Identity Security Distinguished Engineer (REMOTE)
MD Chevy Chase (Office) - JPS
GEICO is seeking an Identity Security Distinguished Engineer to provide security specific strategic and technical direction for our identity and access management solutions with our user, development and production domains. This individual will play a lead role within GEICO’s Cybersecurity team, with a focus on defensive and protective controls, compliance and governance automation and driving modernization in our identity strategy.
Our Distinguished Engineer will be the technical and engineering lead for a team of engineers who proactively and holistically deliver secure IAM configuration, threat detection, strategic partnership on the IAM roadmap and create automated proof and validation of our controls. You will help our business transformation as we transition from a traditional IT Security model to a tech organization with engineering excellence as its mission, while co-creating a culture of leveraging security to enable the business and protecting against the latest threats.
You will innovate and lead new initiatives, improve Security, enhance existing systems while also identifying new opportunities with an offensive security mindset to find critical problems and solve at a rapid pace. You will help lead the confirmation our systems are protected through automated testing and continuous improvement to raise the bar and foster a proactive security culture which also enables the business without impact. The ideal candidate has deep technical expertise in this domain and an attacker/defender adversarial background.
Job Responsibilities
As a Distinguished Engineer, you will:
Influence and educate staff at all levels to bring a security minded approach to difficult challenges balancing usability and security.
Provide technical guidance and mentorship to the team, fostering a culture of innovation, collaboration, and continuous improvements.
Collaborate with cross-functional leaders, team members, IAM engineering, and peer security teams to solve complex problems with minimal business impact.
Proactively identify opportunities to enhance security measures, streamline processes, and optimize tooling to fortify our environment against emerging threats.
Deliver automation initiatives, conduct advanced research, and develop proofs of concept to enhance our security capabilities and improve overall efficiency.
Help develop and implement engineered automation to ensure compliance with industry regulations and frameworks which demonstrates without manual efforts.
Work with our business partners to help derive and validate mitigation techniques for identified threats and/or non-compliance.
Define roadmaps for securing various identities with purposeful and functional security without impacting or unnecessary overhead.
Automated adversarial testing of our identity systems to ensure detection mechanisms function appropriately and efficiently.
Provide motivating demonstrations and communications to show the value of our security measures to the business, highlighting the low impact on systems, improved operability and resiliency.
Qualifications:
Extensive experience in identity products and protocols products Active Directory, Kerberos, LDAP, SAML, SCIM, OAuth, and OIDC.
Deep skills in privileged access management tools and services (build/buy).
Extensive experience in offensive and defensive security roles, with a strong hacker mindset.
Experience building and designing (architecture, design patterns, reliability, and scaling) of security systems with micro-services and extensible REST APIs.
Experience communicating and presentation to senior and junior staff with the ability to influence stakeholders.
Experience in a multi-platform environment with Linux, Mac, Windows.
Experience with multiple IaaS platforms from top tier providers.
Experience with solving security control requirements with engineering approaches.
Ability to excel in a fast-paced, startup-like environment.
Ability to design, perform experiments, and influence security detection and protection solutions.
Strong knowledge of industry-standard security tools, frameworks, and best practices including ITDR, EPM, MITRE, CIS and NIST.
Demonstrated fluency and specialization with at least one modern language such as Python or Go.
In depth expertise in cryptographic protocols, digital certificates, and encryption standards such as X.509, Transport Layer Security (TLS), and Advanced Encryption Standard (AES).
Experience working with auditors and demonstrating security controls.
Experience:
8+ years in a dedicated security role, preferably in the tech industry
5+ years of experience with security, identity, architecture, and design
5+ years of experience with open-source frameworks is desired.
3+ years of experience with AWS, GCP, Azure, or other cloud providers
3+ years in a senior security role, preferably architecture, influencing company direction on security strategy.
Education with practical examples in penetration testing, writing test scripts and determining countermeasures.
Experience applying security controls to exceed third party attestation requirements (PCI, SOC, …).
Desired certifications: CISSP, CISA, CISM, CCSK, CCSP, CEH, C|CISO and related GIAC.
Education:
Bachelor’s degree in Computer Science, Cyber Security, or equivalent education with work experience
Third party certifications on penetration testing/ethical hacking, exploit detection and evasion techniques, and related.
Annual Salary
$150,000.00 - $300,000.00The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.
Benefits:
As an Associate, you’ll enjoy our Total Rewards Program* to help secure your financial future and preserve your health and well-being, including:
- Premier Medical, Dental and Vision Insurance with no waiting period**
- Paid Vacation, Sick and Parental Leave
- 401(k) Plan
- Tuition Reimbursement
- Paid Training and Licensures
*Benefits may be different by location. Benefit eligibility requirements vary and may include length of service.
**Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.
The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.
GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.
ApplyJob Profile
Dental Health and well-being Medical Paid training Paid Training and Licensures Paid Vacation Parental leave Total Rewards Program Tuition reimbursement Vision Vision Insurance
Tasks- Automate compliance
- Automation
- Collaborate with cross-functional leaders
- Collaborate with cross functional teams
- Conduct advanced research
- Enhance existing systems
- Enhance security measures
- Lead IAM engineering team
- Provide security direction
- Provide technical guidance
- Provide technical guidance and mentorship
- Streamline processes
Access Management Active Directory AES APIs Architecture Automated Testing Automation AWS Azure Building C Cloud Collaboration Compliance automation Continuous Improvement Cryptographic protocols Cybersecurity Defensive controls Design Design Patterns Digital certificates Encryption Encryption Standards Engineering GCP Go Governance Governance automation IaaS IAM configuration Identity security Kerberos LDAP Linux Mentorship Micro-services OAUTH Offensive Security OIDC Organization Presentation Privileged Access Management Python Reliability REST REST APIs SAML SCIM Security Security culture Threat Detection TLS Windows
Experience10 years
EducationComputer Science Equivalent Equivalent Education Work experience
Certifications TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9