Security Engineer III Product

Noida - India

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

WHO WE ARE:

Zinnia is the leading technology platform for accelerating life and annuities growth. With innovative enterprise solutions and data insights Zinnia simplifies the experience of buying selling and administering insurance products. All of which enables more people to protect their financial futures. Our success is driven by a commitment to three core values: be bold team up deliver value and that we do. Zinnia has over $180 billion in assets under administration serves 100 carrier clients 2500 distributors and partners and over 2 million policyholders.

Who You Are

As a Product Security Engineer youll help ensure Zinnias products and applications are designed built and deployed securely. Youll work closely with developers DevOps and senior security engineers to identify vulnerabilities early build security into the SDLC and automate security controls wherever possible.

Youre someone who loves understanding how things work finding security gaps and building practical solutions to fix them. You enjoy learning new technologies collaborating with engineers and contributing to a culture where secure development is part of how we build.

What Youll Do

Partner with development teams to embed security in the SDLC through design reviews threat modeling and secure coding practices.
Perform secure code reviews static and dynamic analysis and dependency scanning to identify and fix vulnerabilities early.
Support the implementation and automation of SAST DAST SCA and container scanning tools within CI/CD pipelines.
Collaborate with engineering teams to remediate vulnerabilities and improve code security.
Participate in application and API penetration testing activities and coordinate fixes with developers.
Contribute to and maintain secure coding guidelines checklists and playbooks.
Assist in the development of security automation scripts and integrations (Python or similar).
Work with senior engineers to improve AppSec tooling reporting and developer experience.
Help raise security awareness through developer training and security reviews.
Stay current with emerging vulnerabilities threats and mitigation techniques relevant to web and cloud-native applications.

What Youll Need

4 years of experience in application or product security software development or security engineering.
Solid understanding of web application API and microservices security.
Experience with SAST DAST SCA and related tools (e.g. Veracode Checkmarx Snyk Burp Suite OWASP ZAP).
Familiarity with CI/CD pipelines and integrating security scans into build workflows.
Working knowledge of secure coding practices and common vulnerabilities (OWASP Top 10 CWE CAPEC).
Experience with Python Go Java or JavaScript/TypeScript for automation or code analysis.
Understanding of authentication/authorization mechanisms (OAuth2 OIDC JWT).
Strong analytical problem-solving and communication skills.
Willingness to learn experiment and collaborate across teams.

Nice to Have (Preferred Qualifications)

Hands-on experience with cloud-native application security (containers serverless Kubernetes).
Exposure to DevSecOps concepts and security automation frameworks.
Experience with bug bounty programs or internal security testing.
Certifications such as OSCP OSWE GWAPT CSSLP or GIAC AppSec certifications.

WHATS IN IT FOR YOU

At Zinnia you collaborate with smart creative professionals who are dedicated to delivering cutting-edge technologies deeper data insights and enhanced services to transform how insurance is done. Visit our website at for more information. Apply by completing the online application on the careers section of our website. We are an Equal Opportunity employer committed to a diverse workforce. We do not discriminate based on race religion color national origin gender sexual orientation age marital status veteran status or disability

#LI-SC1

Required Experience:

WHO WE ARE: Zinnia is the leading technology platform for accelerating life and annuities growth. With innovative enterprise solutions and data insights Zinnia simplifies the experience of buying selling and administering insurance products. All of which enables more people to protect their financia...

WHO WE ARE:

Who You Are

What Youll Do

Partner with development teams to embed security in the SDLC through design reviews threat modeling and secure coding practices.
Perform secure code reviews static and dynamic analysis and dependency scanning to identify and fix vulnerabilities early.
Support the implementation and automation of SAST DAST SCA and container scanning tools within CI/CD pipelines.
Collaborate with engineering teams to remediate vulnerabilities and improve code security.
Participate in application and API penetration testing activities and coordinate fixes with developers.
Contribute to and maintain secure coding guidelines checklists and playbooks.
Assist in the development of security automation scripts and integrations (Python or similar).
Work with senior engineers to improve AppSec tooling reporting and developer experience.
Help raise security awareness through developer training and security reviews.
Stay current with emerging vulnerabilities threats and mitigation techniques relevant to web and cloud-native applications.

What Youll Need

4 years of experience in application or product security software development or security engineering.
Solid understanding of web application API and microservices security.
Experience with SAST DAST SCA and related tools (e.g. Veracode Checkmarx Snyk Burp Suite OWASP ZAP).
Familiarity with CI/CD pipelines and integrating security scans into build workflows.
Working knowledge of secure coding practices and common vulnerabilities (OWASP Top 10 CWE CAPEC).
Experience with Python Go Java or JavaScript/TypeScript for automation or code analysis.
Understanding of authentication/authorization mechanisms (OAuth2 OIDC JWT).
Strong analytical problem-solving and communication skills.
Willingness to learn experiment and collaborate across teams.

Nice to Have (Preferred Qualifications)

Hands-on experience with cloud-native application security (containers serverless Kubernetes).
Exposure to DevSecOps concepts and security automation frameworks.
Experience with bug bounty programs or internal security testing.
Certifications such as OSCP OSWE GWAPT CSSLP or GIAC AppSec certifications.

WHATS IN IT FOR YOU

#LI-SC1

Required Experience:

Key Skills

APQP
Six Sigma
GD&T
Root cause Analysis
CAD
Project Leadership
SolidWorks
Mechanical Engineering
Quality Management
Product Development
Catia
Manufacturing

Apply Now

About Company

Zinnia

Zinnia offers comprehensive technology solutions for insurance carriers and distributors across the full lifecycle of insurance policy administration.

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click