Senior Product Security Engineer, Penetration Testing - San Mateo, CA

Information Security and Compliance San Mateo, California

Title: Senior Product Security Engineer – Penetration Testing


This role is responsible for collaborating with security and technology partner teams to secure products and applications across Guidewire’s fast-growing customer facing cloud-based environments and the global IT enterprise infrastructure. Security is a critical part of the Guidewire business and product strategy and you would be working with a team of security professionals helping to protect our brand, reputation, and intellectual property.


  • You will support a Product Security program through a close working relationship with Senior Manager of Product Security and many technology partner teams including infrastructure, engineering, operations and product development.
  • You will additionally be and independently responsible for security testing and risk analysis of Guidewire’s on-premise and cloud-hosted applications and infrastructure using various security tools.
  • Collaboration with Guidewire remediation treatment owners to provide guidance, best practices and technical assistance in addressing security issues will also be part of the responsibilities.


Key responsibilities: (Can Include, But Are Not Limited To)


  • Work to create, leverage automation, continuously develop, maintain and mature Offensive Security Program at Guidewire
  • Be a resourceful part of the talented team responsible for application and infrastructure penetration testing, supporting external vulnerability reports and overall vulnerability management.
  • Manage penetration testing coverage across Guidewire’s fast-growing customer facing cloud-based environments plus global IT enterprise infrastructure.
  • Perform independent manual penetration tests of Guidewire’s cloud and global IT infrastructure, web application and APIs. Also, perform SAST based code review, to understand potential security weaknesses, for exploitation purposes.
  • Review all applicable threats, discover vulnerabilities and collaborate with remediation treatment owners to remediate identified vulnerabilities
  • Develop comprehensive, accurate reports and presentations for both technical and executive audiences
  • Ensure knowledge creation around common vulnerabilities within Guidewire landscape and corresponding remediation practices.
  • Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at Guidewire
  • Own and manage penetration testing tools, related automation and innovation.

Skills and Experience:

  • Preferred 7-10 years of strong hands-on experience in application and network penetration testing, vulnerability risk management and providing remediation recommendations.
  • Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
  • Scripting experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#
  • Experience with cloud service providers and their offerings, preferably AWS
  • Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
  • Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness
  • Preferred Certifications: OSCP, OSCE, GWAPT, GPEN, or GXP, AWS Solutions Architect, or equivalent.



Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it’s applicable to the position.