Principal/Senior Staff Security Engineer - (Product Security)

What you would do:

• Reporting within the Information Security Services department, you will be responsible for the secure architecture of the cloud platform, products and customer facing services.
• Develop technology roadmap, architecture and implement security and compliance for the Guidewire enterprise.
• Collaborate with cross functional teams to architect various security controls such and translate them for engineering implementation.
• Collaborate with Open Source communities, Product Development, Professional Services, Cloud Operations, and Business Technology and provide technical leadership to develop and maintain compliance.
• Evangelize security best practices across Guidewire.
• Create security metrics and work with the teams to achieve the same.
• Provide insight and recommendations on remediation strategies for security issues.
• Own security architecture and provide technical guidance to multiple teams.
• Ensure confidentiality, integrity, and availability within the design of architected solution.
• Ensure High Availability (HA) and Disaster Recovery (DR) are designed as part of relevant system/services.
• Build and lead a high performance team.
• Mentor others in security best practices.

What you would need to succeed:

• 12+ years within Information Security Services designing, building, and maintaining secure, compliant, and cost-effective solutions.
• Prior deep software security experience (SME) and passion for building secure platforms and customer facing solutions.
• In-depth knowledge and experience in software or product software security engineering
• Emphasize team wins over individual success.
• Strong technical communication skills.
• Subject Matter Expert on Application Product Security and Design
• Proven track record of architecting secure, compliant, cost-effective, and highly available solutions.
• Proven track record of designing solutions with security in-depth solutions.
• BS or MS degree (Computer Science or Math)
• Preferred, industry-based certifications such as CISSP, CISM, CISA, etc…
• Preferred technical certifications from cloud providers or security tool providers.

Required skills:

• Design and develop software application security architectures for hybrid and multi-cloud based systems that comply with industry best practices
• In-depth knowledge on containers, data security, network security, control plane security and governance. 
• Deep experience with security in cloud environments around GDPR/CCPA, federated security models and secrets management 
• Understand security practices around the SSDLC process and tool sets such as CI/CD, SAST, DAST, pen tests, etc.
• Understand of relevant frameworks such as NIST, CIS, etc…
• Understanding for regulatory requirements and controls such as GDPR, SOX, SOC II, etc…
• Expertise in crypto standards, methods, and management
• Expertise in authentication protocols and authorization standards e.g SSL/TLS, SAML, OAuth, JWT, OPA) 
• Expertise in Identity and Access Management practices, controls and tool sets.
• Experience in Security Operations practices, controls, and tools sets.  
• Understand Microservice security architecture (AuthN, AuthZ architecture and user/service interaction model) 
• Prior experience of building and securing large scale distributed systems on AWS, GCP, Azure, or On prem.
• Expertise in AWS infrastructure and concepts such as VPC, subnets, security groups, S3, RDS, EC2, Glacier, Lambda, IAM, security, encryption, DevOps, replication and disaster recovery 
• Eager to learn new things and passionate about technology
• Prior experience handling multiple clusters and effectively managing multiple tenants in these clusters providing good governance and isolation, explain to prospective clients the cloud security model