GEICO is seeking an experienced Staff Engineer to provide enterprise support for product security in their hybrid, multi-cloud environments. The role aims to proactively and holistically lead and support Product Security activities that guide the design, development, security of code, and code repositories for cloud, hybrid, and open-source applications.
Requirements
- Hands-on product development experience, with strict SLA and SLR, using a mature S-SDLC.
- Direct experience working with development teams to define, develop and document secure solutions
- Experience breaking down complex systems and applications to find flaws with analysis and threat modeling
- Strong familiarity with common vulnerabilities and attack vectors
- Knowledge of web service technologies, load balancer services (i.e., Nginx, Cloudflare, F5, etc.) and RESTful APIs
- Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)
- Solid understanding of secure network, system, and service design in cloud (Azure, AWS etc.) and conventional environments
Responsibilities
- Work independently with developers, system/network engineers, product owners, and other engineers to ensure secure design, development, and implementation of cloud-based applications
- Define and document secure architecture patterns and anti-patterns
- Perform security architecture design reviews of our products including web applications, services, and mobile applications.
- Define security best practices and standards and partner with Product Development teams to implement them.
- Provide remediation guidance and recommendations to developers and engineers.
- Serve as a technical advisor and consultant to colleagues and/or GEICO leadership on the implementation of the Cybersecurity application security policy and standards.
- Provide technical thought leadership for integration decisions, analyzing design constraints and trade-offs in system and security design, and ensuring integrity of GEICO mission objectives, while protecting GEICO assets from cyber threats and vulnerabilities.
Other
- The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers.
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or equivalent education or work experience
- Experience collaborating closely with senior executives on strategic initiatives
- Ability to find security defects within programming languages such as Go, Rust, Java, Python, Object C, and mobile device languages
- One or more of the following Cybersecurity certifications are highly desired: Security+, Certified Information System Security Professional (CISSP) or Certified Information Security Manager (CISM)
