Sr. Security Engineer I

Who You Are

As a Senior Security Engineer, you are a technical subject matter expert responsible for independently driving the design, execution, and continuous improvement of Zinnia’s security controls across enterprise infrastructure, endpoints, and identity platforms. You bring deep hands-on expertise, strong architectural judgment, and the ability to translate security strategy into scalable, durable engineering solutions.You thrive in ambiguous environments, take full ownership of security initiatives end-to-end, and are trusted to lead complex projects without oversight. You partner closely with IT, Engineering, and Platform teams to embed security into system design, reduce operational risk, and mature Zinnia’s overall security posture. You also act as a mentor and technical reference point for other security engineers.

What You’ll Do

• Independently lead and execute complex security initiatives, from design through implementation and long-term optimization, across infrastructure, endpoint, and identity domains.
• Own and evolve security architecture standards, maintaining authoritative diagrams and documentation for infrastructure, on-prem, and hybrid environments.
• Serve as a technical authority for security tooling – reviewing configurations, driving advanced feature adoption, and ensuring tools are aligned with threat models and business risk.
• Lead the enterprise vulnerability management program, defining strategy, prioritization frameworks, and remediation workflows across Windows, macOS, Linux, and infrastructure and network platforms.
• Design and enforce identity security architecture, including least privilege models, conditional access policies, service account governance, and identity lifecycle controls.
• Establish and maintain authoritative asset inventory and telemetry pipelines, ensuring complete, accurate visibility for detection, response, and compliance.
• Build and maintain advanced automation (Python, PowerShell, Bash) to enforce controls, reduce manual effort, and integrate security tooling with infrastructure workflows.
• Architect and implement segmentation and isolation strategies across endpoints, workloads, and network layers to limit blast radius and lateral movement.
• Perform deep security posture and architectural assessments, identifying systemic weaknesses and driving long-term remediation plans.
• Own endpoint security, DLP, and data protection strategies, ensuring strong controls for data handling, device health, and insider risk reduction.
• Define and optimize security logging and telemetry standards, ensuring high-fidelity data ingestion into centralized monitoring and detection platforms in collaboration with Security Operations team.
• Serve as an escalation point and subject-matter expert for Security Operations during security incidents, providing architectural guidance, deep technical analysis, and driving post-incident control improvements.
• Participate in Security Engineering on call as needed.

What You'll Need 

• 7+ years of experience in security engineering, infrastructure security, or enterprise security architecture roles.
• Advanced expertise in network security, including firewalls, VPNs, proxies, zero trust concepts, and secure wireless architectures.
• Deep, hands-on experience securing Windows, macOS, and Linux at scale in enterprise environments.
• Strong background in Identity and Access Management (IAM), including modern identity providers, conditional access, and privileged access models.
• Proven experience leading vulnerability management programs and driving remediation across large, distributed environments.
• Expert-level scripting and automation skills using Python, PowerShell, or Bash.
• Extensive hands-on experience with EDR and vulnerability management platforms such as CrowdStrike, Tenable, or equivalent tools.
• Deep expertise in AWS cloud security architecture, including multi-account strategy, IAM and permission boundary design, network segmentation (VPCs, security groups, NACLs), cloud-native threat detection, logging, and guardrail enforcement using AWS-native and third-party controls
• Ability to own projects independently, make architectural decisions, and drive execution with minimal direction.
• Strong communication skills with the ability to influence engineering teams and translate security requirements into scalable solutions.

 Nice to Have

• Deep hands-on experience with CrowdStrike Falcon, including policy design, prevention tuning, and advanced detection capabilities.
• Strong working knowledge of security frameworks such as NIST CSF, CIS Benchmarks, ISO 27001, and their practical application in enterprise environments.
• Experience with Device Posture Management (DPM) and large-scale endpoint health monitoring.

 

WHAT’S IN IT FOR YOU?

At Zinnia, you collaborate with smart, creative professionals who are dedicated to delivering cutting-edge technologies, deeper data insights, and enhanced services to transform how insurance is done. Visit our website at www.zinnia.com for more information. Apply by completing the online application on the careers section of our website. We are an Equal Opportunity employer committed to a diverse workforce. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability.

#LI-SN1