Staff Cyber Security Engineer - GRC Automation

At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities.

Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers’ expectations while making a real impact for our company through our shared purpose.

When you join our company, we want you to feel valued, supported and proud to work here. That’s why we offer The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers.

Staff Security Engineer (Cyber Governance Engineering)

A Staff Security Engineer works with GEICO engineering teams to innovate and build new processes, systems, improve and enhance existing systems and identify new opportunities to apply your knowledge to solve critical problems. You will lead the development of an Automated Continuous compliance platform for GEICO Cybersecurity Governance team, which enables real time evidence collection, identifying non-compliance with policies early and provides the team with remediation guidelines in an automated scalable way to reduce the audit fatigue and improve the developer experience. You will collaborate with developers, engineers, and compliance & security teams across GEICO to institute the programmatic controls vital for the program. You will partner with application security, platform security, SRE, central security and compliance groups at GEICO to craft and roll out controls, processes, automate collection of evidence and create dashboard on the security posture of GEICO.

• Lead the Cyber Governance automation for automated evidence collection and reporting on automated adherence to information security policies
• Design the Automated Governance Solution including creating requirements and partner with key stakeholders to implement the solution
• Maintain, mature and enhance the Automated Governance Solution to attain a high NPS scores.
• Provide technical leadership for Cyber Governance program strategy, automation, integration with Cyber and IT technologies/Services.
• Execute on the Automated Governance Platform with understanding of the information security policies, security standards, security technologies, GEICOs environment (multi-cloud, on-prem) structure and compliance obligations.
• Collaborate with engineering teams to define the overall system architecture, ensuring scalability and performance optimization.
• Collaborate across teams and across the organization to solve our toughest problems
• Solve audit fatigue and improve operational rigor
• Ensure we meet regulatory compliance with evidence in a scalable manner
• Determine complimentary products and solutions to scale and expedite overall automation goals
• Partner with cloud technical teams (Azure, GCP, AWS, etc.) to deliver a successful outcome
• Influence and educate partner teams to bring an engineering first approach to develop sustainable processes to adhere to policies
• Comfortable rolling up your sleeves to design and code for automated, continuous compliance
• Solve specific security and business problems through automation, utilizing code, and integrating cloud-native and tools via API.
• Work closely with various teams to drive feature innovation based upon customer needs.
• Utilize programming languages like Python, C# or other object-oriented languages, SQL, and NoSQL databases, Container Orchestration services including Docker and Kubernetes, and a variety of Azure tools and services
• Follow GEICOs developer standards and guidelines
• Triage product or system issues and debug/track/resolve by analyzing the sources of issues and the impact dependent systems
• Be a role model and mentor, helping to coach and strengthen the technical expertise and know-how of our engineering and product community
• Influence and educate executives
• Consistently share best practices and improve processes within and across teams
• Determine and support resource requirements, evaluate operational processes, measure outcomes to ensure desired results, demonstrate adaptability and sponsor continuous learning

Qualifications

• Programming experience with at least one modern language such as Java, C++, or C# including object-oriented design
• Experience contributing to the architecture and design (architecture, design patterns, reliability, and scaling) of new and current systems
• Understanding of existing Operational Portals such as Azure Portal
• Understanding of HTML-5, JavaScript/TypeScript, XML, and JSON
• Understanding of Azure Network such as security zones, VNETs, and Public Peered Services
• Understanding of Azure PaaS and IaaS services
• Understanding of AWS cloud environment
• Understanding of security protocols and products such as of Active Directory, Windows Authentication, SAML, OAuth

• 5+ years of security compliance framework experience
• Expertise with security standards such as SOX, PCI-DSS, ISO27K, SOC or NIST (some combination of these is ideal)
• Technical acumen required. Understanding of cloud, open-sourced distributed systems are ideal
• Great at both collaboration and independent problem solving
• Superb written communication and technical research skills
• Ability to develop relationships and work effectively with different teams at all levels and across functions relative to technical, policy, and business concerns
• Ability to resolve conflicts and drive issues to resolution
• Work independently with little or no supervision while maintaining a high level of efficiency

Education

• Bachelor's Degree or equivalent experience preferred.

Experience & Security Certifications

• 6+ years of professional software engineering experience
• 3+ years of experience with architecture and design
• 2+ years of experience with AWS, GCP, Azure, or another cloud service
• 2+ years of experience in open-source frameworks
• Professional security certifications (e.g., CISSP, CCSP, CSSLP) is a plus

Annual Salary

$110,000.00 - $230,000.00

The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.

At this time, GEICO will not sponsor a new applicant for employment authorization for this position.

The GEICO Pledge:

Great Company: At GEICO, we help our customers through life’s twists and turns. Our mission is to protect people when they need it most and we’re constantly evolving to stay ahead of their needs.

We’re an iconic brand that thrives on innovation, exceeding our customers’ expectations and enabling our collective success. From day one, you’ll take on exciting challenges that help you grow and collaborate with dynamic teams who want to make a positive impact on people’s lives.

Great Careers: We offer a career where you can learn, grow, and thrive through personalized development programs, created with your career – and your potential – in mind. You’ll have access to industry leading training, certification assistance, career mentorship and coaching with supportive leaders at all levels.

Great Culture: We foster an inclusive culture of shared success, rooted in integrity, a bias for action and a winning mindset. Grounded by our core values, we have an an established culture of caring, inclusion, and belonging, that values different perspectives. Our teams are led by dynamic, multi-faceted teams led by supportive leaders, driven by performance excellence and unified under a shared purpose.

As part of our culture, we also offer employee engagement and recognition programs that reward the positive impact our work makes on the lives of our customers.

Great Rewards: We offer compensation and benefits built to enhance your physical well-being, mental and emotional health and financial future.

• Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being.
• Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance.
• Access to additional benefits like mental healthcare as well as fertility and adoption assistance.
• Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year.

The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.

GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.