GEICO
Overview
Senior Manager of Offensive Security at GEICO leads a skilled team in penetration testing and advanced attack simulations to shape our security posture. This role collaborates with senior leadership to influence risk decisions, ensure regulatory readiness, and drive improvements in cyber resilience through automation and innovative approaches. Base pay range: $150,000.00/yr - $300,000.00/yr. GEICO provides a broad benefits program and offers the GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers. GEICO will consider sponsoring a new qualified applicant for employment authorization for this position. "This range is provided by GEICO. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more." Responsibilities
Lead, mentor, and grow a high-performing offensive security team focused on penetration testing, simulated real-world cyber-attacks (red teaming), and collaboration with defensive security teams (purple teaming). Conduct tactical security penetration test assessments of company applications (web, mobile, APIs) against OWASP Top 10 threats; partner with the Application Security team to provide feedback and increase automated capabilities. Design and execute advanced threat‑emulation scenarios, including physical, social, and digital attack vectors. Establish a business-outcome-oriented penetration testing roadmap; lead scoping and execution of program improvements and regularly report status to leadership. Ensure penetration testing activities meet security and business objectives by establishing metrics and KPIs and delivering results on time. Oversee communication and automated reporting/tracking of findings; follow up with remediation teams, escalate to senior leadership as needed to deliver timely results. Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops. Ensure operations align with industry regulations and standards such as NIST, PCI DSS, and NYDFS. Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies. Represent Offensive Security in senior leadership and audit discussions as a subject-matter expert. Manage the 3rd party penetration testing program by identifying vendors, overseeing testing activities, and developing statements of work with Sourcing. Required Qualifications
Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit) and custom scripts (e.g., Python, Shell). Advanced understanding of OWASP, MITRE ATT&CK, SDLC, threat modeling, red/purple teaming, and attack path development. Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit. Relevant professional security certifications. Experience building and guiding high-performing offensive security teams, leveraging automation and best practices (scoping, ROE, deconfliction). Proven track record delivering business outcomes while meeting regulatory and compliance obligations. Ability to hire talent with the right mix of offensive security skills and align them to evolving business priorities. Preferred Qualifications
OSCP, OSCE, CRTO, CISSP or relevant Red Team/offensive security certifications; GIAC Penetration Testing or Red Team certifications (GCTI, GPEN, GXPN) are a plus. Broad knowledge of security across operating systems, networking, firewalls, databases, forensics, scripting, and programming. Advanced knowledge of Linux/Mac/Windows, AWS/Azure cloud environments, and cloud-native resources (containers, Kubernetes, microservices, serverless). Experience with reverse engineering mobile applications, including those with anti-emulator and obfuscation protections. Required Experience
10+ years building, leading, and managing security or software engineering teams. 8+ years leading offensive security teams (penetration testing, red team, purple team). 5+ years hands-on experience performing penetration testing, red teaming, and purple teaming. 4+ years of experience with Azure, AWS, GCP or other cloud providers. Senior-level ability to influence company direction on security. Experience applying security controls to meet third-party attestation requirements (PCI, NYDFS, SOX, etc.). Education
Bachelor’s degree in Cybersecurity, Computer Science, or a related field. Salary and Benefits
Annual Salary: $150,000.00 - $300,000.00 Comprehensive Total Rewards program including personalized coverage, 401K with 6% match, and tuition assistance. Flexible work options, including GEICO Flex program for up to four weeks remote work per year. Equal Employment Opportunity
GEICO is an equal opportunity employer. We hire and promote individuals based on qualifications. GEICO reasonably accommodates qualified individuals with disabilities and maintains a workplace free from discrimination and harassment in compliance with applicable law. Location and Job Posting Details
Seattle, WA / Bellevue, WA area; this posting may include multiple roles and locations. Referrals are encouraged and can increase interview chances.
#J-18808-Ljbffr
Senior Manager of Offensive Security at GEICO leads a skilled team in penetration testing and advanced attack simulations to shape our security posture. This role collaborates with senior leadership to influence risk decisions, ensure regulatory readiness, and drive improvements in cyber resilience through automation and innovative approaches. Base pay range: $150,000.00/yr - $300,000.00/yr. GEICO provides a broad benefits program and offers the GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers. GEICO will consider sponsoring a new qualified applicant for employment authorization for this position. "This range is provided by GEICO. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more." Responsibilities
Lead, mentor, and grow a high-performing offensive security team focused on penetration testing, simulated real-world cyber-attacks (red teaming), and collaboration with defensive security teams (purple teaming). Conduct tactical security penetration test assessments of company applications (web, mobile, APIs) against OWASP Top 10 threats; partner with the Application Security team to provide feedback and increase automated capabilities. Design and execute advanced threat‑emulation scenarios, including physical, social, and digital attack vectors. Establish a business-outcome-oriented penetration testing roadmap; lead scoping and execution of program improvements and regularly report status to leadership. Ensure penetration testing activities meet security and business objectives by establishing metrics and KPIs and delivering results on time. Oversee communication and automated reporting/tracking of findings; follow up with remediation teams, escalate to senior leadership as needed to deliver timely results. Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops. Ensure operations align with industry regulations and standards such as NIST, PCI DSS, and NYDFS. Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies. Represent Offensive Security in senior leadership and audit discussions as a subject-matter expert. Manage the 3rd party penetration testing program by identifying vendors, overseeing testing activities, and developing statements of work with Sourcing. Required Qualifications
Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit) and custom scripts (e.g., Python, Shell). Advanced understanding of OWASP, MITRE ATT&CK, SDLC, threat modeling, red/purple teaming, and attack path development. Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit. Relevant professional security certifications. Experience building and guiding high-performing offensive security teams, leveraging automation and best practices (scoping, ROE, deconfliction). Proven track record delivering business outcomes while meeting regulatory and compliance obligations. Ability to hire talent with the right mix of offensive security skills and align them to evolving business priorities. Preferred Qualifications
OSCP, OSCE, CRTO, CISSP or relevant Red Team/offensive security certifications; GIAC Penetration Testing or Red Team certifications (GCTI, GPEN, GXPN) are a plus. Broad knowledge of security across operating systems, networking, firewalls, databases, forensics, scripting, and programming. Advanced knowledge of Linux/Mac/Windows, AWS/Azure cloud environments, and cloud-native resources (containers, Kubernetes, microservices, serverless). Experience with reverse engineering mobile applications, including those with anti-emulator and obfuscation protections. Required Experience
10+ years building, leading, and managing security or software engineering teams. 8+ years leading offensive security teams (penetration testing, red team, purple team). 5+ years hands-on experience performing penetration testing, red teaming, and purple teaming. 4+ years of experience with Azure, AWS, GCP or other cloud providers. Senior-level ability to influence company direction on security. Experience applying security controls to meet third-party attestation requirements (PCI, NYDFS, SOX, etc.). Education
Bachelor’s degree in Cybersecurity, Computer Science, or a related field. Salary and Benefits
Annual Salary: $150,000.00 - $300,000.00 Comprehensive Total Rewards program including personalized coverage, 401K with 6% match, and tuition assistance. Flexible work options, including GEICO Flex program for up to four weeks remote work per year. Equal Employment Opportunity
GEICO is an equal opportunity employer. We hire and promote individuals based on qualifications. GEICO reasonably accommodates qualified individuals with disabilities and maintains a workplace free from discrimination and harassment in compliance with applicable law. Location and Job Posting Details
Seattle, WA / Bellevue, WA area; this posting may include multiple roles and locations. Referrals are encouraged and can increase interview chances.
#J-18808-Ljbffr