Senior Product Security Engineer, Remediation Management - San Mateo, CA

Information Security and Compliance San Mateo, California

Title: Senior Product Security Engineer – Remediation Management



This role is responsible for collaborating with security and technology partner teams to secure infrastructure, products and applications across Guidewire’s fast-growing customer facing cloud-based environments and the global IT enterprise infrastructure. Security is a critical part of the Guidewire business and product strategy and you would be working with a team of security professionals helping to protect our brand, reputation, and intellectual property.


  • You will support an Information Security Product Security program through a close working relationship with the Senior Manager of Product Security and many technology partner teams including infrastructure, engineering, operations and product development.
  • You will additionally be responsible for the full Lifecyle of the Vulnerability Remediation Management program.


Key responsibilities: (Can Include, But Are Not Limited To)


  • Work to create, leverage automation, continuously develop, maintain and mature the Vulnerability Remediation Program at Guidewire
  • Be a resourceful part of the product security team and independently responsible for the following:
  1. Document and analyze security test results in the Vulnerability Management Workflow
  2. Risk based planning and prioritization
  3. Effectively communicate and work closely with technology partners, teams and business units to coordinate and drive resolution of identified vulnerabilities within defined timelines as per Guidewire policy.
  4. Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines
  5. Identify and resolve any false positive vulnerabilities in assessment results, if any.
  6. Collaborate with Guidewire Risk Management team to open, track and close risk issues for vulnerabilities that fail to adhere Guidewire defined remediation timelines.
  • Develop comprehensive, accurate, actionable reports / dashboards and presentations for both technical and executive audiences
  • Ensure knowledge creation around common vulnerabilities within the Guidewire landscape and corresponding remediation practices.
  • Recommend appropriate policy, standards, process and procedural updates as required.

Skills and Experience:

  • Preferred 7 years of hands-on experience in application and network vulnerability risk management and providing remediation recommendations.
  • Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
  • Experience with cloud service providers and their offerings, preferably AWS
  • Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
  • Strong communication (i.e., written and verbal), presentation skills, teamwork, and resourcefulness
  • Preferred Certifications: CEH, CISSP, AWS Solutions Architect, or equivalent.



Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it’s applicable to the position.