Staff Security Engineer- Insider Threat

We seek a seasoned and highly motivated Staff Security Engineer to be part of the Insider Threat Program and enhance broader threat detection and response capabilities. The role involves developing robust detection pipelines, efficiently managing security alerts, contributing to incident investigation workflows and playbooks, and collaborating closely with relevant stakeholders, detection engineering, threat intel and incident response teams. Job Description Core Responsibilities: Establish, implement, and oversee the Insider Threat Program, ensuring compliance with organizational goals, industry best practices, and legal requirements. Collaborate with multidisciplinary teams, including Physical Security, Legal, Human Resources, Engineering, and the broader Security team, to formulate and enforce policies, procedures, and controls to mitigate insider threats. Develop and utilize advanced tools and methodologies to monitor activities, identify anomalies, and investigate potential insider risks. Partner with the Detection Engineering and Threat Intelligence team on detection efforts, prioritizing alert reviews, correlation, analysis, playbook development, and recommendations for further investigation and mitigation. Provide support for critical security investigations, in conjunction with the Incident Response team and relevant departments, including Legal and HR, to ensure timely and effective resolution. Conduct regular tabletop exercises, security awareness training, and simulations to validate the efficacy of insider threat detection and educate employees on insider risks. Produce comprehensive investigative reports and executive summaries to present findings. Required Qualifications Eight to Twelve-plus years of experience spanning Insider Threat management, Detection Engineering, or Incident Response. Experience with Insider Threat technologies, such as Security Information and Event Management (SIEM), User Behavioral Analytics (UBA), Data Loss Prevention (DLP), and endpoint detection, coupled with a solid understanding of investigations and the intelligence cycle. Proficiency in scripting and automation (Python, PowerShell, or Bash) for detection and triage workflows. Experience with SIEM platforms, managing detection as code via CI/CD pipelines and detection frameworks (e.g., MITRE ATT&CK). Demonstrated ability to work cross-functionally and effectively communicate findings to both technical and non-technical stakeholders. Experience with cloud environments (AWS, GCP, etc.) and detection infrastructure. Staying abreast of the evolving insider threat landscape and understanding the legal, regulatory, and ethical considerations while handling sensitive information and situations. About Guidewire Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. We combine digital, core, analytics, and AI to deliver our platform as a cloud service. More than 540+ insurers in 40 countries, from new ventures to the largest and most complex in the world, run on Guidewire. Guidewire Software, Inc. is proud to be an equal opportunity and affirmative action employer. We are committed to an inclusive workplace, and believe that a diversity of perspectives, abilities, and cultures is a key to our success. Qualified applicants will receive consideration without regard to race, color, ancestry, religion, sex, national origin, citizenship, marital status, age, sexual orientation, gender identity, gender expression, veteran status, or disability. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position. #J-18808-Ljbffr