Distinguished Engineer - Application Security

GEICO is seeking an Application Security Distinguished Engineer to provide strategic and technical direction for the application security domain for GEICO You will proactively and holistically own, lead, and support Application Security activities that guide the design, development, security of code, and code repositories for cloud-hosted and open-source applications for the company. Solutions include CICD integrations, Secure Design, SAST, DAST, MAST, IAC, SCA, IAST, secure cloud platform engineering, and automated threat modeling.

Position Description:

Our Application Security Distinguished Engineer is a senior level position that reports to the Sr Director of Application Security and works closely with other Distinguished Engineers and Senior Leadership across development teams, product teams, and other security organizations across the company to integrate security into the product lifecycle. The Application Security Distinguished Engineer is an industry leader in defining security requirements, defining secure application design, performing application security assessments, threat modeling, and providing developers with remediation guidance, training, and solutions. On any given day, the Application Security Distinguished Engineer can be pulled in to define strategy and technical roadmap for a new system or service, define and solution for security patterns and anti-patterns, and/or provide reference solutions for application security/coding best practices.

Position Responsibilities

As a Distinguished Engineer, you will:

• Work independently with executives, senior leadership, developers, system/network engineers, product owners, and other distinguished engineers to ensure secure design, development, and implementation of applications and services.

• Define strategic roadmaps for secure architecture patterns and anti-patterns with quantitative approaches.

• Define security best practices and standards and partner with Product Development teams and their leadership to implement them.

• Be accountable for Application Security technical strategy and roadmaps.

• Serve as a technical advisor and consultant to colleagues and GEICO leadership on the implementation of the Cybersecurity application security policy and standards.

• Provide technical thought leadership for integration decisions, analyzing design constraints and trade-offs in system and security design, and ensuring integrity of GEICO mission objectives, while protecting GEICO assets from cyber threats and vulnerabilities.

• Work with Product Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.

Qualifications: 

• Direct experience working with senior leadership development teams, and architects to define secure solutions

• Experience breaking down complex systems and applications to find flaws with analysis and threat modeling

• Expert familiarity with common vulnerabilities and attack vectors

• Extensive experience with web service technologies, load balancer services (i.e., Nginx, Cloudflare, F5, etc.) and RESTful APIs

• Knowledge of and experience with ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)

• Solid understanding of secure network, system, and service design in cloud (Azure, AWS etc.) and conventional environments

• Deep experience with applied use of OWASP Top 10, NIST SP800 Series, NIST CSF, FIPS 140-2, ISO 27001, PCI-DSS, etc.

• Expert understanding and knowledge of application development life cycle methodologies (such as waterfall, spiral, agile software development, rapid prototyping, incremental, synchronize and stabilize, and DevOps/ SecDevOps)

• Experience with diverse security technologies, platforms, and processing environments

• Strong command of strategic and emerging security/ cloud technology trends, and the practical application of existing and emerging technologies to new and evolving business and operating models.

• Expert understanding of product management, agile principles and development methodologies and capability of supporting agile teams by providing advice and guidance on opportunities, impact, and risks, taking account of technical and architectural debt

• Experience collaborating and partnering closely with senior executives on strategic initiatives

• An extensive background integrating security testing into the SDLC

• Experience providing security training to developers

• Ability to find security defects within programming languages such as Go, Java, Python, Object C

• Demonstrated expertise using DAST and SAST tools and services and implementing effective remediation roadmaps.

• One or more of the following Cybersecurity certifications are highly desired: Security+, Certified Information System Security Professional (CISSP) or Certified Information Security Manager (CISM)

Experience:

• 10+ years planning and designing application security, cloud security, systems security, or platform security

• 8+ years of experience in at least two security solution design and development disciplines, including technical or security infrastructure architecture, cloud security, network security management, secure application development or secure cloud development.

• 6+ years of experience in open-source security 

• 4+ years of experience with AWS, GCP, Azure, or other cloud providers

• 3+ years of people management experience

Education

• Bachelor’s degree in computer science, Information Systems, Cybersecurity, or equivalent education or work experience

Annual Salary

The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.

Benefits:

As an Associate, you’ll enjoy our Total Rewards Program* to help secure your financial future and preserve your health and well-being, including:

• Premier Medical, Dental and Vision Insurance with no waiting period**
• Paid Vacation, Sick and Parental Leave
• 401(k) Plan
• Tuition Reimbursement
• Paid Training and Licensures

*Benefits may be different by location.  Benefit eligibility requirements vary and may include length of service.

**Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.

The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.

GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.