GEICO

Staff Cyber Security Engineer - GRC Automation (REMOTE)

GEICO

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $110,000 - $230,000 per year

Job Level

Lead

Tech Stack

AWSAzureCloudCyber SecurityDistributed SystemsDockerGoogle Cloud PlatformJavaJavaScriptKubernetesNoSQLPythonSQLTypeScript

About the role

  • Lead the development of an Automated Continuous compliance platform for GEICO Cybersecurity Governance team, which enables real time evidence collection, identifying non-compliance with policies early and provides the team with remediation guidelines in an automated scalable way to reduce the audit fatigue and improve the developer experience.
  • Collaborate with developers, engineers, and compliance & security teams across GEICO to institute the programmatic controls vital for the program.
  • You will partner with application security, platform security, SRE, central security and compliance groups at GEICO to craft and roll out controls, processes, automate collection of evidence and create dashboard on the security posture of GEICO.
  • Lead the Cyber Governance automation for automated evidence collection and reporting on automated adherence to information security policies
  • Design the Automated Governance Solution including creating requirements and partner with key stakeholders to implement the solution
  • Maintain, mature and enhance the Automated Governance Solution to attain a high NPS scores.
  • Provide technical leadership for Cyber Governance program strategy, automation, integration with Cyber and IT technologies/Services.
  • Execute on the Automated Governance Platform with understanding of the information security policies, security standards, security technologies, GEICOs environment (multi-cloud, on-prem) structure and compliance obligations.
  • Collaborate with engineering teams to define the overall system architecture, ensuring scalability and performance optimization.
  • Collaborate across teams and across the organization to solve our toughest problems
  • Solve audit fatigue and improve operational rigor
  • Ensure we meet regulatory compliance with evidence in a scalable manner
  • Determine complimentary products and solutions to scale and expedite overall automation goals
  • Partner with cloud technical teams (Azure, GCP, AWS, etc.) to deliver a successful outcome
  • Influence and educate partner teams to bring an engineering first approach to develop sustainable processes to adhere to policies
  • Comfortable rolling up your sleeves to design and code for automated, continuous compliance
  • Solve specific security and business problems through automation, utilizing code, and integrating cloud-native and tools via API.
  • Work closely with various teams to drive feature innovation based upon customer needs.
  • Utilize programming languages like Python, C# or other object-oriented languages, SQL, and NoSQL databases, Container Orchestration services including Docker and Kubernetes, and a variety of Azure tools and services
  • Follow GEICOs developer standards and guidelines
  • Triage product or system issues and debug/track/resolve by analyzing the sources of issues and the impact dependent systems
  • Be a role model and mentor, helping to coach and strengthen the technical expertise and know-how of our engineering and product community
  • Influence and educate executives
  • Consistently share best practices and improve processes within and across teams
  • Determine and support resource requirements, evaluate operational processes, measure outcomes to ensure desired results, demonstrate adaptability and sponsor continuous learning

Requirements

  • 6+ years of professional software engineering experience
  • 3+ years of experience with architecture and design
  • 2+ years of experience with AWS, GCP, Azure, or another cloud service
  • 2+ years of experience in open-source frameworks
  • Professional security certifications (e.g., CISSP, CCSP, CSSLP) is a plus
  • Expertise with security standards such as SOX, PCI-DSS, ISO27K, SOC or NIST (some combination of these is ideal)
  • Understanding of cloud, open-sourced distributed systems are ideal