Staff Offensive Security Engineer (HYBRID) jobs in United States
cer-icon
Apply on Employer Site
company-logo

GEICO · 1 day ago

Staff Offensive Security Engineer (HYBRID)

positionChevy Chase, MD
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
money$115K/yr - $230K/yr
date8+ years exp

GEICO is a leading insurance company that values innovation and customer service. They are seeking a Staff Offensive Security Engineer to lead penetration testing initiatives, collaborate with teams on cybersecurity strategies, and enhance the organization's security posture against cyber threats.

Auto InsuranceFinancial ServicesGovernmentInsuranceInternetMobile
check
H1B Sponsorednote

Responsibilities

Lead highly effective large-scale penetration testing initiatives
Participate in simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming)
Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities
Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes
Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors
Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops
Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS
Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies

Qualification

Penetration TestingRed TeamingPurple TeamingVulnerability DiscoveryOWASPMITRE ATT&CKCloud SecurityAutomationSecurity CertificationsCoachingCollaborationMentorship

Required

Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, PowerShell)
Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development
Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit
Relevant professional security certifications (e.g. from GIAC or others)
Proven experience in achieving results efficiently through automation and establishing best practices
Proven track record to deliver business outcomes for meeting regulatory and compliance obligations
Ability to force multiply through coaching and mentorship to offensive security engineers across all functions (penetration testing, red teaming, purple teaming)
8+ years in engineering focused role, preferably in the tech industry
5+ years of experience in offensive security (penetrating testing, red team, and purple team)
5+ years of hands-on experience performing penetration-testing, red teaming, and purple teaming activities
4+ years of experience with Azure, AWS, GCP or other cloud providers
Senior role influencing team's direction on security
Experience applying security controls to exceed third party attestation requirements (PCI, NYDFS, SOX …)
Bachelor's degree in Cybersecurity, Computer Science or a related field

Preferred

OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certs
GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus
Breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programing
Advanced level knowledge of Linux/Mac/Windows operating systems, AWS/Azure cloud environments and cloud-native resources (ex. Containers, Kubernetes, microservices, serverless functions)
Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections

Benefits

Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being.
Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance.
Access to additional benefits like mental healthcare as well as fertility and adoption assistance.
Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year.

Company

GEICO

twittertwittertwitter
Glassdoor2.7
company-logo
GEICO, Government Employees Insurance Company, has been providing affordable auto insurance since 1936. It is a sub-organization of Berkshire Hathaway.
dateFounded in 1936
location
Chase, Maryland, USA
people-size10001+ employees
web-link
http://www.geico.com

H1B Sponsorship

GEICO has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (128)
2024 (277)
2023 (338)
2022 (212)
2021 (148)
2020 (205)

Funding

Current Stage
Late Stage
Total Funding
unknown
1996-01-01Acquired

Leadership Team

leader-logo
Todd Combs
Chairman, President, and Chief Executive Officer
leader-logo
Clayton Johnson
Sr. Director of Product Management
linkedin

Recent News

Business Wire
NerdWallet Announces its 2026 Best-Of Awards Winners
2026-01-07
Investing.com
Warren Buffett’s successor Greg Abel had steady rise at Berkshire
2025-12-15
The Motley Fool
Todd Combs, Key Investment Manager, Just Left Berkshire Hathaway for JPMorgan Chase. Does the Shakeup Bode Well For the Stock?
2025-12-15
Company data provided by crunchbase