Senior Product Security Engineer - San Mateo, CA
Title: Senior Product Security Engineer
This role is responsible for collaborating with security and technology partner teams to secure products and applications across Guidewire’s fast-growing customer facing cloud-based environments and the global IT enterprise infrastructure. Security is a critical part of the Guidewire and you would be working with a team of security professionals helping to protect our brand, reputation, and intellectual property.
- As a Senior Product Security Engineer, you will report into the InfoSec Product Security function and will be deeply embedded within our Product Development & Services organization.
- You will be responsible to drive effective integration and compliance of security controls into the product development and implementation lifecycle
- Collaboration with Guidewire remediation treatment owners to provide guidance, best practices and technical assistance in addressing security issues will also be part of the responsibilities.
Key responsibilities: (Can Include, But Are Not Limited To)
- Work to continuously develop, maintain and mature Secure Development Lifecycle Program at Guidewire
- Be a resourceful part of the talented team responsible for seamless integration of security controls into Guidewire Software Development Lifecycle. This includes working closely with product security champions in an agile environment for following:
- Educate business on Secure Development Life Cycle frameworks
- Perform Threat Modeling in design phase and frequently review to identify and eliminate security issues in design or architecture.
- Facilitate compliance for Static Application Security Testing & Open-source Security Analysis during the development phase
- Facilitate compliance for Dynamic Application Security Testing during the testing phase
- Facilitate compliance on Penetration Test prior to Release/GoLive
- Providing technical guidance in triaging, addressing security issues and tracking remediation will also be part of your responsibilities
- Contribute Guidewire to triage and contain product security incident response or vulnerability disclosures
- Develop comprehensive, accurate reports and presentations for both technical and executive audiences
- Ensure knowledge creation around common vulnerabilities within Guidewire landscape and corresponding remediation practices.
- Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at Guidewire
- Own and manage Secure SDLC tools, related automation and innovation.
Skills and Experience:
- Preferred 7-10 years of strong background in software development, architecture, and project management for industry leaders. (Experienced in integrating application security into the SDLC, remediating vulnerabilities, developing and providing security training.).
- Experience in threat modeling, static and dynamic application security testing, open-source security testing, developer security training/workshops, etc.
- Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
- Experience with cloud service providers and their offerings, preferred AWS
- Strong understanding of vulnerabilities and common attack vectors
- Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness
- Preferred Certifications: CISSP, CSSLP, AWS Solutions Architect, or equivalent.
Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it’s applicable to the position.