Senior Product Security Engineer, Penetration Testing - San Mateo, CA
San Mateo, CA

Job Description

Title: Senior Product Security Engineer - Penetration Testing

This role is responsible for collaborating with security and technology partner teams to secure products and applications across Guidewire's fast-growing customer facing cloud-based environments and the global IT enterprise infrastructure. Security is a critical part of the Guidewire business and product strategy and you would be working with a team of security professionals helping to protect our brand, reputation, and intellectual property.

* You will support a Product Security program through a close working relationship with Senior Manager of Product Security and many technology partner teams including infrastructure, engineering, operations and product development.
* You will additionally be and independently responsible for security testing and risk analysis of Guidewire's on-premise and cloud-hosted applications and infrastructure using various security tools.
* Collaboration with Guidewire remediation treatment owners to provide guidance, best practices and technical assistance in addressing security issues will also be part of the responsibilities.

Key responsibilities: (Can Include, But Are Not Limited To)

* Work to create, leverage automation, continuously develop, maintain and mature Offensive Security Program at Guidewire
* Be a resourceful part of the talented team responsible for application and infrastructure penetration testing, supporting external vulnerability reports and overall vulnerability management.
* Manage penetration testing coverage across Guidewire's fast-growing customer facing cloud-based environments plus global IT enterprise infrastructure.
* Perform independent manual penetration tests of Guidewire's cloud and global IT infrastructure, web application and APIs. Also, perform SAST based code review, to understand potential security weaknesses, for exploitation purposes.
* Review all applicable threats, discover vulnerabilities and collaborate with remediation treatment owners to remediate identified vulnerabilities
* Develop comprehensive, accurate reports and presentations for both technical and executive audiences
* Ensure knowledge creation around common vulnerabilities within Guidewire landscape and corresponding remediation practices.
* Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at Guidewire
* Own and manage penetration testing tools, related automation and innovation.

Skills and Experience:

* Preferred 7-10 years of strong hands-on experience in application and network penetration testing, vulnerability risk management and providing remediation recommendations.
* Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
* Scripting experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#
* Experience with cloud service providers and their offerings, preferably AWS
* Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
* Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness
* Preferred Certifications: OSCP, OSCE, GWAPT, GPEN, or GXP, AWS Solutions Architect, or equivalent.