Guidewire Software is hiring a
Staff Test Penetration Engineer

Summary

The job is for a team member in Guidewire's Product Security Incident Response Team (PSIRT). Responsibilities include managing the PSIRT process, performing root cause analysis, coordinating with various teams, conducting penetration tests, code reviews, and more. The candidate should have strong relationships with external researchers and customers.

Requirements

Guidewire is looking for a new team member who will be responsible to perform following activities (but not limited to)

Responsibilities

• Lead and own PSIRT Process - triage security related issues (external / internal), verify those on different versions, products
• Perform root cause analysis to ensure validity of reported issues
• Triage code defect based issues, quantitatively evaluate risk and provide guidance to engineering teams regarding the impact of security issues using industry standard metrics such as CVSS
• Work closely with project management, product management, engineering and sustaining teams to drive issues to closure
• Cultivate strong working relationships with external researchers, reporting organizations and customers to ensure effective collaboration
• Enhance existing product security incident response program
• Coordinate with internal product development teams in accomplishing regular security reviews and penetration testing assessments
• Execute the penetration tests internally to identify security vulnerabilities
• Perform security-focused code reviews
• Support the preparation of security releases
• Create security guidance and documentation
• Develop security tooling and automation
• Develop and deliver security training and outreach to internal development teams
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities