Security Test Engineer

Security Test Engineer

As a Security Test Engineer at Zurich Capability Center, you will be responsible for ensuring that our Security Testing deliverables meet the highest quality security standards. You will focus on providing penetration testing and application security toolset administration support for the Security Testing BTS Team. You will work closely with the Test Service Manager and Test Manager, playing a pivotal role in technical discussions, manual penetration testing deliverables, and assessing team requirements in terms of equipment and tools. Additionally, you will act as the main point of contact for technical issues, ensuring global support for Zurich IT projects, enabling them to perform penetration testing, SAST, DAST, and IAST toolset management.

Key Responsibilities:

- Subject Matter Expertise (SME):Act as a subject matter expert, supporting the Security Test Engineering team on all technical-related activities.

- Penetration Testing: Conduct and support authorized penetration testing on enterprise network assets to identify vulnerabilities and potential threats.

- Report Review and Recommendations: Review reports and provide recommendations on security findings, including risk levels and suggested actions for mitigation.

- Lead Finding Agreements: Lead finding agreement sessions with internal clients and propose solutions to identified vulnerabilities.

- Collaboration: Collaborate with both internal and external teams to address access and operational issues related to security testing.

- Exploitation Strategies: Create detailed exploitation strategies that identify exploitable technical or operational vulnerabilities in systems.

- Toolset Management: Support the administration and management of application security tools, such as SAST, DAST, and IAST.

- Technical Documentation: Oversee the thorough documentation of implementations, including technical documentation and run books for future reference.

- Automation Expertise: Lead internal and external teams in the application of systems automation platforms and technologies, ensuring operational efficiency.

- Risk Communication: Interpret security and technical requirements into clear business language and communicate security risks to stakeholders, from business leaders to engineers.

- Security Controls Automation: Automate security controls, data handling, and processes to enhance metrics and operational support.

- Continuous Learning: Stay up-to-date on emerging security threats, vulnerabilities, and controls to apply the latest industry best practices to your work.

- Innovation and Best Practices: Identify and implement new security technologies and best practices to strengthen the overall security posture.

Key Qualifications:

- Fluent in English (both written and spoken) is  mandatory, as the role involves regular communication with global teams and stakeholders in English.

- Strong experience in penetration testing, vulnerability assessment, and security testing in a corporate environment.

- Proficiency in managing security tools like SAST, DAST, and IAST, as well as experience with penetration testing tools and techniques.

- Strong analytical and problem-solving skills with a deep understanding of security frameworks and methodologies.

- Ability to effectively collaborate with cross-functional teams and stakeholders, both technical and non-technical.

- Skilled in creating detailed technical documentation, including reports, recommendations, and run books.

Experience with automation of security processes and tools, as well as familiarity with security automation platforms.

- Bachelor’s degree or equivalent in Computer Science, Information Security, or a related field (or equivalent practical experience).

- CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or similar security certifications.

Personal Attributes:

- Proactive and self-motivated, with a keen interest in emerging security trends.

- Strong communication skills, capable of presenting complex security issues to non-technical stakeholders.

- Detail-oriented, with a focus on high-quality deliverables.

Who we are 

Looking for a challenging and inspiring work environment where you can make a difference? At Zurich millions of individuals and businesses place their trust in our products and services every day. Our 53,000 employees worldwide form the basis of our success, enabling, businesses and communities to face a world of risk with confidence. Imagine if you could help people do this all over the world. You’d give them confidence and reassurance by protecting what they love most. It’s a big challenge, but you will be supported by a world-class team who believe in helping you to reach your full potential and deliver on our promises. 

So be challenged. Be inspired. Help us make a difference. 

At Zurich we are an equal opportunity employer. We attract and retain the best qualified individuals available, without regard to race/ethnicity, religion, gender, sexual orientation, age, or disability