Work independently with developers, system/network engineers, product owners, and other engineers to ensure secure design, development, and implementation of cloud-based applications.
Define and document secure architecture patterns and anti-patterns.
Perform security architecture design reviews of our products including web applications, services, and mobile applications.
Define security best practices and standards and partner with Product Development teams to implement them.
Provide remediation guidance and recommendations to developers and engineers.
Serve as a technical advisor and consultant to colleagues and/or GEICO leadership on the implementation of the Cybersecurity application security policy and standards.
Provide technical thought leadership for integration decisions, analyzing design constraints and trade-offs in system and security design.
Ensure integrity of GEICO mission objectives while protecting GEICO assets from cyber threats and vulnerabilities.
Work with Product Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
Interface with the Product and Cyber Security teams to track security feature enhancement requests.
Help develop actionable insights, prioritizing the work based on risk and impact, and allocate resources effectively using Geico specific large data sets.

Requirements

Hands-on product development experience, with strict SLA and SLR, using a mature S-SDLC.
Direct experience working with development teams to define, develop and document secure solutions.
Experience breaking down complex systems and applications to find flaws with analysis and threat modeling.
Strong familiarity with common vulnerabilities and attack vectors.
Knowledge of web service technologies, load balancer services (i.e., Nginx, Cloudflare, F5, etc.) and RESTful APIs.
Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.).
Solid understanding of secure network, system, and service design in cloud (Azure, AWS etc.) and conventional environments.
Understanding and applied use of OWASP Top 10, NIST SP800 Series, NIST CSF, FIPS 140-2, ISO 27001, PCI-DSS, etc.
Advanced understanding and knowledge of application development life cycle methodologies (such as waterfall, spiral, agile software development, rapid prototyping, incremental, synchronize and stabilize, and DevOps/ SecDevOps).
Strong command of strategic and emerging security/ cloud technology trends, and the practical application of existing and emerging technologies to new and evolving business and operating models.
Experience collaborating closely with senior executives on strategic initiatives.
A background integrating security testing into the SDLC.
Experience providing security training to developers.
Ability to find security defects within programming languages such as Go, Rust, Java, Python, Object C, and mobile device languages.
Demonstrated experience using DAST and SAST tools and services.
One or more of the following Cybersecurity certifications are highly desired: Security+, Certified Information System Security Professional (CISSP) or Certified Information Security Manager (CISM).

Benefits

📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

secure architecture designthreat modelingvulnerability analysisapplication development life cycleprogramming languagesDAST toolsSAST toolscloud securityencryption technologiesauthentication protocols

Soft Skills

technical thought leadershipcollaborationconsultingcommunicationprioritizationrisk assessmentresource allocationguidanceproblem-solvingindependent work

Certifications

Security+CISSPCISM