Principal Engineer - Application Security (REMOTE)

GEICO is seeking aPrincipal Engineer- Application Security to provide enterprise guidance for application security for our hybrid, multi-cloud environments. The Application Security Engineer proactively and holistically leads and supports Application Security activities that guide the design, development and security of code and code repositories for cloud-hosted applications. Solutions include CICD integrations, SAST, DAST, IAST, SCA, secure cloud platform engineering, automated threat modeling.

The Principal Engineer- Application Security provides the necessary leadership, analysis and design tasks related to support the development of secure applications while ensuring that solutions meet business needs and align with architectural governance and standards. They create deliverables for managing the organization's portfolio of "to be" and "as is" cloud application security capabilities - including systems (applications, processes, information and technology), shared infrastructure services, and shared application services and components to enable and drive targeted business outcomes.

Key Responsibilities

• The Principal Engineer of Application Security will be responsible for designing, implementing, and operating (administer, maintain, and optimize) the security technology infrastructure that enables us to best identify, prevent, plan, and remediate vulnerabilities in our applications

• Understand current and future state security capabilities to determine enterprise security designs and requirements to drive targeted outcomes

• Hands on experience in application and product security tooling and technology like SAST, DAST, SCA, API, container security, and cloud security posture management

• Lead developers and testers in security activities during product lifecycle such as secure design reviews/threat modeling, security code reviews, security test planning, and security code hardening, to help identify potential vulnerabilities.

Qualifications

• 7+ years planning and designing application security, cloud security, systems security, or platform security

• 3+ years of experience in at least two security solution design and development disciplines, including technical or security infrastructure architecture, cloud security, network security management, secure application development or secure cloud development.

• 2+ years of experience working with CICD integrations for Static/Dynamic/Interactive Security Testing, Software Composition Analysis for web and mobile applications

• Understanding of threats, threat modeling, and the applicability to our business systems

• Experience working with enterprise and cloud network security stacks such as cloud firewalls, Web App Firewalls and CASB in an application environment

• Knowledge of various development languages like .NET, Java, Python, JavaScript

• Knowledge of various managed and database technologies like Cosmos, SQL, MySQL, MongoDB

• Excellent understanding and knowledge of application development life cycle methodologies such as waterfall, spiral, agile software development, rapid prototyping, incremental, synchronize and stabilize, and DevOps

• Strong command of strategic and emerging security / cloud / application security trends, and the practical application of existing and emerging technologies to new and evolving business and operating models.

• Understanding and applied use of OWASP Top 10, NIST CSF, PCI-DSS, etc.

• Experience working closely with senior executives on strategic initiatives

Benefits

At GEICO, we make sure you have the support and resources to leverage and develop your skills, secure your financial future, and take care of your health and well-being. GEICO continually seeks to provide a workplace where everyone can be their authentic self. To help achieve this goal, we support associate-led Employee Resource Groups that foster a true sense of community. Through GEICO's competitive benefits offerings and various training and development opportunities, we have you covered with our Total Rewards Program* that includes:

• Premier Medical, Dental and Vision Insurance with no waiting period**
• Paid Vacation, Sick and Parental Leave
• 401(k) Plan
• Tuition Reimbursement
• Paid Training and Licensures

*Benefits may be different by location. Benefit eligibility requirements vary and may include length of service.

**Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.

GEICO is proud to be an equal opportunity employer. We are committed to cultivating an environment where equal employment opportunities are available to all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO celebrates diversity and believes it is critical to our success. As such, we are committed to recruit, develop and retain the most talented individuals to join our team

Annual Salary

The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate's work experience, education and training, the work location as well as market and business considerations.