GEICO
Overview
Senior Staff Engineer, Offensive Security (REMOTE) role at GEICO. This range is provided by GEICO. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more. Annual Salary
$120,000.00/yr - $260,000.00/yr Responsibilities
Strategic and tactical leadership for highly effective penetration testing, simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming). Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities. Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors. Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes. Guide the team on risk assessment, prioritization, reporting, and remediation of vulnerabilities through automation. Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops. Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS. Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies. Represent the Offensive Security functions in senior leadership and audit discussions as a subject matter expert. Offer technical leadership for 3rd party penetration testing programs by setting a high bar and overseeing vendor testing activities. Required Qualifications
Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, PowerShell). Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development. Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit. Relevant professional security certifications (e.g. GIAC or others). Proven experience in achieving results efficiently through automation and establishing best practices. Proven track record to deliver business outcomes for meeting regulatory and compliance obligations. Ability to coach and mentor offensive security engineers across all functions (penetration testing, red teaming, purple teaming). Preferred Qualifications
OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certs. GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus. Breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programming. Advanced level knowledge of Linux/Mac/Windows operating systems, AWS/Azure cloud environments and cloud-native resources (e.g., Containers, Kubernetes, microservices, serverless functions). Experience with reverse engineering on mobile applications, including anti-emulator and obfuscation protections. Education
Bachelor’s degree in Cybersecurity, Computer Science or a related field Experience
10+ years in engineering-focused roles 8+ years of experience in offensive security (penetration testing, red team, and purple team) 5+ years of hands-on experience performing penetration-testing, red teaming, and purple teaming activities 4+ years of experience with Azure, AWS, GCP or other cloud providers Senior role influencing company direction on security Experience applying security controls to meet regulatory and compliance obligations Seniority level
Mid-Senior level Employment type
Full-time Job function
Finance and Sales Industries
Insurance GEICO is an equal opportunity employer. We provide reasonable accommodations to qualified individuals with disabilities to enable them to perform essential job functions.
#J-18808-Ljbffr
Senior Staff Engineer, Offensive Security (REMOTE) role at GEICO. This range is provided by GEICO. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more. Annual Salary
$120,000.00/yr - $260,000.00/yr Responsibilities
Strategic and tactical leadership for highly effective penetration testing, simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming). Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities. Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors. Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes. Guide the team on risk assessment, prioritization, reporting, and remediation of vulnerabilities through automation. Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops. Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS. Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies. Represent the Offensive Security functions in senior leadership and audit discussions as a subject matter expert. Offer technical leadership for 3rd party penetration testing programs by setting a high bar and overseeing vendor testing activities. Required Qualifications
Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, PowerShell). Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development. Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit. Relevant professional security certifications (e.g. GIAC or others). Proven experience in achieving results efficiently through automation and establishing best practices. Proven track record to deliver business outcomes for meeting regulatory and compliance obligations. Ability to coach and mentor offensive security engineers across all functions (penetration testing, red teaming, purple teaming). Preferred Qualifications
OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certs. GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus. Breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programming. Advanced level knowledge of Linux/Mac/Windows operating systems, AWS/Azure cloud environments and cloud-native resources (e.g., Containers, Kubernetes, microservices, serverless functions). Experience with reverse engineering on mobile applications, including anti-emulator and obfuscation protections. Education
Bachelor’s degree in Cybersecurity, Computer Science or a related field Experience
10+ years in engineering-focused roles 8+ years of experience in offensive security (penetration testing, red team, and purple team) 5+ years of hands-on experience performing penetration-testing, red teaming, and purple teaming activities 4+ years of experience with Azure, AWS, GCP or other cloud providers Senior role influencing company direction on security Experience applying security controls to meet regulatory and compliance obligations Seniority level
Mid-Senior level Employment type
Full-time Job function
Finance and Sales Industries
Insurance GEICO is an equal opportunity employer. We provide reasonable accommodations to qualified individuals with disabilities to enable them to perform essential job functions.
#J-18808-Ljbffr