Swiss Re
Senior Security Engineer - Vulnerability Management (Hybrid set up))
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Swiss Re
Swiss Re Ltd is a leading Swiss multinational reinsurance company, founded in 1863 and headquartered in Zürich, Switzerland. It is recognized as one of the largest reinsurers globally, employing around 14,000 to 15,000 people across approximately 70 to 80 offices in 29 countries. The company is listed on the SIX Swiss Exchange and ranks among the top companies on the Forbes Global 2000 and Fortune Global 500. Swiss Re operates through three main business units: Property & Casualty Reinsurance, Life & Health Reinsurance, and Corporate Solutions. These units provide specialized reinsurance and risk transfer solutions, leveraging underwriting expertise and data analysis. The company focuses on a wide range of risks, including natural catastrophes, economic crises, and emerging threats like climate change and cybercrime. Swiss Re is committed to sustainability and has a strong financial position, emphasizing client centricity, agility, and integrity in its operations.
Security at Swiss Re
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Swiss Re describes its security programme as threat-based and focused on confidentiality, integrity, and availability.
- They perform vulnerability scans and penetration tests regularly and conduct annual risk assessments of cybersecurity resilience.
- Philipp Krayenbuehl, a former CSO, stated an ambition to lead the industry in security.
- Swiss Re uses a governance gate prior to roll-out, where they advise and control what is going on.
- Job postings indicate a goal to improve security through standardization while maintaining excellent developer experience.
- Goals also include enhancing cyber defence by integrating vulnerability information from different sources and deploying, configuring, and maintaining vulnerability scanning tools in CI/CD pipelines.
Security Team
Swiss Re's CSO organisation is the central body for security activities and reports into Group management. Simon Jenner is identified as the Group Chief Information Security Officer. Philipp Krayenbuehl was a CSO who stated an ambition to be a security leader. The team size estimate is not publicly available. As of, there are approximately 6 active AppSec job postings, including roles like Senior Security Engineer - Applications IAM, Senior Security Engineer - Vulnerability Management, Penetration Tester II, DevSecOps Engineer, Cloud Security Engineer, and Principal Engineer. Common skill and tool patterns from job postings include experience managing SAST tools like Nexus IQ and SonarQube, DAST tools such as Invicti, and knowledge of secret vault technologies.
Key Initiatives
Information regarding a Security Champions Program is not publicly available. For 'Shift Left' practices, no direct public verbatim quote describing pre-commit or IDE-integrated controls was found, but job postings reference deploying, configuring, and maintaining vulnerability scanning tools in CI/CD pipelines. The vulnerability management process involves frequent vulnerability scans and penetration tests, but no public SLA/MTTR numbers or definitive ticketing workflow quotes were found. Secure SDLC artifacts include a governance gate prior to roll-out where security advises and controls what is going on. A recent initiative (within the last 6 months) involves the implementation of OPSWAT MetaDefender ICAP Server on Azure Container Instances, as documented in a case study.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.