Senior Product Security Engineer

WHO WE ARE:

Zinnia is the leading technology platform for accelerating life and annuities growth. With innovative enterprise solutions and data insights, Zinnia simplifies the experience of buying, selling, and administering insurance products. All of which enables more people to protect their financial futures. Our success is driven by a commitment to three core values: be bold, team up, deliver value – and that we do. Zinnia has over $180 billion in assets under administration, serves 100+ carrier clients, 2500 distributors and partners, and over 2 million policyholders.

Who You Are

As a Senior Security Engineer focusing on Product and Application Security, you will play a key role in ensuring the security of Zinnia's products and customer-facing applications. You will work closely with product engineering teams to integrate security into every phase of the software development lifecycle (SDLC), design secure architectures, and build scalable solutions that prevent and detect vulnerabilities.

You thrive at the intersection of engineering and security—comfortable diving into code reviews, designing security controls, building automation, and mentoring developers on secure coding practices. You are passionate about shifting security left, driving adoption of secure design principles, and building a program that enables developers to deliver secure products quickly and confidently. 

What You'll Do

• Partner with product engineering teams to embed security in the SDLC through threat modelling, design reviews, and secure architecture guidance.
•  Perform secure code reviews, static/dynamic analysis, and dependency scanning, ensuring vulnerabilities are identified and remediated early.
•  Build and maintain security automation and guardrails (CI/CD integrations, pipelines, and developer tools) to scale AppSec across teams.
•  Lead and evolve the threat modelling program, aligning security requirements with product architecture and risk profiles.
  • Collaborate with engineering teams to remediate vulnerabilities and implement secure coding practices.
• Enhance the usage of SAST, DAST, SCA, and container scanning tools, and build custom automation where needed. 
• Conduct penetration testing of applications and APIs and track findings through remediation.
• Contribute to and maintain secure coding standards, playbooks, and training for developers.
• Stay ahead of emerging application security threats, libraries, and frameworks, and proactively recommend improvements.
• Mentor engineers and contribute to the growth of the Product Security program.

What You'll Need 

•  7+ years of experience in application/product security, software engineering, or related security engineering roles.
• Strong background in web application, API, and microservices security. 
• Solid knowledge of secure coding practices (Java, Python, Go, JavaScript/TypeScript preferred). 
• Hands-on experience with SAST, DAST, SCA, and container scanning tools (e.g., Semgrep, Checkmarx, Snyk, Burp Suite, OWASP ZAP).
• Experience with CI/CD security automation and integrating security into pipelines.
• Strong knowledge of OWASP Top 10, CWE, CAPEC, threat modelling, and secure design principles.
• Familiarity with identity, authentication, and authorization protocols (OAuth2, OIDC, SAML, JWT).
• Experience conducting manual and automated penetration testing of applications and APIs.
• Strong written and verbal communication skills, with the ability to influence developers and non-security stakeholders.
• A passion for mentoring and building developer-first security culture. Nice to Have (Preferred Qualifications)
• Knowledge of cloud-native application security (Kubernetes, serverless, containers).
• Certifications such as OSWE, OSCP, GWAPT, CSSLP, or GIAC AppSec certs.
  • Experience with bug bounty programs or contributing to open-source security projects

WHAT'S IN IT FOR YOU?

At Zinnia, you collaborate with smart, creative professionals who are dedicated to delivering cutting-edge technologies, deeper data insights, and enhanced services to transform how insurance is done. Visit our website at for more information. Apply by completing the online application on the careers section of our website. We are an Equal Opportunity employer committed to a diverse workforce. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability

#LI-SC1