GEICO
Sr. Staff Security Operations Engineer – VM & Offensive Security - REMOTE
GEICO, Seattle, Washington, us, 98127
Sr. Staff Security Operations Engineer – VM & Offensive Security - REMOTE
GEICO is seeking an experienced Sr. Staff Engineer, Operations with a focus on Vulnerability Management & Offensive Security to build operational excellence from the ground up. This role leads a portfolio of security initiatives across multiple departments and acts as a bridge between security, engineering, and business partners to deliver measurable security outcomes. Base pay range $120,000.00/yr - $260,000.00/yr Responsibilities
Monitor and track signals of security gaps, initiative delays, and compliance risks due to system issues; drive resolution. Create visuals on current performance and risk indicators related to Vulnerability Management & Offensive Security initiatives and operations. Develop standards for reporting on vulnerability management tool effectiveness, maturity, resilience, and related risk factors. Drive automation of routine tasks to improve security protection and detection capabilities. Provide expert guidance and lead discussions on security best practices with stakeholders and leadership. Collaborate with CSIRT, GRC, Platform Security, Development/Product teams, and Technology partners to ensure protection coverage, detection event notifications, documentation, and standards. Organize, store and manage operational best practices documentation for security solutions in hybrid (on-prem and multi-cloud) environments. Partner with project sponsors, delivery teams, and stakeholders to deliver quality solutions on time and within budget by coordinating activities across systems, departments, and teams. Create and maintain detailed project schedules, change control processes, and documentation. Identify and raise security risks and present implementable solutions to drive campaigns to resolution. Manage vendor activities and coordinate with Sourcing to develop statements of work and procure services. Qualifications
Understanding of vulnerability management and offensive security tooling and practices, including vulnerability scanning, penetration testing, red/purple teaming, risk assessment, prioritization, and remediation. Familiarity with CVEs, CWEs, CVSS, and OWASP projects (Web Top Ten, API Top Ten, Mobile Top Ten, and OWASP AI). Knowledge of data query languages such as SQL and GraphQL. Experience delivering engineering solutions in a dynamic service provider environment. Strong project management knowledge and a track record of managing large/complex cross-functional initiatives. Working knowledge of security services and their impact on production systems (runtime protection, detectors, vulnerability/app scanning, etc.). Experience in multi-cloud environments (AWS, Azure, and/or Google Cloud). Effective communication and influence with senior and junior stakeholders. Detail- and deadline-oriented with strong organizational and analytical skills. Excellent verbal and written communication skills; ability to document findings and proposals clearly. Self-motivated, able to work independently while coordinating with cross-divisional teams; strong leadership qualities and the ability to influence without direct management authority. Ability to excel in a fast-paced environment and familiarity with industry-standard security control frameworks and compliance standards (NIST, PCI, SOX, NYDFS). Preferred Qualifications
Hybrid cloud environment knowledge including containers, VMs, CI/CD pipelines, and Infrastructure as Code (IaC). Experience defining KPIs/SLAs for multi-million-dollar businesses and reporting to senior leadership. Experience
10+ years in an engineering-focused role, preferably in tech. 4+ years of experience with AWS, GCP, Azure, or other cloud providers. 4+ years in a senior role influencing company direction. Experience aligning engineering efforts with third-party attestation requirements (e.g., PCI, SOX). Education
Bachelor’s degree in Computer Science, Cyber Security, or equivalent education/experience. Third-party certifications in security or engineering technologies. Notes
The GEICO Pledge highlights Great Company, Great Culture, Great Rewards and Great Careers. GEICO is an equal opportunity employer. We provide accommodations for qualified individuals with disabilities to enable equal employment opportunities.
#J-18808-Ljbffr
GEICO is seeking an experienced Sr. Staff Engineer, Operations with a focus on Vulnerability Management & Offensive Security to build operational excellence from the ground up. This role leads a portfolio of security initiatives across multiple departments and acts as a bridge between security, engineering, and business partners to deliver measurable security outcomes. Base pay range $120,000.00/yr - $260,000.00/yr Responsibilities
Monitor and track signals of security gaps, initiative delays, and compliance risks due to system issues; drive resolution. Create visuals on current performance and risk indicators related to Vulnerability Management & Offensive Security initiatives and operations. Develop standards for reporting on vulnerability management tool effectiveness, maturity, resilience, and related risk factors. Drive automation of routine tasks to improve security protection and detection capabilities. Provide expert guidance and lead discussions on security best practices with stakeholders and leadership. Collaborate with CSIRT, GRC, Platform Security, Development/Product teams, and Technology partners to ensure protection coverage, detection event notifications, documentation, and standards. Organize, store and manage operational best practices documentation for security solutions in hybrid (on-prem and multi-cloud) environments. Partner with project sponsors, delivery teams, and stakeholders to deliver quality solutions on time and within budget by coordinating activities across systems, departments, and teams. Create and maintain detailed project schedules, change control processes, and documentation. Identify and raise security risks and present implementable solutions to drive campaigns to resolution. Manage vendor activities and coordinate with Sourcing to develop statements of work and procure services. Qualifications
Understanding of vulnerability management and offensive security tooling and practices, including vulnerability scanning, penetration testing, red/purple teaming, risk assessment, prioritization, and remediation. Familiarity with CVEs, CWEs, CVSS, and OWASP projects (Web Top Ten, API Top Ten, Mobile Top Ten, and OWASP AI). Knowledge of data query languages such as SQL and GraphQL. Experience delivering engineering solutions in a dynamic service provider environment. Strong project management knowledge and a track record of managing large/complex cross-functional initiatives. Working knowledge of security services and their impact on production systems (runtime protection, detectors, vulnerability/app scanning, etc.). Experience in multi-cloud environments (AWS, Azure, and/or Google Cloud). Effective communication and influence with senior and junior stakeholders. Detail- and deadline-oriented with strong organizational and analytical skills. Excellent verbal and written communication skills; ability to document findings and proposals clearly. Self-motivated, able to work independently while coordinating with cross-divisional teams; strong leadership qualities and the ability to influence without direct management authority. Ability to excel in a fast-paced environment and familiarity with industry-standard security control frameworks and compliance standards (NIST, PCI, SOX, NYDFS). Preferred Qualifications
Hybrid cloud environment knowledge including containers, VMs, CI/CD pipelines, and Infrastructure as Code (IaC). Experience defining KPIs/SLAs for multi-million-dollar businesses and reporting to senior leadership. Experience
10+ years in an engineering-focused role, preferably in tech. 4+ years of experience with AWS, GCP, Azure, or other cloud providers. 4+ years in a senior role influencing company direction. Experience aligning engineering efforts with third-party attestation requirements (e.g., PCI, SOX). Education
Bachelor’s degree in Computer Science, Cyber Security, or equivalent education/experience. Third-party certifications in security or engineering technologies. Notes
The GEICO Pledge highlights Great Company, Great Culture, Great Rewards and Great Careers. GEICO is an equal opportunity employer. We provide accommodations for qualified individuals with disabilities to enable equal employment opportunities.
#J-18808-Ljbffr