GEICO
Sr. Staff Security Operations Engineer VM & Offensive Security - REMOTE
GEICO, San Francisco, California, United States, 94199
Overview
Sr. Staff Security Operations Engineer VM & Offensive Security - REMOTE GEICO is seeking an experienced Sr. Staff Engineer, Operations within Vulnerability Management & Offensive Security to drive operational excellence across multiple departments and teams. The role involves managing complex programs, delivering security controls, and prioritizing initiatives and issue management. The ideal candidate will have a strong background in Vulnerability Management and Offensive Security, with experience delivering solutions and measuring success through KPIs and visible metrics. This position reports to the Vulnerability Management & Offensive Security leadership team and requires collaboration with CSIRT, GRC, Platform Security, Development/Product teams and technology partners. Responsibilities Monitor and track signals of security gaps, initiative delays, and compliance risks due to system issues, and drive resolution. Create visuals on current performance and risk indicators related to Vulnerability Management & Offensive Security initiatives and operations. Help develop standards for reporting on vulnerability management & offensive security tool effectiveness, maturity, resilience, and related risk factors. Help drive automation of routine tasks to advance security protection and detection technologies. Provide expert guidance and lead discussions on security best practices with stakeholders and leadership. Collaborate with CSIRT, GRC, Platform Security, Development/Product teams, and technology partners to ensure protection coverages, proper detection event notifications, and standardized documentation. Organize, store, and manage operational best practices documentation for security solutions in hybrid environments (on-prem and multi-cloud). Partner with project sponsors and delivery teams to deliver quality solutions on time and within budget by coordinating activities across multiple systems, departments, and teams. Create, maintain, and manage detailed project schedules, change control processes, and documentation. Identify and raise security risks with detailed, actionable solutions and drive campaigns to resolution. Drive vendor management by identifying vendors, coordinating activities, and working with Sourcing to develop statements of work and procure services.
Qualifications
Demonstrated understanding of vulnerability management and offensive security tooling and practices including vulnerability scanning of infrastructure, penetration testing, red/purple teaming, risk assessment, prioritization, and remediation of vulnerabilities. Familiar with CVEs, CWEs, CVSS, and OWASP projects such as Web Top Ten, API Top Ten, Mobile Top Ten, and OWASP AI. Knowledge of data access languages such as SQL and GraphQL and the ability to construct queries against data sources. Extensive experience in engineering and solution delivery in a dynamic service provider environment. Strong knowledge of project management methodologies and best practices. Proven track record of successfully managing large/complex projects across cross-functional teams, building processes, and coordinating delivery. Working knowledge of security services and their impact on production systems, including runtime protection, detective and protective agents, vulnerability and application scanning, etc. Experience in a multi-cloud environment including AWS, Azure, and/or Google Cloud. Experience communicating and presenting to senior and junior staff with the ability to influence development partners and stakeholders. Detail- and deadline-oriented with strong organizational and analytical skills. Strong critical thinking, problem solving, decision making, and analytical skills. Excellent verbal/written communication skills with the ability to clearly document findings, proposals, issues, and status. Self-motivated and able to work independently while coordinating activities with cross-divisional teams. Effective leadership qualities and the ability to influence without direct management authority. Ability to excel in a fast-paced, startup-like environment. Knowledge of industry-standard security control frameworks and compliance standards including NIST, PCI, SOX, NYDFS.
Preferred Qualifications
Knowledge in a hybrid cloud environment including containerization, VMs, CI/CD pipelines, and Infrastructure as Code (IaC). Experience defining KPIs/SLAs used to drive multi-million-dollar businesses and reporting to senior leadership.
Experience
10+ years in an engineering-focused role, preferably in the tech industry. 4+ years of experience with AWS, GCP, Azure, or other cloud providers. 4+ years in a senior role influencing company direction. Experience applying engineering to meet or exceed third-party attestation requirements (PCI, SOX, etc.).
Education
Bachelors degree in Computer Science, Cyber Security, or equivalent education with work experience. Third-party certifications on security or engineering-related technologies.
Compensation
Base pay range:
$120,000.00/yr - $260,000.00/yr The above annual salary range is a general guideline. Multiple factors are considered to determine the final offer, including scope, experience, education, location, and market considerations. Employer Information
At this time, GEICO will not sponsor a new applicant for employment authorization for this position. The GEICO Pledge Great Company:
At GEICO, we help customers through lifes twists and turns. Our mission is to protect people when they need it most and were evolving to stay ahead of needs. Great Careers:
We offer a career with learning, growth, and development programs, mentorship, and coaching. Great Culture:
We foster an inclusive culture of shared success, integrity, and performance excellence, with a focus on belonging and collaboration. Great Rewards:
Compensation and benefits designed to support your well-being and financial future. Comprehensive Total Rewards program with personalized coverage. Financial benefits including competitive pay, 401K with 6% match, incentives, and tuition assistance. Benefits including mental healthcare and fertility/adoption assistance. Flexible work options and GEICO Flex program (work from anywhere in the US for up to four weeks per year).
