WHO WE ARE
Building on its rich heritage, Zinnia is transforming the way life and annuity products are created, sold, and administered – from lead to origination to claims – through Zinnia Open Insurance. We’re addressing the new realities of the marketplace, and we understand what consumers want and deserve: a great experience from the moment they consider these products until their policies pay out.
Zinnia Open Insurance is advanced data-driven technology that accelerates innovation, enables unrivaled speed-to-market, deepens relationships with policyholders, and empowers better risk-based outcomes. Open transforms the end-to-end experience to make everything faster, more transparent, and more collaborative for consumers, carriers, and advisors. Zinnia is a new tech company, but we’re not new to insurance. We’re L&A experts and technology innovators building Open Insurance to power exceptional experiences that evolve ahead of the marketplace. We’re Zinnia. And we’re Open. Join us, and experience Life, More Open.WHO YOU ARE
As a Senior Product Security Engineer, you will leverage your development, security and architecture experience to work alongside product and engineering to design secure software solutions, mitigate risks and enable security controls to protect assets. You will be responsible for analyzing systems, identifying security vulnerabilities, advocating for security across engineering teams and leadership, and influencing product design and architecture. You’ll build partnerships with our Software Engineering and Product teams to ensure Zinnia is doing all we can to protect the company’s and our customers’ data.
As a trusted advisor, you will partner with business, engineering and product stakeholders and enable them. You will be able to coach, mentor, educate, advise on software design and architecture, implement/configure/monitor security tools, and help drive an appreciation for security. If you like to automate and shift security left, manage risk, and further enable business, then this role is for you.
WHAT YOU’LL DO
●Collaborate and build relationships with the product and engineering teams
●Identify risks across all applications, and assist to mitigate these risks
●Assist in the development of a scalable threat modeling program (and conduct them as well!) for our applications, including the training of engineering teams to do the same.
●Review source code for potential security vulnerabilities and provide remediation guidance to engineers
●Develop, deploy and maintain various code and application security tools (such as SAST/DAST etc.) and their SOPs
●Develop, evaluate, and respond to alerts and events from the security tools
●Adopt automation to shift security to the left and make it scalable
●Triage, escalate, and offer remediation for the vulnerabilities found after risk assessment
●Be able to assist in occasional (but not normally expected) after hours security investigations when needed
●Be a humble mentor for our talented team members
WHAT YOU’LL NEED:
●9+ years of experience in an application security engineering or other similar role
●Extensive hands-on experience in performing manual and tool-assisted code reviews
●Extensive hands-on experience in integrating secure development practices into SDLC
●Extensive hands-on experience in integrating security tools in CI/CD pipelines
●Experience in Typescript, Python, Go or another programming language
●Experience in the development of security products or DevSecOps infrastructure
●Demonstrable knowledge of OWASP Top 10 and attack vectors
●Foundational understanding of container security and orchestration (Kubernetes, Docker)
●Familiarity with deployment automation tools such as Terraform, Helm, Atlantis, and BuildKite
●Familiarity with threat modeling
●Strong written and verbal communication skills
●Desire to build an application security program and coach junior engineers
WHAT’S IN IT FOR YOU?
●A competitive compensation plan
●Hybrid work from home and office model
●A flexible time off policy which includes unlimited wellness days, personal days and vacation time;
●Two volunteer days;
●A day off on your Birthday;
●A company paid top-tier health benefits plan and a telemedicine service;
●The opportunity to work with a fantastic team with a great culture;
●The opportunity to be part of an innovative and exciting company that is completely changing an outdated industry;
●The opportunity to grow professionally in a dynamic and fun environment; the online application on the careers section of our website.
#LI-SC1