GEICO
Sr. Staff Security Operations Engineer – VM & Offensive Security - REMOTE
GEICO, Dallas, Texas, United States, 75215
Overview
GEICO is seeking an experienced Sr. Staff Engineer, Operations Engineer with a passion for managing complex programs across multiple departments and teams to build Vulnerability Management & Offensive Security operational excellence from the ground up. You will help drive our business transformation as we transition from a traditional IT model to a tech organization with engineering excellence as its mission. Responsibilities
Monitor and track signals of security gaps, initiative delays, and compliance risks due to system issues, and drive resolution. Create visuals on current performance and risk indicators related to Vulnerability Management & Offensive Security initiatives and operations. Develop standards for reporting Vulnerability Management & Offensive Security tool effectiveness, maturity, resilience, and related risk factors. Drive automation of routine tasks to advance security protection and detection technologies. Provide expert guidance, demonstrations, and lead discussions on security best practices with stakeholders and leadership. Collaborate with CSIRT, GRC, Platform Security, Development/Product, and Technology partner teams to ensure protection coverage, detection notifications, and consistent standards. Organize, store, and manage operational best practices documentation for security solutions in a hybrid environment (on-prem and multi-cloud). Partner with project sponsors, delivery teams, and stakeholders to deliver quality solutions on time and within budget by coordinating activities across multiple systems, departments, and teams. Create and maintain detailed project schedules, change control processes, and documentation. Identify security risks and present detailed, implementable solutions to drive campaigns to resolution. Drive vendor management by identifying vendors and coordinating activities with Sourcing to develop statements of work and procure services. Qualifications
Demonstrated understanding of vulnerability management and offensive security tooling and practices including infrastructure vulnerability scanning, penetration testing, red/purple teaming, risk assessment, prioritization, and remediation of vulnerabilities. Familiar with CVEs, CWEs, CVSS, and OWASP projects (Web Top Ten, API Top Ten, Mobile Top Ten, OWASP AI). Knowledge of data query languages such as SQL and GraphQL. Extensive experience in engineering and solution delivery in a dynamic service provider environment. Strong knowledge of project management methodologies and best practices. Proven track record of managing large/complex projects across cross-functional teams, building processes, and coordinating delivery. Working knowledge of security services and their impact on production systems (runtime protection, detective/protective agents, scanning, etc.). Experience in multi-cloud environments (AWS, Azure, and/or Google Cloud). Ability to communicate and influence both senior and junior stakeholders; strong verbal and written communication skills. Detail- and deadline-oriented with strong analytical and organizational skills. Self-motivated and able to work independently while coordinating with cross-divisional teams; ability to influence without direct management authority. Ability to excel in a fast-paced, startup-like environment. Knowledge of industry-standard security control frameworks and compliance standards (NIST, PCI, SOX, NYDFS). Preferred Qualifications
Knowledge in hybrid cloud environments including containerization, VMs, CI/CD pipelines, and Infrastructure as Code (IaC). Experience defining KPIs/SLAs for multi-million-dollar business initiatives and reporting to senior leadership. Experience
10+ years in engineering-focused roles, preferably in the tech industry. 4+ years of experience with AWS, GCP, Azure, or other cloud providers. 4+ years in a senior role influencing company direction. Education
Bachelor’s degree in Computer Science, Cyber Security, or equivalent work experience. Third-party certifications in security or engineering-related technologies. Annual Salary
$120,000.00 - $260,000.00 The above annual salary range is a general guideline. Final compensation will consider scope, responsibilities, experience, education, location, and market factors. GEICO does not sponsor employment authorization for this position at this time. GEICO Pledge and Benefits
The GEICO Pledge highlights Great Company, Great Culture, Great Rewards and Great Careers, with comprehensive benefits and Total Rewards including health coverage, retirement plans, tuition assistance, and flexible work options such as GEICO Flex. Equal Employment Opportunity
GEICO is an equal opportunity employer. We hire and promote based on qualifications for the job. We provide reasonable accommodations to qualified individuals with disabilities to enable equal opportunity and performance. We prohibit harassment and discrimination and support a respectful, inclusive workplace.
