in R&D to build a technology platform that combines three elements—core processing, data and analytics, and digital engagement—to enhance insurers’ ability to engage and empower their customers and employees.
Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it’s applicable to the position.