GEICO
Senior Staff Engineer, Offensive Security (REMOTE)
GEICO, San Diego, California, United States, 92189
Overview
Senior Staff Engineer, Offensive Security (REMOTE) at GEICO. This role focuses on leading offensive security initiatives, including penetration testing, advanced attack simulations, and enabling the organization to prevent, detect, and respond to cyber threats. You will shape the security posture and collaborate with senior leadership to influence risk decisions and ensure regulatory readiness.
Responsibilities
Strategic and tactical leadership for penetration testing, red teaming, and collaboration with defensive security teams (purple teaming).
Conduct tactical security penetration tests of applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats; provide feedback to increase automated capabilities with the Application Security team.
Design and execute advanced threat emulation scenarios across physical, social, and digital attack vectors.
Ensure penetration testing activities meet security, business, and compliance objectives.
Guide risk assessment, prioritization, reporting, and remediation of vulnerabilities through automation.
Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops.
Ensure operations align with regulations and standards such as NIST, PCI DSS, and NYDFS.
Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies.
Represent Offensive Security in senior leadership and audit discussions as a subject matter expert.
Provide technical leadership for third-party penetration testing programs by setting a high bar and overseeing vendor testing activities.
Required Qualifications
Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit) and custom scripts (Python, PowerShell).
Advanced understanding of OWASP, MITRE ATT&CK framework, SDLC, threat modeling, red/purple teaming, and attack path development.
Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit.
Relevant professional security certifications (e.g., GIAC or equivalent).
Proven experience delivering results through automation and establishing best practices.
Proven track record of meeting regulatory and compliance obligations.
Ability to coach and mentor offensive security engineers across all functions (penetration testing, red teaming, purple teaming).
Preferred Qualifications
OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certifications.
GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus.
Breadth and depth of knowledge in security of operating systems, networking, databases, and middleware; forensics; scripting and programming.
Advanced knowledge of Linux/Mac/Windows, AWS/Azure cloud environments and cloud-native resources (e.g., containers, Kubernetes, microservices, serverless).
Experience with reverse engineering mobile applications, including anti-emulator and obfuscation protections.
Required Experience
10+ years in an engineering-focused role, preferably in tech.
8+ years of experience in offensive security (penetration testing, red teaming, purple teaming).
5+ years hands-on experience performing penetration testing, red teaming, and purple teaming activities.
4+ years of experience with Azure, AWS, GCP, or other cloud providers.
Senior role influencing company direction on security.
Experience applying security controls to meet third-party attestation requirements (PCI, NYDFS, SOX, etc.).
Education Bachelor’s degree in Cybersecurity, Computer Science or a related field.
Annual Salary $120,000.00 - $260,000.00
The above annual salary range is a general guideline. Multiple factors are considered to determine the final offer, including scope and responsibilities of the role, candidate experience, education, location, and market conditions.
At this time, GEICO will not sponsor a new applicant for employment authorization for this position.
The GEICO Pledge Great Company:
At GEICO, we help our customers through life’s twists and turns. Our mission is to protect people when they need it most, and we’re constantly evolving to stay ahead of their needs.
Great Careers:
We offer opportunities to learn, grow, and thrive through development programs, certification assistance, mentorship, and coaching.
Great Culture:
We foster an inclusive culture rooted in integrity, action, and a winning mindset, with a commitment to caring and belonging.
Great Rewards:
We offer compensation and benefits to enhance well-being, mental health, and financial future.
Comprehensive Total Rewards program with personalized coverage for you and your family.
Competitive compensation; 401K with 6% match; performance-based incentives; tuition assistance.
Access to benefits like mental healthcare, fertility and adoption assistance.
Workplace flexibility, including GEICO Flex program (work from anywhere in the US for up to four weeks per year).
