Staff Engineer - Product Security

At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities. 

Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers’ expectations while making a real impact for our company through our shared purpose. 

When you join our company, we want you to feel valued, supported and proud to work here. That’s why we offer The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers.

GEICO is seeking an experienced Staff Engineer to provide enterprise support for product security in our hybrid, multi-cloud environments. You will proactively and holistically lead and support Product Security activities that guide the design, development, security of code, and code repositories for cloud, hybrid, and open-source applications.

Position Description:

Our Product Security Staff Engineer is a senior level position that reports to the Manager of Secure Product Design and works closely with development teams, product teams, and others across the organization to integrate security into the product lifecycle. The Product Security Staff Engineer is a subject matter expert in defining security requirements, defining secure application design, performing application security assessments, threat modeling, and providing developers with remediation guidance and solutions. On any given day, the Product Security Staff Engineer can be pulled in to evaluate a new system, review a proposed application design, or provide solutions for application security/coding best practices.

Position Responsibilities

As a Staff Engineer, you will:

• Work independently with developers, system/network engineers, product owners, and other engineers to ensure secure design, development, and implementation of cloud-based applications

• Define and document secure architecture patterns and anti-patterns

• Perform security architecture design reviews of our products including web applications, services, and mobile applications.

• Define security best practices and standards and partner with Product Development teams to implement them.

• Provide remediation guidance and recommendations to developers and engineers.

• Serve as a technical advisor and consultant to colleagues and/or GEICO leadership on the implementation of the Cybersecurity application security policy and standards.

• Provide technical thought leadership for integration decisions, analyzing design constraints and trade-offs in system and security design, and ensuring integrity of GEICO mission objectives, while protecting GEICO assets from cyber threats and vulnerabilities.

• Work with Product Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests

• Interface with the Product and Cyber Security teams to track security feature enhancement requests

• Help develop actionable insights, prioritizing the work, based on risk, and impact, and allocate resources effectively, using Geico specific large data sets.

Qualifications: 

• Hands-on product development experience, with strict SLA and SLR, using a mature S-SDLC.

• Direct experience working with development teams to define, develop and document secure solutions

• Experience breaking down complex systems and applications to find flaws with analysis and threat modeling

• Strong familiarity with common vulnerabilities and attack vectors

• Knowledge of web service technologies, load balancer services (i.e., Nginx, Cloudflare, F5, etc.) and RESTful APIs

• Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)

• Solid understanding of secure network, system, and service design in cloud (Azure, AWS etc.) and conventional environments

• Understanding and applied use of OWASP Top 10, NIST SP800 Series, NIST CSF, FIPS 140-2, ISO 27001, PCI-DSS, etc.

• Knowledge of various aspects of a technology architecture like integration, network, and security

• Advanced understanding and knowledge of application development life cycle methodologies (such as waterfall, spiral, agile software development, rapid prototyping, incremental, synchronize and stabilize, and DevOps/ SecDevOps)

• Exposure to multiple, diverse security technologies, platforms, and processing environments

• Strong command of strategic and emerging security/ cloud technology trends, and the practical application of existing and emerging technologies to new and evolving business and operating models.

• Good understanding of product management, agile principles and development methodologies and capability of supporting agile teams by providing advice and guidance on opportunities, impact, and risks, taking account of technical and architectural debt

• Experience collaborating closely with senior executives on strategic initiatives

• A background integrating security testing into the SDLC

• Experience providing security training to developers

• Ability to find security defects within programming languages such as Go, Rust, Java, Python, Object C, and mobile device languages

• Demonstrated experience using DAST and SAST tools and services

• One or more of the following Cybersecurity certifications are highly desired: Security+, Certified Information System Security Professional (CISSP) or Certified Information Security Manager (CISM)

Experience:

• 6+ years planning and designing application security, cloud security, systems security, or platform security

• 5+ of experience in at least two security solution design and development disciplines, including technical or security infrastructure architecture, cloud security, network security management, secure application development or secure cloud development.

• 4+ years of experience in application and open-source security 

• 3+ years of experience with AWS, GCP, Azure, or another cloud service 

• 2+ years of experience in open-source frameworks

Education

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or equivalent education or work experience

Annual Salary

The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.

The GEICO Pledge:

Great Company: At GEICO, we help our customers through life’s twists and turns. Our mission is to protect people when they need it most and we’re constantly evolving to stay ahead of their needs.

We’re an iconic brand that thrives on innovation, exceeding our customers’ expectations and enabling our collective success. From day one, you’ll take on exciting challenges that help you grow and collaborate with dynamic teams who want to make a positive impact on people’s lives.

Great Careers: We offer a career where you can learn, grow, and thrive through personalized development programs, created with your career – and your potential – in mind.  You’ll have access to industry leading training, certification assistance, career mentorship and coaching with supportive leaders at all levels.

Great Culture: We foster an inclusive culture of shared success, rooted in integrity, a bias for action and a winning mindset. Grounded by our core values, we have an an established culture of caring, inclusion, and belonging, that values different perspectives. Our teams are led by dynamic, multi-faceted teams led by supportive leaders, driven by performance excellence and unified under a shared purpose.

As part of our culture, we also offer employee engagement and recognition programs that reward the positive impact our work makes on the lives of our customers.

Great Rewards: We offer compensation and benefits built to enhance your physical well-being, mental and emotional health and financial future.

• Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being.
• Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance.
• Access to additional benefits like mental healthcare as well as fertility and adoption assistance.
• Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year.

The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.

GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.