GEICO
GEICO is seeking an experienced Staff Engineer to provide enterprise support for product security in hybrid, multi-cloud environments. The role proactively leads and supports Product Security activities that guide the design, development, security of code, and code repositories for cloud, hybrid, and open-source applications.
Position Description
The Product Security Staff Engineer is a senior level position reporting to the Manager of Secure Product Design. Works closely with development teams, product teams, and others across the organization to integrate security into the product lifecycle. This role defines security requirements, secure application design, conducts application security assessments, threat modeling, and provides remediation guidance to developers. The engineer may be pulled in to evaluate new systems, review proposed designs, or deliver solutions for application security and coding best practices.
Responsibilities
Work independently with developers, system/network engineers, product owners, and other engineers to ensure secure design, development, and implementation of cloud-based applications Define and document secure architecture patterns and anti-patterns Perform security architecture design reviews of products including web applications, services, and mobile applications Define security best practices and standards and partner with Product Development teams to implement them Provide remediation guidance and recommendations to developers and engineers Serve as a technical advisor and consultant on Cybersecurity application security policy and standards Provide technical thought leadership for integration decisions, analyzing design constraints and trade-offs to protect GEICO assets Work with Product Development teams to prioritize and validate urgency of mitigations for identified product vulnerabilities and security feature enhancements Interface with Product and Cyber Security teams to track security feature enhancement requests Develop actionable insights, prioritizing work based on risk and impact, and allocate resources effectively using GEICO data sets Qualifications
Hands-on product development experience with mature SDLC processes Experience working with development teams to define, develop, and document secure solutions Ability to break down complex systems to identify flaws with analysis and threat modeling Strong familiarity with common vulnerabilities and attack vectors Knowledge of web service technologies, load balancers, and RESTful APIs Knowledge of encryption technologies and authentication protocols (e.g., PGP, SSL, OpenID Connect, OAuth, SAML, RADIUS, LDAP, Kerberos) Solid understanding of secure network, system, and service design in cloud environments (Azure, AWS, etc.) Understanding and applied use of OWASP Top 10, NIST frameworks, ISO 27001, PCI-DSS, etc. Experience with SDLC methodologies (waterfall, agile, DevOps/SecDevOps) and integration of security testing into the lifecycle Experience with DAST/SAST tools Ability to work with multiple security technologies, platforms, and processing environments Advanced knowledge of cloud security trends and practical application to business models Experience collaborating with senior executives on strategic initiatives Experience providing security training to developers Ability to identify security defects in languages such as Go, Rust, Java, Python, Objective-C, and mobile languages One or more of the following certifications is highly desired: Security+, CISSP, or CISM Experience
6+ years planning and designing application, cloud, or platform security 5+ years in at least two security solution design disciplines 4+ years in application and open-source security 3+ years of experience with AWS, GCP, Azure, or another cloud service 2+ years of experience with open-source frameworks Education
Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or equivalent education/experience Annual Salary
$115,000.00 - $230,000.00 The above range is a general guideline. Final pay is based on factors including role scope, candidate experience, location, and market conditions. GEICO may sponsor employment authorization for qualified applicants. The GEICO Pledge
Great Company:
GEICO supports customers through life’s twists and turns and seeks to stay ahead by evolving with their needs. Great Careers:
GEICO offers opportunities for learning, growth, and development with programs, mentorship, and coaching. Great Culture:
An inclusive culture rooted in integrity, action, and performance, with emphasis on caring and belonging. Great Rewards:
Compensation and benefits designed to support physical, mental, and financial well-being, including a Total Rewards program, 401(k) with match, and tuition assistance. GEICO is an equal opportunity employer and provides reasonable accommodations to qualified individuals with disabilities. We hire and promote based on qualifications and do not tolerate harassment or discrimination. Location
Baltimore, MD
#J-18808-Ljbffr
Work independently with developers, system/network engineers, product owners, and other engineers to ensure secure design, development, and implementation of cloud-based applications Define and document secure architecture patterns and anti-patterns Perform security architecture design reviews of products including web applications, services, and mobile applications Define security best practices and standards and partner with Product Development teams to implement them Provide remediation guidance and recommendations to developers and engineers Serve as a technical advisor and consultant on Cybersecurity application security policy and standards Provide technical thought leadership for integration decisions, analyzing design constraints and trade-offs to protect GEICO assets Work with Product Development teams to prioritize and validate urgency of mitigations for identified product vulnerabilities and security feature enhancements Interface with Product and Cyber Security teams to track security feature enhancement requests Develop actionable insights, prioritizing work based on risk and impact, and allocate resources effectively using GEICO data sets Qualifications
Hands-on product development experience with mature SDLC processes Experience working with development teams to define, develop, and document secure solutions Ability to break down complex systems to identify flaws with analysis and threat modeling Strong familiarity with common vulnerabilities and attack vectors Knowledge of web service technologies, load balancers, and RESTful APIs Knowledge of encryption technologies and authentication protocols (e.g., PGP, SSL, OpenID Connect, OAuth, SAML, RADIUS, LDAP, Kerberos) Solid understanding of secure network, system, and service design in cloud environments (Azure, AWS, etc.) Understanding and applied use of OWASP Top 10, NIST frameworks, ISO 27001, PCI-DSS, etc. Experience with SDLC methodologies (waterfall, agile, DevOps/SecDevOps) and integration of security testing into the lifecycle Experience with DAST/SAST tools Ability to work with multiple security technologies, platforms, and processing environments Advanced knowledge of cloud security trends and practical application to business models Experience collaborating with senior executives on strategic initiatives Experience providing security training to developers Ability to identify security defects in languages such as Go, Rust, Java, Python, Objective-C, and mobile languages One or more of the following certifications is highly desired: Security+, CISSP, or CISM Experience
6+ years planning and designing application, cloud, or platform security 5+ years in at least two security solution design disciplines 4+ years in application and open-source security 3+ years of experience with AWS, GCP, Azure, or another cloud service 2+ years of experience with open-source frameworks Education
Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or equivalent education/experience Annual Salary
$115,000.00 - $230,000.00 The above range is a general guideline. Final pay is based on factors including role scope, candidate experience, location, and market conditions. GEICO may sponsor employment authorization for qualified applicants. The GEICO Pledge
Great Company:
GEICO supports customers through life’s twists and turns and seeks to stay ahead by evolving with their needs. Great Careers:
GEICO offers opportunities for learning, growth, and development with programs, mentorship, and coaching. Great Culture:
An inclusive culture rooted in integrity, action, and performance, with emphasis on caring and belonging. Great Rewards:
Compensation and benefits designed to support physical, mental, and financial well-being, including a Total Rewards program, 401(k) with match, and tuition assistance. GEICO is an equal opportunity employer and provides reasonable accommodations to qualified individuals with disabilities. We hire and promote based on qualifications and do not tolerate harassment or discrimination. Location
Baltimore, MD
#J-18808-Ljbffr