Guidewire Software

Security Operations Engineer

Guidewire Software · Bengaluru, Karnataka, India

Insurance · 1,001-5,000 employees

13 h ago
Remote Principal (10+ yrs) Full-time India
Log in to apply, save this posting, or score it against your profile with AI.

About the role

The role involves owning the security implementation for the internal AI Engineering platform and productization projects. Key duties include establishing authentication/authorization flows, implementing compliance controls, and building a reusable security patterns library.

What they look for

OAuth 2.0 OIDC JWT SAML AWS Cognito AWS IAM AWS KMS AWS Secrets Manager Python Java TypeScript SOC 2 ISO 27001 GDPR CI/CD Threat Modeling

Requirements

Requires a degree in Computer Science or Cybersecurity and over 8 years of software engineering experience focused on security implementation. Proficiency in AWS security services, backend development, and common compliance frameworks is essential.

Full description

Summary

Guidewire is seeking a hands-on Security Operations Engineer to join our Professional Services AI Engineering team in Bangalore. You will be the single owner of security implementation across our internal AI Engineering platform and the AI productization projects it supports. This is an execution-focused security role with real input into security strategy. You partner with Product to shape security guidance and own its correct implementation across our infrastructure, applications, and developer workflows — knowing when a decision belongs at the policy level and escalating it accordingly. You will pair closely with the Platform Architect and Strike Team developers to bake security into every layer of the system.

Job Description

Key Responsibilities

  • Authentication: Stand up and operate authentication flows across all Strike Team projects — JWT, AWS Cognito, SSO integrations, and machine-to-machine auth patterns.
  • Authorization & Access Controls: Implement role-based and attribute-based access control patterns. Maintain a reusable authorization library that Strike Teams consume rather than rebuild.
  • Compliance Implementation: Translate compliance requirements (SOC 2, regional data privacy, customer-driven controls) into concrete technical controls — encryption, key management, audit logging, data residency.
  • IP & Network Controls: Implement IP restrictions, VPC-level network segmentation, and traffic policies that protect customer data without blocking legitimate Strike Team workflows.
  • Security Patterns Library: Build and maintain a library of vetted security components (auth middleware, secret management helpers, audit log clients) that every Strike Team uses by default.
  • Security Reviews & Audit Support: Review Strike Team designs for security gaps, support customer audits, and partner with the QA Architect on security-focused testing standards.

KPIs & Success Metrics

  • Security controls implemented across all Strike Team projects (auth, authz, encryption, audit logging) with no critical gaps.
  • Reusable security library adoption — share of teams consuming vetted components rather than rebuilding.
  • Compliance readiness: SOC 2 and data-privacy controls in place; successful customer audit support.
  • Time-to-remediate security findings within SLA.
  • Zero preventable authentication or access-control incidents.

Key Skills & Experience

  • Education: Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related technical field.
  • Experience: 8+ years of software engineering experience with a strong focus on security implementation — auth systems, compliance controls, or platform security.
  • Technical Proficiency:

– Expert-level knowledge of authentication and authorization patterns (OAuth 2.0, OIDC, JWT, SAML).

– Hands-on experience with AWS Cognito, IAM, KMS, and Secrets Manager.

– Strong backend development skills (Python, Java, or TypeScript) — this is a hands-on engineering role, not a pure advisory one.

– Working knowledge of common compliance frameworks (SOC 2, ISO 27001, GDPR) and how to translate them into engineering controls.

– Familiarity with secure CI/CD patterns and supply-chain security (SBOM, dependency scanning).

  • Engineering Excellence: Track record of shipping production-grade security components. Comfortable being a coding security engineer, not just a reviewer.
  • Domain Context: (Preferred) Experience in regulated industries (insurance, finance, healthcare) or multi-tenant SaaS.

Preferred Skills & Experience

  • AI Security: Experience securing LLM-based applications — prompt injection defenses, output filtering, model access controls.
  • Cloud Security: AWS Security Specialty certification or equivalent.
  • Guidewire Knowledge: Familiarity with Guidewire Cloud security model.
  • Threat Modeling: Hands-on experience running threat modeling sessions for production systems.

About Guidewire

Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. We combine digital, core, analytics, and AI to deliver our platform as a cloud service. More than 540+ insurers in 40 countries, from new ventures to the largest and most complex in the world, run on Guidewire.

As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 1600+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our Marketplace provides hundreds of applications that accelerate integration, localization, and innovation.

For more information, please visit www.guidewire.com and follow us on Twitter: @Guidewire_PandC.

Guidewire Software, Inc. is proud to be an equal opportunity and affirmative action employer. We are committed to an inclusive workplace, and believe that a diversity of perspectives, abilities, and cultures is a key to our success. Qualified applicants will receive consideration without regard to race, color, ancestry, religion, sex, national origin, citizenship, marital status, age, sexual orientation, gender identity, gender expression, veteran status, or disability. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.