Apply on Employer Site

GEICO · 15 hours ago

Staff Engineer – Vulnerability Management Automation (Platform and Tools - VMs)

New York City, NY

Full-time

Hybrid

Senior Level, Lead/Staff

$110K/yr - $230K/yr

8+ years exp

GEICO is seeking an experienced Staff Engineer with a passion for building high performance, low maintenance, zero-downtime platforms, and applications. You will lead the strategy and execution of a technical roadmap that will increase the velocity of delivering products and unlock new engineering capabilities.

Auto InsuranceFinancial ServicesGovernmentInsuranceInternetMobile

H1B Sponsored

Responsibilities

Define the technical roadmap for vulnerability management and patch automation platforms

Establish standards, patterns, and paved roads for scanning, triage, remediation, and verification

Mentor engineers across Security and Platform teams on software and systems design best practices

Drive design reviews, architecture decisions, and quality gates for reliability and security

Design and implement services for asset/CMDB enrichment, risk scoring, and intelligent targeting (by business criticality, exposure, blast radius)

Build controllers/schedulers for maintenance windows, deployment rings/canaries, pre/post checks, automated backoff/rollback, and progressive delivery

Deliver self‑service CLIs/SDKs and internal UIs to request, schedule, and track remediation with clear SLAs and audit trails

Implement idempotent, policy‑driven workflows for patching and baseline enforcement across Windows and Linux

Integrate with image pipelines (e.g., Packer/golden images) to shift‑left patching and hardening

Integrate scanner data (e.g., Tenable/Nessus, Qualys, Rapid7) and external intel (CVSS v3.x, KEV, EPSS) into unified pipelines with deduplication, suppression/exception workflows, and verification

Build prioritization engines that combine exploitability, exposure, and business context to drive action

Operate and automate patch tooling and package managers (e.g., WSUS/MECM/SCCM, Ansible/Puppet/Chef/Salt, dnf/yum/apt, Winget/MSU) with safety guardrails

Enforce CIS Level 1 hardening via policy and code with drift detection and evidence capture

Integrate with CMDB and ITSM/ticketing (e.g., Remedy, ServiceNow) for change control, approvals, and auditability

Provide APIs/webhooks and event streams for downstream consumers (e.g., SIEM, data lake, dashboards)

Publish reusable modules, reference implementations, and runbooks to scale adoption

Define the technical roadmap for vulnerability management and patch automation capabilities

Evaluate and recommend new tools, data sources, and methodologies (e.g., exploit intel, risk models)

Drive adoption of best practices for scanning, prioritization, and safe remediation across engineering teams

Identify opportunities to reduce operational overhead through standardization, policy, and automation

Stay current with industry trends and emerging technologies in vulnerability and patch engineering

Work closely with Platform/SRE, Security, and application engineering teams to plan and execute safe changes

Collaborate with product managers and stakeholders to understand risk, requirements, and timelines

Communicate complex technical concepts and trade‑offs to both technical and non‑technical audiences

Document architecture decisions, patterns, and best practices; present proposals and updates to leadership

Define and track SLOs for patch compliance, time‑to‑remediate by severity, change success rate, and re‑open rate

Implement observability (metrics/logs/traces), health checks, and alerting across the platform

Ensure resilience through canaries, rate limiting, circuit breakers, retries with backoff, and safe rollbacks

Establish disaster recovery strategies and conduct game days/chaos testing for critical workflows

Maintain compliance with security and regulatory requirements; ensure usability, reliability, security, and performance

Troubleshoot and resolve complex issues; fulfill on‑call responsibilities appropriate to the platform

Qualification

Vulnerability ManagementAutomationKubernetesConfiguration ManagementPythonLinux AdministrationWindows Server AdministrationCloud ServicesEvent-Driven PipelinesStakeholder ManagementCommunication SkillsDocumentation Skills

Required

Strong software engineering background building production services and tooling (Python or Go preferred; TypeScript a plus)

Deep knowledge of Linux and Windows Server administration and patching in enterprise environments

Hands‑on experience with vulnerability scanners and their APIs (Tenable/Nessus, Qualys, Rapid7) and risk models (CVSS, KEV, EPSS)

Proficiency with configuration management and IaC (Ansible/Puppet/Chef/Salt; Terraform/Pulumi/Crossplane, Helm/Kustomize)

Experience with event‑driven and batch data pipelines (e.g., Kafka/SNS/SQS/PubSub), relational data stores, and caching

Familiarity with cloud (AWS/Azure/GCP), containers/Kubernetes, and image pipelines (e.g., Packer)

Solid understanding of authN/authZ, secrets management, and least‑privilege access for platforms and automation

Excellence in observability and reliability practices (OpenTelemetry/Prometheus/Grafana) with an SLO mindset

Strong documentation, communication, and stakeholder management skills

8+ years of professional software or platform engineering experience, including building and operating automation at scale

6+ years administering or engineering for Windows and/or Linux in enterprise environments

4+ years integrating vulnerability scanners and/or building remediation workflows and platforms

3+ years implementing configuration management or hardening frameworks (CIS, STIG) via policy/code

Demonstrated leadership driving cross‑team adoption and measurable risk reduction

4+ years of hands-on experience with Azure, OpenStack, AWS, GCP, or other cloud services

2+ years working with open-source frameworks

Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or equivalent experience

Benefits

Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being.

Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance.

Access to additional benefits like mental healthcare as well as fertility and adoption assistance.

Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year.

Company

GEICO

Glassdoor2.7

GEICO, Government Employees Insurance Company, has been providing affordable auto insurance since 1936. It is a sub-organization of Berkshire Hathaway.

Founded in 1936

Chase, Maryland, USA

10001+ employees

http://www.geico.com

H1B Sponsorship

GEICO has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (128)

2024 (277)

2023 (338)

2022 (212)

2021 (148)

2020 (205)

Funding

Current Stage

Late Stage

Total Funding

unknown

1996-01-01Acquired

Leadership Team

Todd Combs

Chairman, President, and Chief Executive Officer

Clayton Johnson

Sr. Director of Product Management

Recent News

Android Headlines

Xfinity Tops the List of Most Frustrating Companies, Shocking Absolutely No One

2026-01-24

EIN Presswire

Deep Blue Sports + Entertainment Announces its Fourth Annual Business of Women’s Sports Summit 2026 presented by GEICO

2026-01-20

PR Newswire

Property & Casualty Insurers Recognized for Digital Excellence in Corporate Insight's 14th Annual P&C Insurance Monitor Awards

2026-01-20

Company data provided by crunchbase