Sr. Staff Security Operations Engineer, VM & Offensive Security

Description:

• Lead efforts to identify, plan, and deliver program security outcomes across Vulnerability Management and Offensive Security.
• Monitor and track signals of security gaps, initiative delays, compliance risks due to system issues, and drive resolution.
• Create visuals on current performance and risk indicators related to Vulnerability Management & Offensive Security initiatives and operations.
• Help to develop standards on reporting Vulnerability Management & Offensive Security tool effectiveness, maturity, resilience and other factors in determining risks as they come up.
• Help drive automation of routine tasks to drive growth in security protection and detection technologies.
• Provide expert guidance, demonstrations and lead discussions on security best practices to stakeholders and leadership.
• Works in lockstep with our CSIRT, GRC, Platform Security, Development/Product organizations and Technology partner teams to ensure protection coverages, proper detection event notifications, documentation and standards we can all use.
• Organize, store and manage operational best practices documentation for security solutions to protect our business products and assets in a hybrid environment (on-prem and multi-cloud).
• Partner with the project sponsors, delivery teams, and stakeholders to deliver quality solutions on time and within budget by coordinating project activities across multiple systems, departments, and teams.
• Create, maintain, and actively manage a detailed project schedule, change control process, and documentation.
• Identify and raise appropriate security risks, in addition to presenting detailed and implementable solutions or alternatives and drive those campaigns to resolution.
• Drive vendor management Manage by identifying vendors, coordinating vendor activities, and working with Sourcing to develop statement of work and procure services.

Requirements:

• Demonstrated understanding of vulnerability management and offensive security tooling and practices including – vulnerability scanning of infrastructure, penetration testing, red/purple teaming, risk assessment, prioritization, and remediation of vulnerabilities.
• Familiar with CVEs, CWEs, CVSS, and OWASP projects - Web Top Ten, API Top Ten, Mobile Top Ten, and OWASP AI.
• Knowledge of data access languages such as SQL and GraphQL and the ability to construct queries against data sources.
• Extensive experience in engineering and solution delivery in a dynamic service provider environment.
• Strong knowledge of project management methodologies and best practices.
• Proven track record of successfully managing large/complex projects across cross-functional teams, building processes and coordinating delivery
• Working knowledge of security services and their impact on production systems including runtime protection services, detective and protective agents and/or daemon sets, vulnerability and application scanning, etc.
• Experience in a multi-cloud environment including AWS, Azure, and/or Google Cloud.
• Experience communicating and presenting to senior and junior staff with the ability to influence development partners and stakeholders.
• Detail and deadline oriented with effective organizational and analytic skills
• Strong critical thinking, problem solving, decision making, and analytical skills
• Outstanding time management skills and attention to detail
• Excellent verbal/written communication skills, including the ability to clearly document findings, proposals, issues, and status
• Self-motivated and able to work independently while coordinating activities with cross-divisional teams
• Effective leadership qualities, ability to influence without direct management authority
• Ability to excel in a fast-paced, startup-like environment
• Knowledge of industry-standard security control frameworks and compliance standards including NIST, PCI, SOX, NYDFS.Preferred Qualifications:Knowledge in a hybrid cloud environment such including Containerization, VMs, CI/CD pipeline, IaCExperience defining KPI’s/SLAs used to drive multi-million-dollar businesses and reporting to senior leadership .Experience 10+ years in engineering focused role, preferably in the tech industry4+ years of experience with AWS, GCP, Azure, or other cloud providers4+ years in a senior role influencing company directionExperience applying engineering to meet or exceed third party attestation requirements (PCI, SOX, …).

Benefits:

• The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers.
• Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being.
• Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance.
• Access to additional benefits like mental healthcare as well as fertility and adoption assistance.
• Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year.

Apply tot his job Apply To this Job