Sr Staff Engineer of Collaboration and DLP Security

GEICO is seeking a Sr Staff Engineer of Collaboration and DLP Security to provide strategic and technical direction for our user, development and production environments. You will proactively and holistically drive, lead, and support, Security detection and prevention strategies with proof and validation of our controls in the various messaging platforms and data loss prevention technologies.

We see collaboration as a combination of traditional email, modern chat and conferencing systems our users and partners use every day. From users, third-party, production systems or elsewhere to integrations and governing our identified policies.  We need an expert to join our team and apply high confidence, low friction security across the collaboration spectrum.

Our Sr Staff Engineer works with Staff and Sr. Engineers to innovate and lead new initiatives, improve Security, and enhance existing systems while also identifying new opportunities with an insider threat mindset to find critical risk and solve at a rapid pace. You will help lead the confirmation our systems are protected through continuous improvement and automated testing to raise the bar and foster a proactive security culture which also enables the business without impact. The ideal candidate has deep technical expertise in this domain and an attacker/defender adversarial background.

Job Responsibilities

​​​As a Sr Staff Engineer, you will: 

• Design, implement, and develop advanced email security solutions to protect email systems from cyber threats, including phishing, malware, data exfiltration and other attacks.

• Monitor and analyze traffic for signs of malicious activity, employing advanced threat detection techniques.

• Help to develop and enforce messaging security policies, standards, and procedures with automation and the support your team.

• Conduct regular security assessments without disrupting the operational excellence of various messaging systems.

• Provide expert guidance and recommendations on collaboration security best practices to stakeholders.

• Works in lockstep with our CSIRT teams to ensure protection coverages, proper detection event notifications, documentation and standards we can all use.

• Determine and implement DLP improvements and enhancements to increase data security and efficiency.

• Ensure compliance with data protection laws, regulations, and standards, such as GDPR, CCPA, HIPAA, and PCI DSS.

• Generate and deliver reports and metrics to management and stakeholders on the effectiveness of our protective solutions in messaging and data loss prevention.

• Define roadmaps for securing collaboration system with purposeful and functional security without impacting or unnecessary overhead.

• Proactively identify opportunities to enhance security measures, streamline processes, and optimize tooling to fortify our environment against emerging threats.

• Help develop and implement policies, standards, and guidelines to ensure compliance with industry regulations and frameworks, promoting security as an integral part of our operation by partnering with external teams and their leadership.

• Deliver automation initiatives, conduct advanced research, and develop proofs of concept to enhance our security capabilities and improve overall efficiency.

Qualifications:

• Extensive experience in security products and frameworks: SEG, O365, CASB, DLP, DSPM and related endpoint controls.

• Experience with data protection laws, regulations, and standards.

• Experience communicating and presentation to senior and junior staff with the ability to influence stakeholders.

• Experience in a multi-platform environment with Linux, Mac, Windows.

• In-depth knowledge of email security protocols (e.g., SMTP, DMARC, DKIM, SPF) and encryption technologies.

• Proficiency with email, CASB and DLP security tools and platforms (e.g., Proofpoint, Mimecast, Abnormal, ForcePoint, Microsoft Defender, Zscaler)

• Experience with multiple IaaS platforms from top tier providers.

• ​Experience with solving security control requirements with engineering approaches.

• ​Ability to excel in a fast-paced, startup-like environment.

• Ability to design, perform experiments, and influence security detection and protection solutions.

• Strong knowledge of industry-standard security tools, frameworks, and best practices including Mitre, CIS and NIST.

• Demonstratable proficiency in common scripting languages with examples of automation at scale.

• Strong understanding of cyber threat intelligence and incident response processes

Experience:

• 5+ years in a dedicated security role, preferably in the tech industry

• 3+ years in email security, with a strong focus on threat detection and mitigation

• 3+ years of experience in DLP administration or data security

• 3+ years in a senior role influencing company direction on security

• Knowledge of the monitoring and analysis of alerts and events using related detection tools and dashboards

• Knowledge of investigation and resolution of technology related incidents and breaches and escalation procedures

• Experience applying security controls to exceed third party attestation requirements (PCI, SOC, …).

Education:

• Bachelor’s degree in Computer Science, Cyber Security, or equivalent education with work experience.

• Third party certifications such as: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), or similar are highly desirable.

• Penetration testing/ethical hacking, exploit detection and evasion techniques, and related experience preferred.

 

Annual Salary

$130,000.00 - $260,000.00

The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.

 

GEICO will consider sponsoring a new qualified applicant for employment authorization for this position.

 

Benefits:

As an Associate, you’ll enjoy our Total Rewards Program* to help secure your financial future and preserve your health and well-being, including:

• Premier Medical, Dental and Vision Insurance with no waiting period**
• Paid Vacation, Sick and Parental Leave
• 401(k) Plan
• Tuition Reimbursement
• Paid Training and Licensures

*Benefits may be different by location.  Benefit eligibility requirements vary and may include length of service.

**Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.

The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.

GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.