Senior Product Security Engineer

WHO WE ARE :

Zinnia is simplifying how people buy, sell, and administer insurance products. Combining intuitive enterprise technology solutions and data insights, the Policygenius marketplace, and market-leading products including SmartOffice, AnnuityNet, LifeSpeed, WinFlex, TPP, VitalSales Suite, and Exchange Consulting, Zinnia is redesigning the insurance experience for shoppers, advisors, and insurers alike — and enabling more people to protect their financial futures along the way. Zinnia has over $173.7 billion in assets under administration across 100+ carrier clients, 2500 distributors and partners, and over 2 million policyholders.

.WHO YOU ARE

As a Senior Product Security Engineer, you will leverage your development, security and architecture experience to work alongside product and engineering to design secure software solutions, mitigate risks and enable security controls to protect assets. You will be responsible for analyzing systems, identifying security vulnerabilities, advocating for security across engineering teams and leadership, and influencing product design and architecture. You’ll build partnerships with our Software Engineering and Product teams to ensure Zinnia is doing all we can to protect the company’s and our customers’ data.

 As a trusted advisor, you will partner with business, engineering and product stakeholders and enable them. You will be able to coach, mentor, educate, advise on software design and architecture, implement/configure/monitor security tools, and help drive an appreciation for security. If you like to automate and shift security left, manage risk, and further enable business, then this role is for you.

WHAT YOU’LL DO :

●Collaborate and build relationships with the product and engineering teams
●Identify risks across all applications, and assist to mitigate these risks
●Assist in the development of a scalable threat modeling program (and conduct them as well!) for our applications, including the training of engineering teams to do the same.
●Review source code for potential security vulnerabilities and provide remediation guidance to engineers
●Develop, deploy and maintain various code and application security tools (such as SAST/DAST etc.) and their SOPs
●Develop, evaluate, and respond to alerts and events from the security tools
●Adopt automation to shift security to the left and make it scalable
●Triage, escalate, and offer remediation for the vulnerabilities found after risk assessment
●Be able to assist in occasional (but not normally expected) after hours security investigations when needed
●Be a humble mentor for our talented team members

WHAT YOU’LL NEED:

●9+ years of experience in an application security engineering or other similar role
●Extensive hands-on experience in performing manual and tool-assisted code reviews
●Extensive hands-on experience in integrating secure development practices into SDLC
●Extensive hands-on experience in integrating security tools in CI/CD pipelines
●Experience in Typescript, Python, Go or another programming language
●Experience in the development of security products or DevSecOps infrastructure
●Demonstrable knowledge of OWASP Top 10 and attack vectors
●Foundational understanding of container security and orchestration (Kubernetes, Docker)
●Familiarity with deployment automation tools such as Terraform, Helm, Atlantis, and BuildKite
●Familiarity with threat modeling
●Strong written and verbal communication skills
●Desire to build an application security program and coach junior engineers

WHAT’S IN IT FOR YOU?

At Zinnia, you collaborate with smart, creative professionals who are dedicated to delivering cutting-edge technologies, deeper data insights, and enhanced services to transform how insurance is done. Visit our website at www.zinnia.com for more information. Apply by completing the online application on the careers section of our website. We are an Equal Opportunity employer committed to a diverse workforce. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability

 

#LI-SC1