Senior Staff Engineer - Vulnerability Management Engineering (REMOTE)

GEICO is seeking a visionary Senior Staff Engineer to provide strategic direction to Vulnerability Management Engineering initiatives. The ideal candidate has a proven track record of design, development, and implementation of scalable security solutions in hybrid environments using commercial and open-source products. This role will be responsible for leading enterprise initiatives and collaboration with cross-functional teams as well as designing and implementing secure and scalable solutions.

As a Senior Staff Engineer, you’re not just a technical expert—you’re a mentor, strategic thinker, and problem solver who thrives in a fast-paced, constantly evolving environment. You will turn complex security challenges into elegant, practical solutions while fostering collaboration across teams and stakeholders. You are well-versed with Vulnerability Management Lifecycle - asset discovery, internal/external scans, contextualization and risk-based assessment, triaging of CVEs,  detection authoring,  security data pipeline, reporting, and remediation.

Our Senior Staff Engineer is a senior level position that reports to the Senior Director and works closely with infrastructure, development, product, and other organizations across GEICO to integrate security into the ecosystem from design through deployment to sustainable operations. The Senior Staff Engineer is a subject matter expert in defining security requirements, designing secure infrastructure architectures, performing infrastructure and service security assessments, implementing scalable security systems while raising the bar on engineering excellence.

​​​As a Senior Staff Engineer, you will: 

• Provide technical thought leadership for cybersecurity program strategy, integration decisions, analyzing design constraints and trade-offs in system and security design, and ensuring integrity of GEICO mission objectives, while protecting GEICO assets from cyber threats and vulnerabilities.
• Serve as a technical advisor and consultant to GEICO Cybersecurity leadership on the implementation of Cybersecurity policies and standards.
• Develop, integrate, and maintain multilevel cybersecurity designs, architectures, policies, and procedures
• Help develop and implement policies, standards, and guidelines to ensure compliance with industry regulations and frameworks, promoting security as an integral part of our operation by partnering with external teams and their leadership.
• Lead building the capability to describe our security objectives in the language of business outcomes – telling the story of how we will get there
• Provide secure design guidance and recommendations to developers, infrastructure, cybersecurity, and engineers
• Deliver automation initiatives, conduct advanced research, and develop proofs of concept to enhance our security capabilities and improve overall efficiency.
• Influence and educate staff at all levels to bring an engineering first approach to develop sustainable security systems.
• Mentor peers and team members in security technologies, enterprise solution design, deployment, and effective customer interaction
• Provide motivating demonstrations and communications to show the value of our security measures to the business, highlighting the low impact on systems, improved operability and resiliency.

Qualifications

• Extensive experience in software engineering in security domain
• Experience communicating and presenting to senior and junior staff with the ability to influence stakeholders.
• Experience in a multi-platform environment with Linux, Mac, Windows.
• ​Experience with solving security control requirements with engineering approaches.
• ​Ability to excel in a fast-paced, startup-like environment.
• Ability to design, implement, deploy, and operate systems to solve complex security problems.
• Strong knowledge of industry-standard security tools, frameworks, and best practices including MITRE, CIS and NIST.
• Demonstratable proficiency in at least one software programming language and common scripting languages with examples of automation at scale.
• Experience working with auditors and demonstrating security controls.

Experience

• 7+ years of non-internship professional software engineering experience
• 4+ years of engineering experience in security domain
• 4+ years of experience with AWS, GCP, Azure, or other cloud providers
• 3+ years of experience building and implementing vulnerability management and secure by default systems
• Senior role influencing company direction on security
• Experience applying security controls to exceed third party attestation requirements (PCI, SOC, …).
• A professional security certifications (e.g., CISSP, CCSP, CSSLP) is a plus.

Education

• Bachelor’s degree in Computer Science, Cyber Security, or equivalent education with work experience

Annual Salary

The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.

Benefits:

As an Associate, you’ll enjoy our Total Rewards Program* to help secure your financial future and preserve your health and well-being, including:

• Premier Medical, Dental and Vision Insurance with no waiting period**
• Paid Vacation, Sick and Parental Leave
• 401(k) Plan
• Tuition Assistance
• Paid Training and Licensures

*Benefits may be different by location.  Benefit eligibility requirements vary and may include length of service.

**Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.

The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.

GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.