Job Description

What you’ll do

• Monitor SIEM alerts, dashboards, and security tools to detect intrusions, policy violations, and indicators of compromise across hybrid and cloud environments.

• Triage and investigate security incidents, including log analysis and packet captures, and coordinate containment, remediation, and recovery.

• Use network and endpoint data, correlation rules, and playbooks to determine root cause, impact, and improvements to detection and controls.

• Collaborate with senior analysts and cross-functional teams to refine alerts, improve runbooks, and strengthen access controls and reporting.

• At Guidewire, we foster a culture of curiosity, innovation, and responsible use of AI—empowering our teams to continuously leverage emerging technologies and data-driven insights to enhance productivity and outcomes.

What you’ll bring

Required

• 3–5 years of experience in security operations, intrusion analysis, SIEM monitoring, and incident response.

• Strong foundation in networking fundamentals, including TCP/IP and common protocols.

• Hands-on experience analyzing logs from security devices and web servers, and interpreting packet captures (e.g., tcpdump, Wireshark).

• Working knowledge of Windows and Unix/Linux operating systems and command-line tools.

• Familiarity with network and security architecture concepts (e.g., segmentation, proxies, VPN, identity providers).

• Experience with cloud incident response (e.g., AWS, GCP) is a plus.

• Knowledge of attack vectors, threat tactics, and attacker techniques (e.g., kill chain, MITRE-style frameworks) is a plus.

• Clear, concise communication skills and the ability to work effectively with both technical and non-technical stakeholders.

• Growth mindset, willingness to learn, and flexibility to work different shifts and possibly weekends.

• Demonstrated ability to embrace AI and apply it to your current role as well as data-driven insights to drive innovation, productivity, and continuous improvement.

Preferred

• Exposure to incident response for cloud-based and distributed infrastructures.

• Certifications from SANS, Offensive Security, or ISC2.

Your Impact

We believe in clarity and setting you up for success. In your first months, you’ll learn our SOC tools, processes, and platform architecture, and begin owning incident triage and investigations with support from senior analysts. Over time, your work will reduce risk, strengthen customer trust in our cloud platform, and help P&C insurers rely on Guidewire’s secure, AI-enabled solutions to serve their customers.