Sr Staff Security Operations Engineer (REMOTE)

GEICO is seeking an experienced Senior Staff Engineer, Operations Engineer with a passion for managing complex programs across multiple departments and teams to build Product Security operational excellence from the ground up. You will help drive our business transformation as we transition from a traditional IT model to a tech organization with engineering excellence as its mission.

The Senior Staff Engineer, Operations is a key member of the Product Security leadership team, working across the organization to ensure the successful delivery of effective security controls and the prioritization of initiatives and issue management. In this role, you will own a portfolio of initiatives such as compliance, engineering, operational excellence, and vendor engagement. This position requires more than technical project management; it demands a background in building teams, delivering solutions, and demonstrating success with KPIs and visible metrics. The ideal candidate will have excellent communication skills and real-world experience engaging the right technical partners and leadership to drive solutions and foster collaboration.

As a Senior Staff Engineer, you will lead efforts to identify, plan, and deliver program security outcomes by independently engaging a broad set of internal and external stakeholders. This also includes the following responsibilities:

• Monitor and track signals of security gaps, initiative delays, compliance risks due to system issues, and drive resolution.

• Create visuals on current performance and risk indicators related to product security initiatives and operations.

• Develop standards for reporting on product security tool effectiveness, maturity, resilience, and other risk factors.

• Drive automation of routine tasks to enhance security protection and detection technologies.

• Provide expert guidance, demonstrations, and lead discussions on security best practices with stakeholders and leadership.

• Collaborate closely with CSIRT, GRC, Platform Security, Development/Product teams, and Technology partners to ensure protection coverage, detection event notifications, documentation, and standards.

• Organize and manage operational best practices documentation for security solutions protecting our business products, including applications, services, code repositories, infrastructure as code (IaC), and deployment pipelines.

• Partner with project sponsors, delivery teams, and stakeholders to deliver quality solutions on time and within budget by coordinating activities across multiple systems, departments, and teams.

• Create and maintain detailed project schedules, change control processes, and documentation.

• Identify and escalate security risks, presenting detailed, actionable solutions and driving campaigns to resolution.

Qualifications:

• Understanding of application security tooling and testing such as SAST, DAST, SCA, etc., along with cross-functional awareness of security operations including SOC, Incident Response, Privacy, Legal, Vulnerability Management, and Data Protection.

• Familiarity with OWASP projects and their implementation within the product security organization, such as Web Top Ten, API Top Ten, Mobile Top Ten, and ASVS.

• Knowledge of data access languages like SQL and GraphQL, with the ability to construct queries against data sources.

• Extensive experience in engineering and solution delivery in dynamic service provider environments.

• Strong project management skills and experience managing large, complex projects across cross-functional teams.

• Working knowledge of security services impacting production systems, including runtime protection, detection and protective agents, vulnerability scanning, etc.

• Experience working in multi-cloud environments such as AWS, Azure, and Google Cloud.

• Excellent communication skills, capable of influencing development partners and stakeholders at all levels.

• Detail-oriented with strong organizational and analytical skills.

• Critical thinking, problem-solving, decision-making, and analytical skills.

• Effective time management and attention to detail.

• Experience with continuous delivery processes.

• Self-motivated, able to work independently and coordinate activities across teams.

• Leadership qualities with the ability to influence without direct authority.

• Ability to thrive in a fast-paced, startup-like environment.

• Knowledge of security control frameworks such as NIST, PCI, SOX, NYDFS.

Preferred Qualifications:

• Experience in hybrid cloud environments, including Containerization, VMs, CI/CD pipelines, IaC.

• Experience defining KPIs/SLA’s for driving multi-million-dollar businesses and reporting to senior leadership.

Experience:

• 8+ years in an engineering-focused role, preferably in the tech industry.

• 4+ years experience with AWS, GCP, Azure, or other cloud providers.

• 4+ years in a senior role influencing company direction.

• Experience applying engineering to meet or exceed third-party attestation requirements (PCI, SOX, etc.).

Education:

• Bachelor’s degree in Computer Science, Cyber Security, or equivalent education with relevant work experience.

• Third-party certifications in engineering-related technologies.

Annual Salary: $130,000 - $260,000

The above salary range is a general guideline. Final offers depend on various factors including experience, education, location, and market considerations.

At this time, GEICO will not sponsor employment authorization for this position.