The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants, regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, disability, or genetic information, in compliance with applicable laws. GEICO hires and promotes individuals solely on qualifications. GEICO reasonably accommodates qualified individuals with disabilities to enable equal opportunity and performance. This applies to all applicants and associates. GEICO also provides a work environment free from discrimination and harassment, with mutual respect among associates and applicants.
#J-18808-Ljbffr
Responsibilities
Strategic and tactical leadership for penetration testing, red teaming, and collaboration with defensive security teams (purple teaming).
Conduct tactical security penetration tests of applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats; provide feedback to increase automated capabilities with the Application Security team.
Design and execute advanced threat emulation scenarios across physical, social, and digital attack vectors.
Ensure penetration testing activities meet security, business, and compliance objectives.
Guide risk assessment, prioritization, reporting, and remediation of vulnerabilities through automation.
Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops.
Ensure operations align with regulations and standards such as NIST, PCI DSS, and NYDFS.
Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies.
Represent Offensive Security in senior leadership and audit discussions as a subject matter expert.
Provide technical leadership for third-party penetration testing programs by setting a high bar and overseeing vendor testing activities.
Required Qualifications
Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit) and custom scripts (Python, PowerShell).
Advanced understanding of OWASP, MITRE ATT&CK framework, SDLC, threat modeling, red/purple teaming, and attack path development.
Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit.
Relevant professional security certifications (e.g., GIAC or equivalent).
Proven experience delivering results through automation and establishing best practices.
Proven track record of meeting regulatory and compliance obligations.
Ability to coach and mentor offensive security engineers across all functions (penetration testing, red teaming, purple teaming).
Preferred Qualifications
OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certifications.
GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus.
Breadth and depth of knowledge in security of operating systems, networking, databases, and middleware; forensics; scripting and programming.
Advanced knowledge of Linux/Mac/Windows, AWS/Azure cloud environments and cloud-native resources (e.g., containers, Kubernetes, microservices, serverless).
Experience with reverse engineering mobile applications, including anti-emulator and obfuscation protections.
Required Experience
10+ years in an engineering-focused role, preferably in tech.
8+ years of experience in offensive security (penetration testing, red teaming, purple teaming).
5+ years hands-on experience performing penetration testing, red teaming, and purple teaming activities.
4+ years of experience with Azure, AWS, GCP, or other cloud providers.
Senior role influencing company direction on security.
Experience applying security controls to meet third-party attestation requirements (PCI, NYDFS, SOX, etc.).
Education Bachelor’s degree in Cybersecurity, Computer Science or a related field.
Annual Salary $120,000.00 - $260,000.00
The above annual salary range is a general guideline. Multiple factors are considered to determine the final offer, including scope and responsibilities of the role, candidate experience, education, location, and market conditions.
At this time, GEICO will not sponsor a new applicant for employment authorization for this position.
The GEICO Pledge Great Company:
At GEICO, we help our customers through life’s twists and turns. Our mission is to protect people when they need it most, and we’re constantly evolving to stay ahead of their needs.
Great Careers:
We offer opportunities to learn, grow, and thrive through development programs, certification assistance, mentorship, and coaching.
Great Culture:
We foster an inclusive culture rooted in integrity, action, and a winning mindset, with a commitment to caring and belonging.
Great Rewards:
We offer compensation and benefits to enhance well-being, mental health, and financial future.
Comprehensive Total Rewards program with personalized coverage for you and your family.
Competitive compensation; 401K with 6% match; performance-based incentives; tuition assistance.
Access to benefits like mental healthcare, fertility and adoption assistance.
Workplace flexibility, including GEICO Flex program (work from anywhere in the US for up to four weeks per year).
The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants, regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, disability, or genetic information, in compliance with applicable laws. GEICO hires and promotes individuals solely on qualifications. GEICO reasonably accommodates qualified individuals with disabilities to enable equal opportunity and performance. This applies to all applicants and associates. GEICO also provides a work environment free from discrimination and harassment, with mutual respect among associates and applicants.
#J-18808-Ljbffr