Geico
Staff Engineer - Application Security
Geico, Chevy Chase, Maryland, United States, 20815
Staff Engineer - Application SecurityGEICO
is seeking an experienced Staff Engineer to provide enterprise support for application security in our hybrid, multi-cloud environments. You will proactively and holistically lead and support Application Security activities that guide the design, development, security of code, and code repositories for cloud-hosted and open-source applications. Solutions include CICD integrations, SAST, DAST, IAC, SCA, secure cloud platform engineering, automated threat modeling.
Position Description:
Our
Application Security Staff Engineer
is a senior level position that reports to the Sr Manager of Application Security and works closely with development teams, product teams, and other teams across the organization to integrate security into the product lifecycle. The Application Security Staff Engineer is a subject matter expert in defining security requirements, defining secure application design, performing application security assessments, threat modeling, and providing developers with remediation guidance and solutions.
Position Responsibilities:
Work independently with developers, system/network engineers, product owners, and other engineers to ensure secure design, development, and implementation of cloud-based applications.
Define and document secure architecture patterns and anti-patterns.
Perform security architecture design reviews of our products including web applications, services, and mobile applications.
Define security best practices and standards and partner with Product Development teams to implement them.
Provide remediation guidance and recommendations to developers and engineers.
Serve as a technical advisor and consultant to colleagues and/or GEICO leadership on the implementation of the Cybersecurity application security policy and standards.
Provide technical thought leadership for integration decisions, analyzing design constraints and trade-offs in system and security design.
Work with Product Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
Interface with the Product and Vulnerability Management teams to track security feature enhancement requests.
Qualifications:
Direct experience working with development teams to define, develop and document secure solutions.
Experience breaking down complex systems and applications to find flaws with analysis and threat modeling.
Strong familiarity with common vulnerabilities and attack vectors.
Knowledge of web service technologies, load balancer services (i.e., Nginx, Cloudflare, F5, etc.) and RESTful APIs.
Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.).
Solid understanding of secure network, system, and service design in cloud (Azure, AWS etc.) and conventional environments.
Understanding and applied use of OWASP Top 10, NIST SP800 Series, NIST CSF, FIPS 140-2, ISO 27001, PCI-DSS, etc.
Knowledge of various aspects of a technology architecture like integration, network, and security.
Advanced understanding and knowledge of application development life cycle methodologies (such as waterfall, spiral, agile software development, rapid prototyping, incremental, synchronize and stabilize, and DevOps/ SecDevOps).
Exposure to multiple, diverse security technologies, platforms, and processing environments.
Strong command of strategic and emerging security/ cloud technology trends.
Good understanding of product management, agile principles and development methodologies.
Experience collaborating closely with senior executives on strategic initiatives.
A background integrating security testing into the SDLC.
Experience providing security training to developers.
Ability to find security defects within programming languages such as Java, Python, Object C.
Demonstrated experience using DAST and SAST tools and services.
One or more of the following Cybersecurity certifications are highly desired:
Security+
Certified Information System Security Professional (CISSP)
Certified Information Security Manager (CISM)
Experience:
6+ years planning and designing application security, cloud security, systems security, or platform security.
5+ years of experience in at least two security solution design and development disciplines.
4+ years of experience in application and open-source security.
3+ years of experience with AWS, GCP, Azure, or another cloud service.
2+ years of experience in open-source frameworks.
Education:
Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or equivalent education or work experience.
Annual Salary
$90,000.00 - $230,000.00
The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate.
Benefits:
As an Associate, you’ll enjoy our Total Rewards Program to help secure your financial future and preserve your health and well-being, including:
Premier Medical, Dental and Vision Insurance with no waiting period.
Paid Vacation, Sick and Parental Leave.
401(k) Plan.
Tuition Reimbursement.
Paid Training and Licensures.
*Benefits may be different by location. Benefit eligibility requirements vary and may include length of service.
The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants.
About UsFor more than 75 years, GEICO has stood out from the rest of the insurance industry! We are one of the nation's largest and fastest-growing auto insurers thanks to our low rates, outstanding service and clever marketing.