Equal employment opportunity statement: GEICO provides a fair and equal opportunity for all associates and applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, disability, or genetic information, in accordance with law. GEICO hires and promotes based on qualifications for the job. GEICO reasonably accommodates qualified individuals with disabilities unless accommodation would impose an undue hardship. We are committed to a harassment-free workplace and mutual respect for all associates and applicants. #J-18808-Ljbffr
Sr. Staff Security Operations Engineer VM & Offensive Security - REMOTE GEICO is seeking an experienced Sr. Staff Engineer, Operations within Vulnerability Management & Offensive Security to drive operational excellence across multiple departments and teams. The role involves managing complex programs, delivering security controls, and prioritizing initiatives and issue management. The ideal candidate will have a strong background in Vulnerability Management and Offensive Security, with experience delivering solutions and measuring success through KPIs and visible metrics. This position reports to the Vulnerability Management & Offensive Security leadership team and requires collaboration with CSIRT, GRC, Platform Security, Development/Product teams and technology partners. Responsibilities Monitor and track signals of security gaps, initiative delays, and compliance risks due to system issues, and drive resolution. Create visuals on current performance and risk indicators related to Vulnerability Management & Offensive Security initiatives and operations. Help develop standards for reporting on vulnerability management & offensive security tool effectiveness, maturity, resilience, and related risk factors. Help drive automation of routine tasks to advance security protection and detection technologies. Provide expert guidance and lead discussions on security best practices with stakeholders and leadership. Collaborate with CSIRT, GRC, Platform Security, Development/Product teams, and technology partners to ensure protection coverages, proper detection event notifications, and standardized documentation. Organize, store, and manage operational best practices documentation for security solutions in hybrid environments (on-prem and multi-cloud). Partner with project sponsors and delivery teams to deliver quality solutions on time and within budget by coordinating activities across multiple systems, departments, and teams. Create, maintain, and manage detailed project schedules, change control processes, and documentation. Identify and raise security risks with detailed, actionable solutions and drive campaigns to resolution. Drive vendor management by identifying vendors, coordinating activities, and working with Sourcing to develop statements of work and procure services.
Qualifications
Demonstrated understanding of vulnerability management and offensive security tooling and practices including vulnerability scanning of infrastructure, penetration testing, red/purple teaming, risk assessment, prioritization, and remediation of vulnerabilities. Familiar with CVEs, CWEs, CVSS, and OWASP projects such as Web Top Ten, API Top Ten, Mobile Top Ten, and OWASP AI. Knowledge of data access languages such as SQL and GraphQL and the ability to construct queries against data sources. Extensive experience in engineering and solution delivery in a dynamic service provider environment. Strong knowledge of project management methodologies and best practices. Proven track record of successfully managing large/complex projects across cross-functional teams, building processes, and coordinating delivery. Working knowledge of security services and their impact on production systems, including runtime protection, detective and protective agents, vulnerability and application scanning, etc. Experience in a multi-cloud environment including AWS, Azure, and/or Google Cloud. Experience communicating and presenting to senior and junior staff with the ability to influence development partners and stakeholders. Detail- and deadline-oriented with strong organizational and analytical skills. Strong critical thinking, problem solving, decision making, and analytical skills. Excellent verbal/written communication skills with the ability to clearly document findings, proposals, issues, and status. Self-motivated and able to work independently while coordinating activities with cross-divisional teams. Effective leadership qualities and the ability to influence without direct management authority. Ability to excel in a fast-paced, startup-like environment. Knowledge of industry-standard security control frameworks and compliance standards including NIST, PCI, SOX, NYDFS.
Preferred Qualifications
Knowledge in a hybrid cloud environment including containerization, VMs, CI/CD pipelines, and Infrastructure as Code (IaC). Experience defining KPIs/SLAs used to drive multi-million-dollar businesses and reporting to senior leadership.
Experience
10+ years in an engineering-focused role, preferably in the tech industry. 4+ years of experience with AWS, GCP, Azure, or other cloud providers. 4+ years in a senior role influencing company direction. Experience applying engineering to meet or exceed third-party attestation requirements (PCI, SOX, etc.).
Education
Bachelors degree in Computer Science, Cyber Security, or equivalent education with work experience. Third-party certifications on security or engineering-related technologies.
Compensation
Base pay range:
$120,000.00/yr - $260,000.00/yr The above annual salary range is a general guideline. Multiple factors are considered to determine the final offer, including scope, experience, education, location, and market considerations. Employer Information
At this time, GEICO will not sponsor a new applicant for employment authorization for this position. The GEICO Pledge Great Company:
At GEICO, we help customers through lifes twists and turns. Our mission is to protect people when they need it most and were evolving to stay ahead of needs. Great Careers:
We offer a career with learning, growth, and development programs, mentorship, and coaching. Great Culture:
We foster an inclusive culture of shared success, integrity, and performance excellence, with a focus on belonging and collaboration. Great Rewards:
Compensation and benefits designed to support your well-being and financial future. Comprehensive Total Rewards program with personalized coverage. Financial benefits including competitive pay, 401K with 6% match, incentives, and tuition assistance. Benefits including mental healthcare and fertility/adoption assistance. Flexible work options and GEICO Flex program (work from anywhere in the US for up to four weeks per year).
Equal employment opportunity statement: GEICO provides a fair and equal opportunity for all associates and applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, disability, or genetic information, in accordance with law. GEICO hires and promotes based on qualifications for the job. GEICO reasonably accommodates qualified individuals with disabilities unless accommodation would impose an undue hardship. We are committed to a harassment-free workplace and mutual respect for all associates and applicants. #J-18808-Ljbffr