The Job logo

What

Where

Principal Security Engineer

ApplyJoin for More Updates

You must Sign In before continuing to the company website to apply.

Smart SummaryPowered by Roshi
Join Guidewire Software as a Principal Security Engineer in Bengaluru, Karnataka, India. This full-time hybrid opportunity involves leading the PSIRT process, conducting code reviews and penetration testing, and collaborating with internal and external teams to resolve security incidents. Strong knowledge of product security, OWASP Top 10, and application security is required. Scripting and development skills are a plus.

Job description 

Guidewire PSIRT (Product Security Incident Response Team) is responsible for:

  • Guidewire product vulnerability management process for all Guidewire applications.
  • Coordination of customer/external product security incidents and reported security issues affecting various Guidewire products and applications.
  • Working cross-functionally with all business units, sustaining engineers, product security team members, customer support, legal and external security researchers to ensure timely resolution of security incidents and events.
  • Development, maintenance and continuous improvement of the product security incident monitoring, detection and response tools and process, including all required supporting materials.
  • Pen testing Guidewire applications to ensure timely discovery of the vulnerabilities.
  • Security Review and Code Review of Guidewire applications

We are looking for a new team member who will be responsible to perform following activities (but not limited to):

  • Lead and own PSIRT Process - triage security related issues (external / internal), verify those on different versions, products.
  • Perform root cause analysis to ensure validity of reported issues.
  • Triage code defect based issues, quantitatively evaluate risk and provide guidance to engineering teams regarding the impact of security issues using industry standard metrics such as CVSS.
  • Work closely with project management, product management, engineering and sustaining teams to drive issues to closure.
  • Cultivate strong working relationships with external researchers, reporting organizations and customers to ensure effective collaboration. Work with customer facing and internal teams to continually improve processes used to identify and fix product security issues
  • Enhance existing product security incident response program
  • Coordinate with internal product development teams in accomplishing regular security reviews and penetration testing assessments.
  • Execute the penetration tests internally to identify security vulnerabilities.
  • Perform security-focused code reviews
  • Support the preparation of security releases.
  • Create security guidance and documentation
  • Develop security tooling and automation
  • Develop and deliver security training and outreach to internal development teams
  • Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
  • Validate findings from security scanning tools and ideate data-driven enhancement strategies for dynamic (DAST), static (SAST), open-source application security testing (SCA) and container security scanning including troubleshooting, and continuous process improvement
  • Influence decision-makers and stakeholders to achieve a consistently high security bar
  • Support for mentoring, team building and recruiting activities

Requirements:

  • Bachelor's/master’s in computer science or equivalent
  • Industry related certifications are preferred (E.g. CSSLP, CISSP, GIAC, OSCP, etc.)
  • Minimum 12-14 years of relevant Application Security Experience
  • At least 3-5 years of experience with PSIRT functions
  • At least 4 years of managing security team
  • Solid understanding of OWASP Top 10, common classes of product security vulnerabilities and attack/defense methodologies.
  • Strong written and verbal communications skills
  • Proven ability to build relationships and influence individuals at all levels, as well as external security researchers, vendors and service providers
  • Experience with various application security tools - Static code analysis, dynamic code analysis, vulnerability scanning, pen testing
  • Ability to track and lead numerous parallel activities
  • AWS/Cloud Experience a strong plus
  • Bug bounty program participation a plus
  • Knowledge of the security research community is a strong plus
  • Scripting skills (i.e. Python/Perl/Ruby, shell scripting) or development experience (Java/C++/Python) is a significant plus!
Set alert for similar jobsPrincipal Security Engineer role in Bengaluru, India
Guidewire Software Logo

Company

Guidewire Software

Job Posted

10 months ago

Job Type

Full-time

WorkMode

Hybrid

Experience Level

3-7 Years

Category

Software Engineering

Locations

Bengaluru, Karnataka, India

Qualification

Bachelor or Master

Applicants

Be an early applicant

Related Jobs

Guidewire Software Logo

Senior Security Engineer

Guidewire Software

Bengaluru, Karnataka, India

Posted: 10 months ago

Guidewire PSIRT is seeking a Senior Security Engineer to join our product security team. You will be responsible for managing product vulnerabilities, coordinating security incidents, and working cross-functionally to resolve issues. As a Senior Security Engineer, you will conduct penetration testing, perform code reviews, and enhance our incident response program. You should have a solid understanding of application security, OWASP Top 10, and strong communication skills. This is a hybrid opportunity with Guidewire Software located in Bengaluru, Karnataka, India.