Vulnerability Management Engineer

Summary

We are looking for a Security Engineer on our Vulnerability Management Team. What we are looking for is someone who can navigate complex threat scenarios and remain committed to decreasing the overall attack surface of the company. Vulnerability Management remains a top priority at Guidewire, and you will be responsible for implementing and managing infrastructure vulnerability tools and processes in a cloud environment. This includes identifying and evaluating vulnerabilities, cloud misconfigurations and supporting remediation activities.

Job Description

Responsibilities

• Ensure vulnerability scans / assessments are run periodically in line with policies and standards across Guidewire Infrastructure

• Review vulnerability assessments and security audits to identify security risks and drive improvements necessary to mitigate those risks

• Provide security guidance to Cloud Engineering teams encompassing perimeter, misconfigurations, asset visibility, policies, container, patching cadence, and vulnerability scanning. 

• Provide technical expertise to the vulnerability assessment team responsible for the testing, validating, and the security of the company's applications, servers, and networks

• Improve and mature vulnerability reporting to key stakeholders, and drive remediation efforts by communicating, clearly articulating, and prioritizing risk and impact to all stakeholders to convey the urgency and need to remediate a vulnerability/cloud misconfiguration.

• Support incident response activities and reporting

• Ensure security leadership is aware of current and emerging threats and vulnerabilities

• Supports the end-to-end vulnerability process, including reporting of vulnerabilities and escalation of critical vulnerabilities 

• Document security guidance, process and policy around the vulnerability management program

Requirements

• 5 years of relevant experience

• Prior experience with managing and configuring any vulnerability management tool such as Rapid 7, Qualys, Orca, Prisma, Wiz, etc.

• Persuasive mindset with strong relationship management skills to work with various stakeholders proactively on vulnerability assessment and remediation 

• Ability to automate solutions to repetitive problems/tasks using scripting languages

• Good understanding of enterprise security controls, network protocols and operating system (Windows/Linux environments)

• Hands on experience handling vulnerability management operations for cloud workloads at scale in AWS/Azure

• Ability to conduct thorough analysis and recommend data driven actions

• Results-oriented, high energy, self-motivated and love for a team environment.

Nice to have:

• Certifications from SANS, Offensive Security, ISC2, AWS is a plus.

About Guidewire

Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. We combine digital, core, analytics, and AI to deliver our platform as a cloud service. More than 540+ insurers in 40 countries, from new ventures to the largest and most complex in the world, run on Guidewire.

As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 1600+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our Marketplace provides hundreds of applications that accelerate integration, localization, and innovation.

For more information, please visit www.guidewire.com and follow us on Twitter: @Guidewire_PandC.

Guidewire Software, Inc. is proud to be an equal opportunity and affirmative action employer. We are committed to an inclusive workplace, and believe that a diversity of perspectives, abilities, and cultures is a key to our success. Qualified applicants will receive consideration without regard to race, color, ancestry, religion, sex, national origin, citizenship, marital status, age, sexual orientation, gender identity, gender expression, veteran status, or disability. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.