Listing Description
Responsibilities:
Security reviews for new products, technologies, features, and servicesSecure design, architecture, and implementationSecure development life cycle (SDLC) practices including threat modeling and security testing. Support and consult with product and development teams in the area of application security, including threat modeling and application security reviewsPerform security-focused code reviewsInfluence decision-makers and stakeholders to achieve a consistently high security barCreate security guidance and documentationDevelop security tooling and automationDevelop and deliver security training and outreach to internal development teamsLead security projects (including security reviews, tool development, and creation of new security practices) with end-to-end ownershipAssist teams in reproducing, triaging, and addressing application security vulnerabilities.Support the bug bounty program.Support the preparation of security releases.Assist in development of security processes and automated tooling that prevent classes of security issues.Validate findings from security scanning tools and ideate data-driven enhancement strategies for dynamic (DAST), static (SAST), open-source application security testing (SCA) and container security scanning including troubleshooting, and continuous process improvementTest replicate and validate security vulnerabilities in applicationsPropose product feature enhancements to enhance security of our applicationsSupport for mentoring, team building and recruiting activities
Requirements:Experience partnering with development and systems engineers on impactful security initiatives.Experience identifying security issues through code review.Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.Familiarity with some common security libraries and tools (e.g. static analysis tools, dynamical analysis tools; proxying / penetration testing tools).Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).Experience with tools like Burp Suite, OWASP Zap, SAST, DAST, and SCA tools as well as other various commercial offerings for application security testing and analysis.Extensive understanding of common security vulnerabilities such as the OWASP Top 10: SQLi, XSS, CSRF, etc.Experience in integrating security solutions into CI/CD pipelines and automating tooling orchestration.Experience with AWS architecture Knowledge of Java is requiredDevelopment or scripting experience and skills. Python and/or Go are preferred.Well versed in web application design, penetration testing, application risk assessment and risk categorization
Basic Qualifications:BS in Computer Science or related fieldIndustry related certifications are preferred (E.g. CSSLP, CISSP, GIAC, Burp, OSCP, etc.)Minimum of 5 years of experience with any of the following:threat modelingsecure codingidentity management and authenticationpenetration testingnetwork securityMust be detail-oriented, self-organized, committed to quality and be capable of tracking multiple issues simultaneouslyThrive on a high level of autonomy and responsibilityAble to work in Agile/Scrum/Kanban methodologiesAbout Guidewire
Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. We combine digital, core, analytics, and AI to deliver our platform as a cloud service. More than 450 insurers, from new ventures to the largest and most complex in the world, run on Guidewire.
As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 1000+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our Marketplace provides hundreds of add-ons that accelerate integration, localization, and innovation.
Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
Listing Details
-
Citizenship:
Not Provided
-
Incentives:
Not Provided
-
Education:
Not Provided
-
Travel:
Not Provided
-
Telework:
Not Provided