GEICO
Senior Staff Engineer, Offensive Security (REMOTE)
GEICO, Richardson, Texas, United States, 75080
Senior Staff Engineer, Offensive Security (REMOTE)
4 days ago Be among the first 25 applicants
This range is provided by GEICO. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Overview As a Senior Staff Engineer of Offensive Security, you'll be at the forefront of our cybersecurity strategy for penetration testing, advanced attack simulations, and enabling the organization to prevent, detect, and respond to cyber threats. Your role is pivotal in shaping our security posture, collaborating closely with senior leadership to influence risk decisions and ensure regulatory readiness.
Responsibilities
Strategic and tactical leadership for highly effective penetration testing, simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming).
Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities.
Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors.
Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes.
Guide the team on risk assessment, prioritization, reporting, and remediation of vulnerabilities through automation.
Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops.
Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS.
Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies.
Represent the Offensive Security functions in senior leadership and audit discussions as a subject matter expert.
Offer technical leadership for 3rd party penetration testing programs by setting a high bar and overseeing vendor testing activities.
Required Qualifications
Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, PowerShell).
Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development.
Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit.
Relevant professional security certifications (e.g. GIAC or others).
Proven experience in achieving results efficiently through automation and establishing best practices.
Proven track record to deliver business outcomes for meeting regulatory and compliance obligations.
Ability to coach and mentor offensive security engineers across all functions (penetration testing, red teaming, purple teaming).
Preferred Qualifications
OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certs.
GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus.
Breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programming.
Advanced level knowledge of Linux/Mac/Windows operating systems, AWS/Azure cloud environments and cloud-native resources (e.g., Containers, Kubernetes, microservices, serverless functions).
Experience with reverse engineering on mobile applications, including those with anti-emulator and obfuscation protections.
Required Experience
10+ years in engineering-focused roles, preferably in the tech industry.
8+ years of experience in offensive security (penetration testing, red team, and purple team).
5+ years of hands-on experience performing penetration-testing, red teaming, and purple teaming activities.
4+ years of experience with Azure, AWS, GCP or other cloud providers.
Senior role influencing company direction on security.
Experience applying security controls to exceed third party attestation requirements (PCI, NYDFS, SOX, etc.).
Education
Bachelor’s degree in Cybersecurity, Computer Science or a related field.
Annual Salary $120,000.00 - $260,000.00 per year
The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final rate. Factors include the scope and responsibilities of the role, the candidate’s experience, education, and training, location, and market considerations.
At this time, GEICO will not sponsor a new applicant for employment authorization for this position.
The GEICO Pledge Great Company:
At GEICO, we help our customers through life’s twists and turns. Our mission is to protect people when they need it most and we’re constantly evolving to stay ahead of their needs.
Great Careers:
We offer a career where you can learn, grow, and thrive through personalized development programs, career mentorship, and coaching with supportive leaders at all levels.
Great Culture:
We foster an inclusive culture of shared success, rooted in integrity, action, and belonging. Our teams are led by dynamic, supportive leaders focused on performance and impact.
Great Rewards:
We offer compensation and benefits designed to support well-being and financial security, including a comprehensive Total Rewards program, 401K with match, and other benefits.
The GEICO equal employment opportunity policy provides for fair and equal employment opportunity for all associates and applicants, regardless of race, color, religious creed, national origin, age, gender, pregnancy, sexual orientation, gender identity, marital status, disability, or genetic information, in compliance with applicable law. GEICO also provides reasonable accommodations to qualified individuals with disabilities.
Seniority level Mid-Senior level
Employment type Full-time
Job function Finance and Security
Industries Insurance
Note: This listing includes standard job details and reflects the current role at GEICO. Referrals increase your chances of interviewing.
#J-18808-Ljbffr
This range is provided by GEICO. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Overview As a Senior Staff Engineer of Offensive Security, you'll be at the forefront of our cybersecurity strategy for penetration testing, advanced attack simulations, and enabling the organization to prevent, detect, and respond to cyber threats. Your role is pivotal in shaping our security posture, collaborating closely with senior leadership to influence risk decisions and ensure regulatory readiness.
Responsibilities
Strategic and tactical leadership for highly effective penetration testing, simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming).
Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities.
Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors.
Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes.
Guide the team on risk assessment, prioritization, reporting, and remediation of vulnerabilities through automation.
Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops.
Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS.
Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies.
Represent the Offensive Security functions in senior leadership and audit discussions as a subject matter expert.
Offer technical leadership for 3rd party penetration testing programs by setting a high bar and overseeing vendor testing activities.
Required Qualifications
Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, PowerShell).
Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development.
Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit.
Relevant professional security certifications (e.g. GIAC or others).
Proven experience in achieving results efficiently through automation and establishing best practices.
Proven track record to deliver business outcomes for meeting regulatory and compliance obligations.
Ability to coach and mentor offensive security engineers across all functions (penetration testing, red teaming, purple teaming).
Preferred Qualifications
OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certs.
GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus.
Breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programming.
Advanced level knowledge of Linux/Mac/Windows operating systems, AWS/Azure cloud environments and cloud-native resources (e.g., Containers, Kubernetes, microservices, serverless functions).
Experience with reverse engineering on mobile applications, including those with anti-emulator and obfuscation protections.
Required Experience
10+ years in engineering-focused roles, preferably in the tech industry.
8+ years of experience in offensive security (penetration testing, red team, and purple team).
5+ years of hands-on experience performing penetration-testing, red teaming, and purple teaming activities.
4+ years of experience with Azure, AWS, GCP or other cloud providers.
Senior role influencing company direction on security.
Experience applying security controls to exceed third party attestation requirements (PCI, NYDFS, SOX, etc.).
Education
Bachelor’s degree in Cybersecurity, Computer Science or a related field.
Annual Salary $120,000.00 - $260,000.00 per year
The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final rate. Factors include the scope and responsibilities of the role, the candidate’s experience, education, and training, location, and market considerations.
At this time, GEICO will not sponsor a new applicant for employment authorization for this position.
The GEICO Pledge Great Company:
At GEICO, we help our customers through life’s twists and turns. Our mission is to protect people when they need it most and we’re constantly evolving to stay ahead of their needs.
Great Careers:
We offer a career where you can learn, grow, and thrive through personalized development programs, career mentorship, and coaching with supportive leaders at all levels.
Great Culture:
We foster an inclusive culture of shared success, rooted in integrity, action, and belonging. Our teams are led by dynamic, supportive leaders focused on performance and impact.
Great Rewards:
We offer compensation and benefits designed to support well-being and financial security, including a comprehensive Total Rewards program, 401K with match, and other benefits.
The GEICO equal employment opportunity policy provides for fair and equal employment opportunity for all associates and applicants, regardless of race, color, religious creed, national origin, age, gender, pregnancy, sexual orientation, gender identity, marital status, disability, or genetic information, in compliance with applicable law. GEICO also provides reasonable accommodations to qualified individuals with disabilities.
Seniority level Mid-Senior level
Employment type Full-time
Job function Finance and Security
Industries Insurance
Note: This listing includes standard job details and reflects the current role at GEICO. Referrals increase your chances of interviewing.
#J-18808-Ljbffr