SDET-1 (Security)

Zinier is the leader in intelligent field service automation, helping organizations work smarter. Zinier boasts a customizable, workflow-based platform to help schedule and manage workforce, assets and customers, powered by Generative AI. We are a global team headquartered in Silicon Valley with leading investors including Accel, ICONIQ Capital, Founders Fund, Newfund, Nokia-backed NGP Capital, Tiger Global Management and Qualcomm Ventures LLC. We are looking for a visionary Director of Engineering to lead our engineering team, drive technical excellence, and ensure the successful delivery of our product roadmap. This role will be instrumental in shaping our technical strategy and scaling our engineering practices as we continue to expand.

Job Overview:

We are seeking a highly skilled and experienced Sr. Security Analyst to join our dynamic team. In this role, you will be responsible for performing comprehensive functional security testing for web, backend, and mobile applications. The ideal candidate will have 2-5 years of hands-on experience in the security field and a deep understanding of modern security tools, including Snyk, Sonarqube, Qualys, ZAP and other industry-standard tools for vulnerability assessment, remediation, and monitoring.

Requirements and Responsibilities:

• Conduct functional security testing on web, backend, and mobile applications to identify potential vulnerabilities and security weaknesses.
• Conduct Infra related security audits, review infrastructure setup for security design principles to enforce. Need someone with a strong foundation in cloud security.
• Integrate security testing into DevSecOps pipeline to ensure SLDC processes follow guidelines to reduce the risks for vulnerabilities on the application.
• Functional security testing of all applications we support, code review, and software composition analysis (SCA).
• Use industry-leading security tools such as Snyk, Sonarqube, Burpsuite, ZAP and Qualys and others to perform static and dynamic analysis of applications.
• Experience in Threat Modeling & Design Reviews of the application we support. Hands-on experience in performing threat modeling, and risk assessments to identify high-risk vulnerabilities and provide remediation recommendations.
• Experience to audit and conduct on Security engineering design reviews (ERDs), and overall security design assessments.
• Perform threat modeling Collaborate with development teams to provide security expertise during the SDLC (Software Development Life Cycle), ensuring security best practices are incorporated from the start.
• Conduct vulnerability scanning, penetration testing, and code reviews to identify security gaps in applications.
• Analyze findings from security tools and provide actionable insights for developers to resolve security issues.
• Participate in creating security policies and procedures, as well as conducting security awareness training for teams.
• Experience in working with having Security and Compliance
• Stay up-to-date with the latest security trends, vulnerabilities, and best practices in the web, backend, and mobile application security domains.
• Work closely with other IT security teams to ensure comprehensive security coverage across the organization.
• Knowledge of other relevant security testing tools (e.g., OWASP ZAP, Burp Suite, Checkmarx, Fortify, etc.).
• Familiarity with various programming languages (e.g., Java, Python, JavaScript, etc.) and development frameworks.
• Experience with automated security testing and CI/CD security integrations.
• Solid understanding of common web and mobile application vulnerabilities, including OWASP Top 10, and how to mitigate them.

• Certifications (Preferred but not required):
  • CEH (Certified Ethical Hacker)
  • CISSP (Certified Information Systems Security Professional)
  • OSCP (Offensive Security Certified Professional)
  • SANS GWAPT (GIAC Web Application Penetration Tester)
• Soft Skills:
  • Strong analytical and problem-solving skills.
  • Excellent communication and collaboration skills.
  • Ability to work independently and manage multiple projects in a fast-paced environment.

Preferred Qualifications:

• Hands-on experience with penetration testing, code review, and vulnerability management.
• Experience in securing APIs, cloud environments (AWS), and microservices architecture.
• Knowledge of secure development practices and coding standards.
• Familiarity with regulatory frameworks and compliance requirements (e.g., SOC2, ISO GDPR, PCI-DSS, HIPAA).