You are here

Security Operations Center Manager - US remote option



The Security Operations Center manager will be responsible for leading and providing technical and process direction to the SOC Analysts and MSSP within Guidewire’s Security Operations Center. Will act as a liaison to other teams within Guidewire, build a positive working relationship with the stakeholders, and ensure SLAs and objectives for threat monitoring, detection and response are achieved. This role will be based in our San Mateo headquarters and will report to the Director of Security Operations, which is part of Guidewire’s global Information Security group.   ESSENTIAL DUTIES AND RESPONSIBILITES   ·        Lead Guidewire’s Security Operations Center team of analysts to monitor, analyze and investigate security logs, events and alerts from a variety of devices and platforms including but not limited to, SIEM, IDS/IPS, Next Gen EDR, OS logs, AWS logs, WAFs etc.   ·        Act as Guidewire’s blue team lead to identify gaps in visibility and detection of attacks and malicious events, and work towards SOC maturity trends   ·        Lead projects involving ingestion of new log sources, building content for the SIEM, new rules, filters and collectors as needed for improved context, visibility, correlation   ·        Provide subject matter expertise in security threat analysis, hunting, detection and response across Guidewire’s Production and Corp IT environments, build IR run books and automated workflows   ·        Be part of the Security Incident Response Team (SIRT) activities, helping SIRT to detect, respond, contain and recover from security incidents in a timely manner   ·        Generate and build relevant security dashboards, trends and metrics as needed for the Information Security leadership team to track and communicate performance, coverage, risks and compliance    


  • 3+ years of previous experience leading security operations, hunt teams, or incident response, triaging cyber security alerts, events, incidents
  • Excellent understanding and ability to investigate threat campaign(s) techniques, lateral movements, C&C communications and indicators of compromise (IOCs)
  •  At least 3 years of hands on experience in SIEM is a must - searching and querying of raw logs, tuning of rules and alerts, analysis, investigation and writing content
  •  Minimum 5 years of experience in security analytics, correlation, tuning, analyzing and investigating alerts from multiple security technologies including IDS/IPS, SIEM, EDR, Network Packet Analyzers, Log Analysis (Windows, Linux, Web Servers, AWS Cloudtrail, AWS GuardDuty), NextGen Firewalls, NextGen AV, WAFs, etc.
  • Strong foundation and troubleshooting experience of Network and Security threats, Linux and Windows operating systems and processes, network traffic analysis, web services, protocols and attack vectors
  •  Familiarity with AWS public Cloud platform with understanding/working knowledge of IaaS platforms and services e.g. VPC, EC2, S3, RDS, GuardDuty, ECS, EKS etc.
  •  Experience developing operations playbooks, IR run books, security orchestration and automated responses and processes within SOC
  •  Thorough understanding of the threat and attack landscape in networks and web applications, latest security trends, attack vectors, vulnerabilities, and how they are leveraged by malicious actors
  •  Security certifications like CISSP, CEH, OSCP, GSEC, GCFA, GCIH, GCIA, CHFI, AWS certification etc. are highly desired
  •  Excellent verbal and written communication skills and ability to document and explain technical details and incident reports clearly and concisely
  •  B.S. degree in Computer Science or related field or equivalent combination of professional development training and experience
About Guidewire
Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently.
Guidewire combines core, data, digital, analytics, and AI to deliver our platform as a cloud service. 380 insurers, including the largest and most complex in the world, run on Guidewire.
As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 700+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our marketplace provides hundreds of add-ons that accelerate integration, localization, and innovation.


Apply for Position