#J-18808-Ljbffr
GEICO is seeking an experienced Sr. Staff Engineer, Operations Engineer with a passion for managing complex programs across multiple departments and teams to build Vulnerability Management & Offensive Security operational excellence from the ground up. You will help drive our business transformation as we transition from a traditional IT model to a tech organization with engineering excellence as its mission. Responsibilities
Monitor and track signals of security gaps, initiative delays, and compliance risks due to system issues, and drive resolution. Create visuals on current performance and risk indicators related to Vulnerability Management & Offensive Security initiatives and operations. Develop standards for reporting Vulnerability Management & Offensive Security tool effectiveness, maturity, resilience, and related risk factors. Drive automation of routine tasks to advance security protection and detection technologies. Provide expert guidance, demonstrations, and lead discussions on security best practices with stakeholders and leadership. Collaborate with CSIRT, GRC, Platform Security, Development/Product, and Technology partner teams to ensure protection coverage, detection notifications, and consistent standards. Organize, store, and manage operational best practices documentation for security solutions in a hybrid environment (on-prem and multi-cloud). Partner with project sponsors, delivery teams, and stakeholders to deliver quality solutions on time and within budget by coordinating activities across multiple systems, departments, and teams. Create and maintain detailed project schedules, change control processes, and documentation. Identify security risks and present detailed, implementable solutions to drive campaigns to resolution. Drive vendor management by identifying vendors and coordinating activities with Sourcing to develop statements of work and procure services. Qualifications
Demonstrated understanding of vulnerability management and offensive security tooling and practices including infrastructure vulnerability scanning, penetration testing, red/purple teaming, risk assessment, prioritization, and remediation of vulnerabilities. Familiar with CVEs, CWEs, CVSS, and OWASP projects (Web Top Ten, API Top Ten, Mobile Top Ten, OWASP AI). Knowledge of data query languages such as SQL and GraphQL. Extensive experience in engineering and solution delivery in a dynamic service provider environment. Strong knowledge of project management methodologies and best practices. Proven track record of managing large/complex projects across cross-functional teams, building processes, and coordinating delivery. Working knowledge of security services and their impact on production systems (runtime protection, detective/protective agents, scanning, etc.). Experience in multi-cloud environments (AWS, Azure, and/or Google Cloud). Ability to communicate and influence both senior and junior stakeholders; strong verbal and written communication skills. Detail- and deadline-oriented with strong analytical and organizational skills. Self-motivated and able to work independently while coordinating with cross-divisional teams; ability to influence without direct management authority. Ability to excel in a fast-paced, startup-like environment. Knowledge of industry-standard security control frameworks and compliance standards (NIST, PCI, SOX, NYDFS). Preferred Qualifications
Knowledge in hybrid cloud environments including containerization, VMs, CI/CD pipelines, and Infrastructure as Code (IaC). Experience defining KPIs/SLAs for multi-million-dollar business initiatives and reporting to senior leadership. Experience
10+ years in engineering-focused roles, preferably in the tech industry. 4+ years of experience with AWS, GCP, Azure, or other cloud providers. 4+ years in a senior role influencing company direction. Education
Bachelor’s degree in Computer Science, Cyber Security, or equivalent work experience. Third-party certifications in security or engineering-related technologies. Annual Salary
$120,000.00 - $260,000.00 The above annual salary range is a general guideline. Final compensation will consider scope, responsibilities, experience, education, location, and market factors. GEICO does not sponsor employment authorization for this position at this time. GEICO Pledge and Benefits
The GEICO Pledge highlights Great Company, Great Culture, Great Rewards and Great Careers, with comprehensive benefits and Total Rewards including health coverage, retirement plans, tuition assistance, and flexible work options such as GEICO Flex. Equal Employment Opportunity
GEICO is an equal opportunity employer. We hire and promote based on qualifications for the job. We provide reasonable accommodations to qualified individuals with disabilities to enable equal opportunity and performance. We prohibit harassment and discrimination and support a respectful, inclusive workplace.
#J-18808-Ljbffr