Cyber GRC Automation Security Engineer (REMOTE)

GEICO is seeking a Security Engineer to optimize our organization's cybersecurity governance program. You will lead building automation in cyber governance by designing and implementing continuous monitoring and reporting of information security controls across the enterprise for all GEICO applications and services.

You will collaborate with developers, engineers, and compliance & security teams across GEICO to establish vital controls for the program. You will partner with application security, platform security, SRE, central security, and compliance groups to craft and implement controls, conduct gap assessments, automate evidence collection, and flag policy non-compliance in real time.

As a Security Engineer, you will:

1. Lead automation efforts by understanding security policies, standards, technologies, and GEICO's multi-cloud and on-premise environment.
2. Create a roadmap and plan for automating security controls for continuous monitoring.
3. Define control language, evidence requirements, frequency, and asset types for automation.
4. Develop a unified security controls framework aligned with standards like NIST CSF 2.0, PCI, NY DFS, SOX, etc., to streamline evidence collection.
5. Partner with control owners, governance, and compliance teams on automation initiatives.
6. Identify products and solutions to scale automation efforts.
7. Collaborate with cloud teams (Azure, GCP, AWS) for successful implementation.
8. Design and code modules for infrastructure, applications, and processes.
9. Address security and business problems through automation, coding, and API integration.
10. Communicate requirements, results, and recommendations effectively.
11. Educate stakeholders on solutions and opportunities.
12. Drive feature innovation based on customer needs.
13. Utilize programming languages like Python, C#, SQL, NoSQL, and cloud tools/services.
14. Share best practices and improve processes within teams.
15. Adhere to GEICO's developer standards and guidelines.

Qualifications:

• Experience with programming in modern languages such as Java, C++, or C# with object-oriented design.
• Contributed to system architecture, design, reliability, and scalability.
• Strong knowledge of CS data structures and algorithms.
• Understanding of operational portals like Azure Portal.
• Familiarity with HTML5, JavaScript/TypeScript, XML, JSON.
• Knowledge of microservices architecture and REST APIs.
• Understanding of Azure networking (security zones, VNETs, Peered Services).
• Experience with Azure PaaS and IaaS services.
• Knowledge of security protocols/products like Active Directory, SAML, OAuth.
• Experience with data center structures and Azure native services.
• Familiarity with developer tooling across the software development lifecycle.
• 5+ years in security compliance frameworks.
• Expertise with standards such as SOX, PCI-DSS, ISO27K, SOC, NIST.
• Strong technical acumen, understanding cloud and distributed systems.
• Excellent collaboration, problem-solving, and communication skills.
• Ability to work independently and build relationships across teams.
• Bachelor's Degree or equivalent experience preferred.

Annual Salary: $75,000 - $185,000

This range is a guideline; final compensation depends on various factors including experience, education, location, and market considerations. GEICO considers sponsoring employment authorization for qualified applicants.

The GEICO Pledge:

Great Company: We help customers through life’s twists and turns, constantly evolving to meet their needs.

Great Careers: We offer growth, development, and mentorship opportunities.

Great Culture: An inclusive environment rooted in integrity, action, and shared success.

Great Rewards: Competitive compensation, benefits, and work flexibility options.

We are committed to equal employment opportunity and creating a discrimination-free workplace, providing accommodations for individuals with disabilities.