Staff Engineer - Product Security (HYBRID) jobs in United States
cer-icon
Apply on Employer Site
company-logo

GEICO · 2 months ago

Staff Engineer - Product Security (HYBRID)

positionSeattle, WA
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
money$105K/yr - $230K/yr
date6+ years exp

GEICO is a leading insurance company that values innovation and quality service. They are seeking a Staff Engineer to support product security in hybrid, multi-cloud environments, focusing on integrating security into the product lifecycle and providing guidance on secure application design and development.

Auto InsuranceFinancial ServicesGovernmentInsuranceInternetMobile
check
H1B Sponsorednote

Responsibilities

Work independently with developers, system/network engineers, product owners, and other engineers to ensure secure design, development, and implementation of cloud-based applications
Define and document secure architecture patterns and anti-patterns
Perform security architecture design reviews of our products including web applications, services, and mobile applications
Define security best practices and standards and partner with Product Development teams to implement them
Provide remediation guidance and recommendations to developers and engineers
Serve as a technical advisor and consultant to colleagues and/or GEICO leadership on the implementation of the Cybersecurity application security policy and standards
Provide technical thought leadership for integration decisions, analyzing design constraints and trade-offs in system and security design, and ensuring integrity of GEICO mission objectives, while protecting GEICO assets from cyber threats and vulnerabilities
Work with Product Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests
Interface with the Product and Cyber Security teams to track security feature enhancement requests
Help develop actionable insights, prioritizing the work, based on risk, and impact, and allocate resources effectively, using Geico specific large data sets

Qualification

Product SecurityApplication Security AssessmentsThreat ModelingSecure Application DesignCloud SecurityCybersecurity CertificationsSecure SDLCVulnerability ManagementWeb Service TechnologiesAgile PrinciplesCollaboration SkillsCommunication SkillsProblem-Solving Skills

Required

Hands-on product development experience, with strict SLA and SLR, using a mature S-SDLC
Direct experience working with development teams to define, develop and document secure solutions
Experience breaking down complex systems and applications to find flaws with analysis and threat modeling
Strong familiarity with common vulnerabilities and attack vectors
Knowledge of web service technologies, load balancer services (i.e., Nginx, Cloudflare, F5, etc.) and RESTful APIs
Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)
Solid understanding of secure network, system, and service design in cloud (Azure, AWS etc.) and conventional environments
Understanding and applied use of OWASP Top 10, NIST SP800 Series, NIST CSF, FIPS 140-2, ISO 27001, PCI-DSS, etc
Knowledge of various aspects of a technology architecture like integration, network, and security
Advanced understanding and knowledge of application development life cycle methodologies (such as waterfall, spiral, agile software development, rapid prototyping, incremental, synchronize and stabilize, and DevOps/ SecDevOps)
Exposure to multiple, diverse security technologies, platforms, and processing environments
Strong command of strategic and emerging security/ cloud technology trends, and the practical application of existing and emerging technologies to new and evolving business and operating models
Good understanding of product management, agile principles and development methodologies and capability of supporting agile teams by providing advice and guidance on opportunities, impact, and risks, taking account of technical and architectural debt
Experience collaborating closely with senior executives on strategic initiatives
A background integrating security testing into the SDLC
Experience providing security training to developers
Ability to find security defects within programming languages such as Go, Rust, Java, Python, Object C, and mobile device languages
Demonstrated experience using DAST and SAST tools and services
6+ years planning and designing application security, cloud security, systems security, or platform security
5+ of experience in at least two security solution design and development disciplines, including technical or security infrastructure architecture, cloud security, network security management, secure application development or secure cloud development
4+ years of experience in application and open-source security
3+ years of experience with AWS, GCP, Azure, or another cloud service
2+ years of experience in open-source frameworks
Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or equivalent education or work experience

Preferred

One or more of the following Cybersecurity certifications are highly desired: Security+, Certified Information System Security Professional (CISSP) or Certified Information Security Manager (CISM)

Benefits

Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being.
Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance.
Access to additional benefits like mental healthcare as well as fertility and adoption assistance.
Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year.

Company

GEICO

twittertwittertwitter
Glassdoor2.7
company-logo
GEICO, Government Employees Insurance Company, has been providing affordable auto insurance since 1936. It is a sub-organization of Berkshire Hathaway.
dateFounded in 1936
location
Chase, Maryland, USA
people-size10001+ employees
web-link
http://www.geico.com

H1B Sponsorship

GEICO has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (128)
2024 (277)
2023 (338)
2022 (212)
2021 (148)
2020 (205)

Funding

Current Stage
Late Stage
Total Funding
unknown
1996-01-01Acquired

Leadership Team

leader-logo
Todd Combs
Chairman, President, and Chief Executive Officer
leader-logo
Clayton Johnson
Sr. Director of Product Management
linkedin

Recent News

Beinsure - Insurance, Reinsurance, InsurTech Insights
Geico names Nancy Pierce CEO as Todd Combs exits for JPMorgan
2026-01-14
Business Wire
NerdWallet Announces its 2026 Best-Of Awards Winners
2026-01-07
Investing.com
Warren Buffett’s successor Greg Abel had steady rise at Berkshire
2025-12-15
Company data provided by crunchbase