Network Security Distinguished Engineer

GEICO is seeking a Network Access Security Distinguished Engineer to provide security specific strategic and technical direction for our identity and access management solutions with a focus on Zero Trust Network Access (ZTNA). This individual will play a lead role within GEICO’s Cybersecurity team, with a focus on defensive and protective controls, compliance and governance automation and driving modernization in our identity strategy.

Our Distinguished Engineer will be the technical and engineering lead for a team of engineers who proactively and holistically deliver secure access configurations, threat detections, by building strategic partnerships based upon the Cyber Security IAM roadmap and create automated proof and validation of our controls. You will help our business transformation as we transition from a traditional IT Security model to a tech organization with engineering excellence as its mission, while co-creating a culture of leveraging security to enable the business and protecting against the latest threats.

You will innovate and lead new initiatives, improve Security, enhance existing systems while also identifying new opportunities with an offensive security mindset to find critical problems and solve at a rapid pace. You will help lead the confirmation that our systems are protected through automated testing and continuous monitoring and automated threat remediation to raise the bar and foster a proactive security culture which also enables the business without impact. The ideal candidate has deep technical expertise in this domain and an attacker/defender adversarial background.

​​​As a Distinguished Engineer, you will: 

• Influence and educate staff at all levels to bring a security minded approach to difficult challenges balancing usability and security.
• Provide technical guidance and mentorship to the team, fostering a culture of innovation, collaboration, and continuous improvements.
• Collaborate with cross-functional leaders, team members, IAM engineering, Network Engineering, and peer security teams to solve complex problems with minimal business impact.
• Proactively identify opportunities to enhance security measures, streamline processes, and optimize tooling to fortify our environment against emerging threats.
• Approach all access with a "least privilege" and "zero trust" mindset and enforce that philosophy through detective and protective technical controls.
• Deliver automation initiatives, conduct advanced research, and develop proofs of concept to enhance our security capabilities and improve overall efficiency.
• Help develop and implement engineered automation to ensure compliance with industry regulations and frameworks and enable/present proof of these services to interested parties in a low-friction and self-service manner.
• Work with our business partners to help derive and validate mitigation techniques for identified threats and/or non-compliance.
• ​​Define roadmaps for securing various identities with purposeful and functional security without impacting or unnecessary overhead.
• Automated adversarial testing of our identity systems to ensure detection mechanisms function appropriately and efficiently.
• Provide motivating demonstrations and communications to show the value of our security measures to the business, highlighting the low impact on systems, improved operability and resiliency.

Qualifications

• Extensive experience in identity security products and protocols such as MFA, Kerberos, ZTNA access services, VPN clients.
• Extensive experience in designing and optimizing complex firewall ACL configurations.
• Experience building and designing (architecture, design patterns, reliability, and scaling) of security systems with micro-services and extensible REST APIs.
• Experience communicating and presentation to senior and junior staff with the ability to influence stakeholders.
• Experience in a multi-platform environment with Linux, Mac, Windows.
• Experience in ZTNA technologies from companies  such as Zscaler, Palo Alto, Cisco, Cloudfare, etc.
• Experience in implementing, administering and troubleshooting web access firewall and network proxy solutions.
• Experience in implementing a remote access solution leveraging least privilege principles, providing access based upon a person's role in the organization.
• ​Experience with solving security control requirements with engineering approaches.
• ​Ability to excel in a fast-paced, startup-like environment.
• Ability to design, perform experiments, and influence security detection and protection solutions.
• Strong knowledge of industry-standard security tools, frameworks, and best practices including ITDR, EPM, MITRE, CIS and NIST.
• Fluency and specialization with at least one modern language such as Python or Go.
• In depth expertise in cryptographic protocols, digital certificates, and encryption standards such as X.509, Transport Layer Security (TLS), and Advanced Encryption Standard (AES).
• Experience working with auditors and demonstrating security controls.

Experience

• 8+ years in a dedicated security role, preferably in the tech industry
• 5+ years of network engineering experience with an emphasis on network security
• 3+ years of experience with security, identity, architecture, and design
• 3+ years of experience with AWS, GCP, Azure, or other cloud providers preferred
• 3+ years in a senior role influencing company direction on security.
• Hands on experience with practical examples in designing a Zero Trust Network Access model with emphasis on least privilege security, globally and highly available access, and strong detective and protective security controls. 
• Experience applying security controls to exceed third party attestation requirements (PCI, SOC, …).

Education

• Bachelor’s degree in Computer Science, Cyber Security, or equivalent education with work experience
• Third party certifications on penetration testing/ethical hacking, exploit detection and evasion techniques, and related.

 

Annual Salary

$150,000.00 - $300,000.00

The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.

 

At this time, GEICO will not sponsor a new applicant for employment authorization for this position.

 

Benefits:

As an Associate, you’ll enjoy our Total Rewards Program* to help secure your financial future and preserve your health and well-being, including:

• Premier Medical, Dental and Vision Insurance with no waiting period**
• Paid Vacation, Sick and Parental Leave
• 401(k) Plan
• Tuition Assistance
• Paid Training and Licensures

*Benefits may be different by location.  Benefit eligibility requirements vary and may include length of service.

**Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.

The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.

GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.