Senior Staff Engineer, Offensive Security (REMOTE) Base pay range: $120,000.00/yr - $260,000.00/yr

At GEICO , we offer a rewarding career where your ambitions are met with endless possibilities. The GEICO Pledge emphasizes Great Company, Great Culture, Great Rewards and Great Careers.

As a Senior Staff Engineer of Offensive Security, you will be at the forefront of our cybersecurity strategy for penetration testing, advanced attack simulations, and enabling the organization to prevent, detect, and respond to cyber threats. You will shape our security posture, collaborating with senior leadership to influence risk decisions and ensure regulatory readiness.

We seek a hands-on engineer with deep technical expertise in penetration testing, real-world adversary tactics, and risk frameworks who can drive measurable improvements in cyber resilience. The role includes leading the team in offensive security functions (red and purple teaming) and integrating penetration testing within company processes. You will work with stakeholders across the company to elevate security engineering through automation and innovative approaches, and ensure alignment with industry regulations and compliance standards.

You will simulate real-world cyberattacks to strengthen defenses and influence security strategy across the organization.

Responsibilities

Strategic and tactical leadership for penetration testing, red teaming, and collaboration with defensive security teams (purple teaming).

Conduct tactical security assessments of applications (web, mobile, APIs, and AI products) against OWASP Top 10, working with the Application Security team to increase automated capabilities.

Design and execute advanced threat emulation scenarios across physical, social, and digital vectors.

Ensure penetration testing activities meet security, business, and compliance objectives.

Guide risk assessment, prioritization, reporting, and remediation of vulnerabilities through automation.

Collaborate with Blue Teams, Threat Intelligence, and Risk Management for comprehensive attack coverage.

Align operations with industry regulations and standards (e.g., NIST, PCI DSS, NYDFS).

Champion continuous improvement and innovation in penetration testing and adversary simulation.

Represent Offensive Security in senior leadership and audit discussions as a subject matter expert.

Provide technical leadership for 3rd party penetration testing programs and vendor testing oversight.

Required Qualifications

Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit) and custom scripts (Python, PowerShell).

Advanced understanding of OWASP, MITRE ATT&CK, SDLC, threat modeling, red/purple teaming, and attack path development.

Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, AutoSploit.

Relevant professional security certifications (e.g., GIAC or equivalent).

Proven ability to drive results through automation and best practices.

Proven track record delivering outcomes for regulatory and compliance obligations.

Ability to mentor offensive security engineers across functions (penetration testing, red team, purple team).

Preferred Qualifications

OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certs.

GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus.

Broad knowledge of OS security, networking, firewalls, databases, forensics, scripting and programming.

Advanced knowledge of Linux/Mac/Windows, AWS/Azure cloud environments, and cloud-native resources (containers, Kubernetes, microservices, serverless).

Experience with reverse engineering on mobile apps, including anti-emulation/obfuscation protections.

Required Experience

10+ years in engineering-focused roles, preferably tech industry.

8+ years in offensive security (penetration testing, red team, purple team).

5+ years hands-on experience performing penetration testing, red team, and purple team activities.

4+ years of experience with Azure, AWS, GCP or other cloud providers.

Senior-level experience influencing company direction on security.

Experience applying security controls to meet third-party attestation requirements (PCI, NYDFS, SOX, etc.).

Education

Bachelor’s degree in Cybersecurity, Computer Science or related field.

Annual Salary $120,000.00 - $260,000.00

The above annual salary range is a general guideline. Final offer depends on factors including scope of role, experience, education, location, and market considerations.

GEICO will not sponsor new employment authorization for this position at this time.

The GEICO Pledge Great Company: We help customers through life’s twists and turns and stay ahead of their needs. We value growth and collaboration.

Great Careers: We offer development programs, certifications, mentorship, and coaching.

Great Culture: We foster an inclusive, respectful culture with integrity and performance excellence.

Great Rewards: We provide comprehensive compensation and benefits, including a Total Rewards program and flexibility options.

Comprehensive Total Rewards tailored to you and your family.

Competitive compensation, 401K with a 6% match, incentives, and tuition assistance.

Access to mental health, fertility and adoption support.

Flexible work arrangements including GEICO Flex program (work from anywhere in the US up to four weeks per year).

The GEICO equal employment opportunity policy ensures fair and equal opportunity for all associates and applicants in compliance with applicable laws. GEICO supports reasonable accommodations for qualified individuals with disabilities where it does not impose an undue hardship.

Seniority level

Mid-Senior level

Employment type

Full-time

Job function

Finance and Sales

Industries

Insurance

Referrals increase your chances of interviewing. Get notified about new Senior Financial Engineer jobs in Seattle, WA.

#J-18808-Ljbffr