Security Engineer IIII - SIEM

WHO WE ARE:

Zinnia is the leading technology platform for accelerating life and annuities growth. With innovative enterprise solutions and data insights, Zinnia simplifies the experience of buying, selling, and administering insurance products. All of which enables more people to protect their financial futures. Our success is driven by a commitment to three core values: be bold, team up, deliver value – and that we do. Zinnia has over $180 billion in assets under administration, serves 100+ carrier clients, 2500 distributors and partners, and over 2 million policyholders.

Who You Are

As a SOC Analyst III, you will play a critical role in strengthening Zinnia’s security posture. You will be at the forefront of our defence operations - analysing alerts, conducting in-depth investigations, and leading incident response efforts. Your expertise will drive effective triage, containment, and remediation of security incidents while ensuring minimal business impact.

You will also contribute to the continuous improvement of our detection and response capabilities by creating and fine-tuning custom correlation rules, performing regular health checks of SOC tools, and identifying opportunities to enhance automation and efficiency. Beyond operational excellence, you will engage in proactive threat hunting and leveraging threat intelligence - to identify and mitigate emerging risks before they impact the organization.

Additionally, you will also mentor and guide other team members, fostering a culture of learning, collaboration, and continuous improvement within the SOC.

What You’ll Do

• Monitor, analyse, and respond to security alerts and incidents from multiple sources across the organization’s infrastructure.
• Triage and prioritize alerts based on risk, relevance, and business impact to maintain focus on high-value threats.
• Lead investigation response activities, coordinating with relevant teams to execute corrective actions and implement long-term remediations.
• Develop, refine, and tune custom correlation logic and detection content to enhance threat visibility and reduce false positives.
• Conduct proactive threat hunting to identify suspicious patterns, behaviours, or anomalies that evade traditional detections.
• Perform health checks and maintenance of SOC tools and integrations to ensure continuous data flow and operational readiness.
• Document and maintain investigation records, incident timelines, and post-incident reports to support transparency and lessons learned.
• Collaborate with other cybersecurity and IT teams to improve detection coverage, response playbooks, and automation workflows.
• Mentor and support other SOC team members, providing technical guidance, quality assurance, and on-the-job training.
• Stay current on emerging threats, attacker techniques, and defensive best practices to continuously strengthen the SOC’s capabilities.
• Develop, update, and maintain SOC standard operating procedures (SOPs) and incident response playbooks to ensure consistent and effective handling of security events.
• Work in 24x7 rotational shifts and weekend on-call support if and when required.

What You’ll Need

• 4-6 years of experience in security operations domain.
• Strong hands-on experience in security monitoring, alert triage, incident investigation, and response within a SOC environment.
• Proven ability to analyse and respond to complex security incidents, perform root cause analysis, and drive containment and remediation actions.
• Working knowledge of EDR, NDR, SOAR, and threat intelligence platforms and their integration into SOC workflows.
• Experience conducting proactive threat hunting using threat intelligence, behavioural analytics, and anomaly detection techniques.
• Proven expertise in designing and optimizing customized correlation rules, detection logic, and analytical reports to identify advanced threats, reduce false positives, and improve SOC efficiency.
• Familiarity with security frameworks and standards (MITRE ATT&CK, NIST, ISO 27001, etc.) and their practical application in detection and response.
• Foundational understanding of cloud platforms, with hands-on experience operating in cloud environments and conducting cloud-focused SOC investigations.
• Demonstrated understanding of network protocols, operating systems (Windows, Linux), and common attack techniques.
• Knowledge of malware analysis, phishing investigations, and vulnerability management processes.
• Willingness to learn, experiment, and collaborate across teams.

Nice to Have 

• Hands on experience with XDR and EDR solutions.
• Exposure to automation and orchestration within the SOC (SOAR platforms, scripting, workflow automation).
• Basic experience integrating devices with SOC tools and creating custom parsers
• Knowledge of compliance and regulatory frameworks (ISO 27001, NIST, GDPR, HIPAA, etc.).
• Certifications such as CSA, CySA+, CEH or SOC vendor certifications.

WHAT’S IN IT FOR YOU?

At Zinnia, you collaborate with smart, creative professionals who are dedicated to delivering cutting-edge technologies, deeper data insights, and enhanced services to transform how insurance is done. Visit our website at www.zinnia.com for more information. Apply by completing the online application on the careers section of our website. We are an Equal Opportunity employer committed to a diverse workforce. We do not discriminate based on race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability.

#LI-SC1