Security Engineer III

**Job Description:** **Role Overview:** As a Product Security Engineer at Zinnia, your role involves ensuring that Zinnias products and applications are designed, built, and deployed securely. You will collaborate with developers, DevOps, and senior security engineers to identify vulnerabilities early, integrate security into the software development life cycle (SDLC), and automate security controls where possible. Your passion for understanding technology, identifying security gaps, and implementing practical solutions will be crucial in contributing to a culture of secure development at Zinnia. **Key Responsibilities:** - Partner with development teams to incorporate security into the SDLC through design reviews, threat modeling, and secure coding practices. - Conduct secure code reviews, static and dynamic analysis, and dependency scanning to detect and address vulnerabilities at an early stage. - Assist in implementing and automating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and container scanning tools in CI/CD pipelines. - Work with engineering teams to remediate vulnerabilities and enhance code security. - Engage in application and API penetration testing activities and coordinate vulnerability fixes with developers. - Contribute to the development and maintenance of secure coding guidelines, checklists, and playbooks. - Aid in creating security automation scripts and integrations, particularly in Python or similar languages. - Collaborate with senior engineers to enhance application security tooling, reporting, and developer experience. - Help promote security awareness through developer training and security reviews. - Stay updated on emerging vulnerabilities, threats, and mitigation techniques relevant to web and cloud-native applications. **Qualifications Required:** - 4+ years of experience in application or product security, software development, or security engineering. - Proficient in web application, API, and microservices security. - Familiarity with SAST, DAST, SCA, and related tools (e.g., Veracode, Checkmarx, Snyk, Burp Suite, OWASP ZAP). - Knowledge of CI/CD pipelines and integrating security scans into build workflows. - Understanding of secure coding practices, common vulnerabilities (OWASP Top 10, CWE, CAPEC), and programming languages like Python, Go, Java, or JavaScript/TypeScript. - Familiarity with authentication/authorization mechanisms such as OAuth2, OIDC, JWT. - Strong analytical, problem-solving, and communication skills. - Eagerness to learn, innovate, and collaborate across different teams. **Additional Details:** Zinnia is a leading technology platform focused on accelerating life and annuities growth by simplifying the insurance buying, selling, and administration processes. With over $180 billion in assets under administration, Zinnia serves 100+ carrier clients, 2500 distributors and partners, and over 2 million policyholders. The company's success is underpinned by core values of boldness, teamwork, and delivering value, which are reflected in its commitment to innovation and excellence. Apply by completing the online application on the careers section of Zinnia's website to join a team of smart, creative professionals dedicated to revolutionizing the insurance industry. Zinnia is an Equal Opportunity employer that values diversity and does not discriminate based on factors such as race, religion, gender, or disability. **Note:** Nice to have qualifications such as hands-on experience with cloud-native application security, exposure to DevSecOps concepts, bug bounty programs, or relevant certifications like OSCP, OSWE, GWAPT, CSSLP, or GIAC AppSec certifications are preferred but not mandatory for the role. **Job Description:** **Role Overview:** As a Product Security Engineer at Zinnia, your role involves ensuring that Zinnias products and applications are designed, built, and deployed securely. You will collaborate with developers, DevOps, and senior security engineers to identify vulnerabilities early, integrate security into the software development life cycle (SDLC), and automate security controls where possible. Your passion for understanding technology, identifying security gaps, and implementing practical solutions will be crucial in contributing to a culture of secure development at Zinnia. **Key Responsibilities:** - Partner with development teams to incorporate security into the SDLC through design reviews, threat modeling, and secure coding practices. - Conduct secure code reviews, static and dynamic analysis, and dependency scanning to detect and address vulnerabilities at an early stage. - Assist in implementing and automating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and container scanning tools in CI/CD pipelines. - Work with engineering teams to remediate vulnerabilities