GEICO

Staff Security Engineer - Vulnerability Management (REMOTE)

GEICO

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $115,000 - $230,000 per year

Job Level

Lead

Tech Stack

AWSAzureCloudCyber SecurityGoogle Cloud PlatformLinuxPythonSDLC

About the role

  • Own and lead the end-to-end Vulnerability Management lifecycle, including discovery, prioritization, remediation, and reporting.
  • Develop and execute a long-term strategy for vulnerability management, incorporating emerging threats, industry best practices, and new technologies.
  • Serve as a subject matter expert on vulnerability scanning tools (e.g., Tenable.io, Qualys, CrowdStrike), penetration testing methodologies, and threat modeling.
  • Conduct in-depth analysis of vulnerability data to identify critical risks and provide actionable recommendations to engineering and business teams.
  • Drive the automation of vulnerability discovery and remediation processes to improve efficiency and reduce manual effort.
  • Partner with development, DevOps, and infrastructure teams to integrate security into the SDLC (Software Development Life Cycle) and foster a "shift-left" security approach.
  • Create and present clear, concise reports on the state of the vulnerability program to senior leadership, highlighting key risks, progress, and strategic initiatives.
  • Mentor and guide junior security engineers, sharing knowledge and expertise to help them grow their skills and careers.
  • Collaborate with the Incident Response team to provide critical context and support during security incidents.
  • Ensure the vulnerability management program meets regulatory and compliance requirements (e.g., PCI DSS, SOX).

Requirements

  • 6+ years of experience in cybersecurity, with at least 4 years specifically focused on vulnerability management.
  • Expertise with leading vulnerability scanning platforms (e.g., Tenable.io, Qualys, Rapid7).
  • Strong understanding of network protocols, operating systems (Windows, Linux), and cloud environments (AWS, Azure, GCP).
  • Proficiency in scripting languages (e.g., Python, PowerShell) for automation.
  • Knowledge of secure coding practices and common web application vulnerabilities (OWASP Top 10).
  • Excellent written and verbal communication skills, with the ability to articulate complex technical issues to both technical and non-technical audiences.
  • Proven leadership and mentorship abilities.
  • Strong analytical and problem-solving skills.
  • Ability to work effectively in a fast-paced, dynamic environment.
  • Professional security certification (e.g., CISSP, CCSP, CSSLP) is a plus.