Senior Security Test Analyst - PenTesting [T500-26192]

Talent500 is hiring for one of its clients.

Who are we:

Core Insurance Platforms (CIP) is Zurich’s global capability responsible for building, running, and evolving core insurance technology. We set a unified, scalable operating model—covering governance, standards, architecture, service delivery, and reuse—so our business units can deliver at speed and scale.

CIP is the strategic steward of Zurich’s Guidewire ecosystem, aligning platform roadmaps to business strategy while driving stability, modernization, reduced supplier dependency, and long term cost efficiency.

India delivery center is one of our global delivery and capability hub. We bring together experts in AI, engineering, analysis, quality, and architecture to deliver product & process solutions, application run services, change and transformation initiatives, and centralized platform services across both on prem and Guidewire Cloud environments. Our teams operate from multiple global delivery centers, supporting Zurich’s business units worldwide.

We support Zurich projects and programs strengthening Quality and Zurich standards through:

• Full Testing Services provided by empowered Zurich Staff and partners with accountability in delivery & services of Quality Assurance
• Provide Quality and Testing services to Zurich business units and Group Functions

As a Security Test Lead, you’ll be part of a mature Group Team who is main reference on the delivery of Security Testing services worldwide, and will play a key role in executing and guaranteeing global support to Zurich IT projects as per the Security Standards on Manual Penetration testing, SAST, DAST and IAST, with specific focus on the requirements from the APAC region's Business Units.

You’ll work with enthusiastic, supportive and passionate cross-cultural team colleagues within an extremely collaborative environment where we all share same goals and passion to grow professionally, innovate, and add value to the organization.

Role Description:

Security Test Lead is responsible to assure that Security Testing deliverables are meeting the highest quality Security Standards from the

technology perspective and with focus on providing Penetration testing and App sec toolset administration support for the Security Testing BTS Team.

As part of this role, Security Test Lead is expected to support the Test Service Manager on anything related to Manual Pen Testing deliverables, assess on team technical requirements in terms of equipment and toolset, and be the team’s SPOC in APAC Region on technical discussions / meetings with unit’s stakeholders, assuring global support to Zurich IT projects to enable them to perform penetration testing, SAST, DAST and IAST toolset management. Security Test Lead is also expected to adopt and implement AI techniques to generate efficiencies across all AppSec Testing’s lifecycle.

Responsibilities:

• Be the Go-To Expert:
• Serve as the SME, providing hands-on support for all technical activities within Security Test Engineering
• Lead Penetration Testing:
• Conduct and oversee authorized penetration tests on enterprise network assets, ensuring our systems remain robust against emerging threats.
• Deliver Actionable Insights:
• Review and enhance test reports, clearly communicating findings, associated risks, and recommendations for remediation.
• Facilitate Vulnerability Management:
• Lead findings agreement sessions with internal clients, guiding them toward effective solutions for identified vulnerabilities.
• Collaborate for Success: Work closely with internal and external partners to address target access and operational issues, fostering a secure ecosystem.

Roles & Responsibilities - Career Plan – Senior Security Test Engineer:

Responsibilities:

Ensure Secure Development:

• Oversee, and perform when needed, penetration testing for new or updated applications to safeguard our innovation pipeline.
• Supervise the creation of thorough technical documentation and run books, ensuring clarity and consistency in implementation records.
• Automate security controls, data handling, and processes to deliver improved metrics and operational support.
• Identify and implement new security technologies and best practices to further strengthen our organization.
• Bridge Technical and Business Needs: Translate security and technical requirements into actionable business requirements, communicating risks and solutions to diverse stakeholders—from business leaders to engineers.
• Guide internal and external teams in leveraging systems automation platforms and technologies to streamline security operations.
• Stay Ahead of Threats: Continuously monitor and evaluate emerging security threats, vulnerabilities, and controls, ensuring Zurich remains at the forefront of cyber resilience.
• Design Exploitation Strategies: Develop comprehensive strategies that identify and address technical or operational vulnerabilities, strengthening our security posture.
• Main Service’s Point of Contact across APAC region to guarantee efficient Stakeholder Management (new requests, troubleshooting).

Required technical skills:

• Strong familiarity with Linux and Windows operating systems.
• Experience architecting, designing, and programming applications and experience in high level programming languages such as C++, C#, Java, Python, Visual Basic and Vibe Coding (Claude Code, or similar)
• Understanding of complex enterprise environments and current technology areas.
• Certification: One or more of the following certifications: OSCP, OSWE, GPEN, GWAPT and/or GMOB
• Communication skills: In executing their duties, cloud security engineers must communicate with various audiences, including business leaders, engineers, clients, and team members. It is important that they have great verbal communication skills to convey information to the relevant audience. They also require exceptional written communication skills, documentation and reporting.

Candidate Data Privacy Notice:

Applicability of This Notice This job posting relates to opportunities with Zurich Digital International Private Ltd. (“Zurich”) and is published with the support of ANSR Inc., (“ANSR”) an authorized recruitment service provider engaged by Zurich for its hiring activities.

Participation in the Recruitment Process : When you apply for this role, personal data provided as part of your application (such as your name, email address, contact details, address, financial information, background information, medical history, and details of previous employers/employment) is collected for the purposes of recruitment and selection and may be reviewed by Zurich, and transferred/disclosed to Zurich’s affiliates, subsidiaries, and related entities and ANSR (“Transferees”), solely for recruitment and selection purposes (in accordance with their respective privacy policies).

The Transferees maintain at least the same level of protection for your data as maintained by Zurich, and do not further transfer/disclose/share or publish your data.

For information on how your personal data is processed by ANSR, including your rights and how to contact the relevant data protection office,

You understand and acknowledge:

• You have the option not to provide your data (in which case we may not be able to process your application)
• You have the option to review, correct/amend your data;
• You have the option to withdraw your consent from processing your data;
• Your data is retained until the purpose for its collection is served; and
• Zurich uses reasonable security measures to help protect against the unauthorized access, loss, misuse and alteration of the personal information under our control. However, no method of transmission over the internet, or method of electronic storage, is completely secure.

By submitting your interest in any of our vacancies, you consent to the collection, storage, transfer, disclosure, and processing of your personal information and/or sensitive personal data or information.