Senior Product Security Engineer

Who We Are

Zinnia is the leading technology platform for accelerating life and annuities growth. With innovative enterprise solutions and data insights, Zinnia simplifies the experience of buying, selling, and administering insurance products. All of which enables more people to protect their financial futures. Our success is driven by a commitment to three core values : be bold, team up, deliver value – and that we do. Zinnia has over $180 billion in assets under administration, serves 100+ carrier clients, 2500 distributors and partners, and over 2 million policyholders.

Who You Are

As a Senior Security Engineer focusing on Product and Application Security, you will play a key role in ensuring the security of Zinnia's products and customer-facing applications. You will work closely with product engineering teams to integrate security into every phase of the software development lifecycle (SDLC), design secure architectures, and build scalable solutions that prevent and detect vulnerabilities.

You thrive at the intersection of engineering and security—comfortable diving into code reviews, designing security controls, building automation, and mentoring developers on secure coding practices. You are passionate about shifting security left, driving adoption of secure design principles, and building a program that enables developers to deliver secure products quickly and confidently.

What You'll Do

• Partner with product engineering teams to embed security in the SDLC through threat modelling, design reviews, and secure architecture guidance.
• Perform secure code reviews, static / dynamic analysis, and dependency scanning, ensuring vulnerabilities are identified and remediated early.
• Build and maintain security automation and guardrails (CI / CD integrations, pipelines, and developer tools) to scale AppSec across teams.
• Lead and evolve the threat modelling program, aligning security requirements with product architecture and risk profiles.
• Collaborate with engineering teams to remediate vulnerabilities and implement secure coding practices.
• Enhance the usage of SAST, DAST, SCA, and container scanning tools, and build custom automation where needed.
• Conduct penetration testing of applications and APIs and track findings through remediation.
• Contribute to and maintain secure coding standards, playbooks, and training for developers.
• Stay ahead of emerging application security threats, libraries, and frameworks, and proactively recommend improvements.
• Mentor engineers and contribute to the growth of the Product Security program.

What You'll Need

WHAT'S IN IT FOR YOU

At Zinnia, you collaborate with smart, creative professionals who are dedicated to delivering cutting-edge technologies, deeper data insights, and enhanced services to transform how insurance is done. Visit our website at www.zinnia.com for more information. Apply by completing the online application on the careers section of our website. We are an Equal Opportunity employer committed to a diverse workforce. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability

Skills Required

DAST, Saml, Go, Typescript, Javascript, product security , Application Security, SAST, Python, Java, Oauth2, Jwt, Penetration Testing, SCA, Burp Suite, Owasp Top 10, Checkmarx