#J-18808-Ljbffr
is seeking an experienced Staff Engineer to provide enterprise support for application security in our hybrid, multi-cloud environments. You will proactively and holistically lead and support Application Security activities that guide the design, development, security of code, and code repositories for cloud-hosted and open-source applications. Solutions include CICD integrations, SAST, DAST, IAC, SCA, secure cloud platform engineering, automated threat modeling.
Position Description:
Our
Application Security Staff Engineer
is a senior level position that reports to the Sr Manager of Application Security and works closely with development teams, product teams, and other teams across the organization to integrate security into the product lifecycle. The Application Security Staff Engineer is a subject matter expert in defining security requirements, defining secure application design, performing application security assessments, threat modeling, and providing developers with remediation guidance and solutions.
Position Responsibilities:
Work independently with developers, system/network engineers, product owners, and other engineers to ensure secure design, development, and implementation of cloud-based applications.
Define and document secure architecture patterns and anti-patterns.
Perform security architecture design reviews of our products including web applications, services, and mobile applications.
Define security best practices and standards and partner with Product Development teams to implement them.
Provide remediation guidance and recommendations to developers and engineers.
Serve as a technical advisor and consultant to colleagues and/or GEICO leadership on the implementation of the Cybersecurity application security policy and standards.
Provide technical thought leadership for integration decisions, analyzing design constraints and trade-offs in system and security design.
Work with Product Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
Interface with the Product and Vulnerability Management teams to track security feature enhancement requests.
Qualifications:
Direct experience working with development teams to define, develop and document secure solutions.
Experience breaking down complex systems and applications to find flaws with analysis and threat modeling.
Strong familiarity with common vulnerabilities and attack vectors.
Knowledge of web service technologies, load balancer services (i.e., Nginx, Cloudflare, F5, etc.) and RESTful APIs.
Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.).
Solid understanding of secure network, system, and service design in cloud (Azure, AWS etc.) and conventional environments.
Understanding and applied use of OWASP Top 10, NIST SP800 Series, NIST CSF, FIPS 140-2, ISO 27001, PCI-DSS, etc.
Knowledge of various aspects of a technology architecture like integration, network, and security.
Advanced understanding and knowledge of application development life cycle methodologies (such as waterfall, spiral, agile software development, rapid prototyping, incremental, synchronize and stabilize, and DevOps/ SecDevOps).
Exposure to multiple, diverse security technologies, platforms, and processing environments.
Strong command of strategic and emerging security/ cloud technology trends.
Good understanding of product management, agile principles and development methodologies.
Experience collaborating closely with senior executives on strategic initiatives.
A background integrating security testing into the SDLC.
Experience providing security training to developers.
Ability to find security defects within programming languages such as Java, Python, Object C.
Demonstrated experience using DAST and SAST tools and services.
One or more of the following Cybersecurity certifications are highly desired:
Security+
Certified Information System Security Professional (CISSP)
Certified Information Security Manager (CISM)
Experience:
6+ years planning and designing application security, cloud security, systems security, or platform security.
5+ years of experience in at least two security solution design and development disciplines.
4+ years of experience in application and open-source security.
3+ years of experience with AWS, GCP, Azure, or another cloud service.
2+ years of experience in open-source frameworks.
Education:
Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or equivalent education or work experience.
Annual Salary
$90,000.00 - $230,000.00
The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate.
Benefits:
As an Associate, you’ll enjoy our Total Rewards Program to help secure your financial future and preserve your health and well-being, including:
Premier Medical, Dental and Vision Insurance with no waiting period.
Paid Vacation, Sick and Parental Leave.
401(k) Plan.
Tuition Reimbursement.
Paid Training and Licensures.
*Benefits may be different by location. Benefit eligibility requirements vary and may include length of service.
The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants.
About UsFor more than 75 years, GEICO has stood out from the rest of the insurance industry! We are one of the nation's largest and fastest-growing auto insurers thanks to our low rates, outstanding service and clever marketing.
#J-18808-Ljbffr