Security Engineer III - Product

Who You Are

As a Product Security Engineer, you’ll help ensure Zinnia’s products and applications are designed, built, and deployed securely. You’ll work closely with developers, DevOps, and senior security engineers to identify vulnerabilities early, build security into the SDLC, and automate security controls wherever possible.

You’re someone who loves understanding how things work, finding security gaps, and building practical solutions to fix them. You enjoy learning new technologies, collaborating with engineers, and contributing to a culture where secure development is part of how we build.

What You’ll Do

• Partner with development teams to embed security in the SDLC through design reviews, threat modeling, and secure coding practices.
• Perform secure code reviews, static and dynamic analysis, and dependency scanning to identify and fix vulnerabilities early.
• Support the implementation and automation of SAST, DAST, SCA, and container scanning tools within CI/CD pipelines.
• Collaborate with engineering teams to remediate vulnerabilities and improve code security.
• Participate in application and API penetration testing activities and coordinate fixes with developers.
• Contribute to and maintain secure coding guidelines, checklists, and playbooks.
• Assist in the development of security automation scripts and integrations (Python or similar).
• Work with senior engineers to improve AppSec tooling, reporting, and developer experience.
• Help raise security awareness through developer training and security reviews.
• Stay current with emerging vulnerabilities, threats, and mitigation techniques relevant to web and cloud-native applications.

What You’ll Need

•  4+ years of experience in application or product security, software development, or security engineering.
• Solid understanding of web application, API, and microservices security.
• Experience with SAST, DAST, SCA, and related tools (e.g., Veracode, Checkmarx, Snyk, Burp Suite, OWASP ZAP).
• Familiarity with CI/CD pipelines and integrating security scans into build workflows.
• Working knowledge of secure coding practices and common vulnerabilities (OWASP Top 10, CWE, CAPEC).
• Experience with Python, Go, Java, or JavaScript/TypeScript for automation or code analysis.
• Understanding of authentication/authorization mechanisms (OAuth2, OIDC, JWT).
• Strong analytical, problem-solving, and communication skills.
• Willingness to learn, experiment, and collaborate across teams.

Nice to Have (Preferred Qualifications)

• Hands-on experience with cloud-native application security (containers, serverless, Kubernetes).
• Exposure to DevSecOps concepts and security automation frameworks.
• Experience with bug bounty programs or internal security testing.
• Certifications such as OSCP, OSWE, GWAPT, CSSLP, or GIAC AppSec certifications.

WHAT’S IN IT FOR YOU?

At Zinnia, you collaborate with smart, creative professionals who are dedicated to delivering cutting-edge technologies, deeper data insights, and enhanced services to transform how insurance is done. Visit our website at www.zinnia.com for more information. Apply by completing the online application on the careers section of our website. We are an Equal Opportunity employer committed to a diverse workforce. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability

#LI-SC1