Geico - Chevy Chase, MD
posted about 2 months ago
GEICO is seeking an experienced Staff Engineer to provide enterprise support for application security in our hybrid, multi-cloud environments. In this senior-level position, you will proactively and holistically lead and support Application Security activities that guide the design, development, security of code, and code repositories for cloud-hosted and open-source applications. Your role will involve implementing solutions that include CICD integrations, SAST, DAST, IAC, SCA, secure cloud platform engineering, and automated threat modeling. As the Application Security Staff Engineer, you will work closely with development teams, product teams, and other teams across the organization to integrate security into the product lifecycle. You will be a subject matter expert in defining security requirements, secure application design, performing application security assessments, threat modeling, and providing developers with remediation guidance and solutions. On any given day, you may evaluate a new system, review a proposed application design, or provide solutions for application security and coding best practices. Your responsibilities will include working independently with developers, system/network engineers, product owners, and other engineers to ensure secure design, development, and implementation of cloud-based applications. You will define and document secure architecture patterns and anti-patterns, perform security architecture design reviews of products including web applications, services, and mobile applications, and define security best practices and standards to partner with Product Development teams for implementation. Additionally, you will serve as a technical advisor and consultant to colleagues and GEICO leadership on the implementation of the Cybersecurity application security policy and standards, providing technical thought leadership for integration decisions, and ensuring the integrity of GEICO mission objectives while protecting GEICO assets from cyber threats and vulnerabilities.