**At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities. **
**Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers’ expectations while making a real impact for our company through our shared purpose. **
When you join our company, we want you to feel valued, supported and proud to work here. That’s why we offer The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers.
Position Summary
GEICO is seeking an experienced Staff Engineer with a passion for building high performance, low maintenance, zero-downtime platforms, and applications. You will help drive our insurance business transformation as we transition from a traditional IT model to a tech organization with engineering excellence as its mission, while co-creating the culture of psychological safety and continuous improvement.
Position Description
Our Staff Engineers work with our Distinguished Engineers, Sr. Staff Engineers, and Sr. Engineers to innovate and build new systems, improve, and enhance existing systems as well as identify new opportunities to apply your knowledge to solve critical problems. You will lead the strategy and execution of a technical roadmap that will increase the velocity of delivering products and unlock new engineering capabilities.
The Platform and Tools - VMs team is dedicated to realizing a secure, reliable, scalable, and highly efficient next-generation virtual machine lifecycle management and orchestration platform running on Kubernetes.
We are seeking a Staff Engineer, Vulnerability Management Platform & Automation to architect, build, and operate large‑scale automation for vulnerability discovery, prioritization, and remediation—alongside safe, zero‑to‑low downtime OS patch orchestration. You will deliver reliable platforms, services, and tooling that transform manual workflows into self‑service, policy‑driven, and observable software. This role sits at the intersection of security engineering, platform engineering, and software development, and includes meaningful overlap with configuration management work (e.g., infrastructure as code, config policy, and orchestration).
You will own the technical strategy and execution for vulnerability management and patch automation—designing APIs, event‑driven pipelines, controllers, schedulers, and integrations that keep diverse fleets current and compliant. You will partner with Platform/SRE, Security, and application teams to deliver predictable remediation at scale, with strong safety guardrails, telemetry, and SLOs. You will drive standardization, reuse, and paved‑road experiences that accelerate delivery while reducing operational toil.
Position Responsibilities
Technical Leadership
- Define the technical roadmap for vulnerability management and patch automation platforms.
- Establish standards, patterns, and paved roads for scanning, triage, remediation, and verification.
- Mentor engineers across Security and Platform teams on software and systems design best practices.
- Drive design reviews, architecture decisions, and quality gates for reliability and security.
System Design & Implementation
- Design and implement services for asset/CMDB enrichment, risk scoring, and intelligent targeting (by business criticality, exposure, blast radius).
- Build controllers/schedulers for maintenance windows, deployment rings/canaries, pre/post checks, automated backoff/rollback, and progressive delivery.
- Deliver self‑service CLIs/SDKs and internal UIs to request, schedule, and track remediation with clear SLAs and audit trails.
- Implement idempotent, policy‑driven workflows for patching and baseline enforcement across Windows and Linux.
- Integrate with image pipelines (e.g., Packer/golden images) to shift‑left patching and hardening.
- Integrate scanner data (e.g., Tenable/Nessus, Qualys, Rapid7) and external intel (CVSS v3.x, KEV, EPSS) into unified pipelines with deduplication, suppression/exception workflows, and verification.
- Build prioritization engines that combine exploitability, exposure, and business context to drive action.
- Operate and automate patch tooling and package managers (e.g., WSUS/MECM/SCCM, Ansible/Puppet/Chef/Salt, dnf/yum/apt, Winget/MSU) with safety guardrails.
- Enforce CIS Level 1 hardening via policy and code with drift detection and evidence capture.
- Integrate with CMDB and ITSM/ticketing (e.g., Remedy, ServiceNow) for change control, approvals, and auditability.
- Provide APIs/webhooks and event streams for downstream consumers (e.g., SIEM, data lake, dashboards).
- Publish reusable modules, reference implementations, and runbooks to scale adoption.
Strategy & Innovation
- Define the technical roadmap for vulnerability management and patch automation capabilities.
- Evaluate and recommend new tools, data sources, and methodologies (e.g., exploit intel, risk models).
- Drive adoption of best practices for scanning, prioritization, and safe remediation across engineering teams.
- Identify opportunities to reduce operational overhead through standardization, policy, and automation.
- Stay current with industry trends and emerging technologies in vulnerability and patch engineering.
Collaboration & Communication
- Work closely with Platform/SRE, Security, and application engineering teams to plan and execute safe changes.
- Collaborate with product managers and stakeholders to understand risk, requirements, and timelines.
- Communicate complex technical concepts and trade‑offs to both technical and non‑technical audiences.
- Document architecture decisions, patterns, and best practices; present proposals and updates to leadership.
Operational Excellence
- Define and track SLOs for patch compliance, time‑to‑remediate by severity, change success rate, and re‑open rate.
- Implement observability (metrics/logs/traces), health checks, and alerting across the platform.
- Ensure resilience through canaries, rate limiting, circuit breakers, retries with backoff, and safe rollbacks.
- Establish disaster recovery strategies and conduct game days/chaos testing for critical workflows.
- Maintain compliance with security and regulatory requirements; ensure usability, reliability, security, and performance.
- Troubleshoot and resolve complex issues; fulfill on‑call responsibilities appropriate to the platform.
Qualifications
- Strong software engineering background building production services and tooling (Python or Go preferred; TypeScript a plus).
- Deep knowledge of Linux and Windows Server administration and patching in enterprise environments.
- Hands‑on experience with vulnerability scanners and their APIs (Tenable/Nessus, Qualys, Rapid7) and risk models (CVSS, KEV, EPSS).
- Proficiency with configuration management and IaC (Ansible/Puppet/Chef/Salt; Terraform/Pulumi/Crossplane, Helm/Kustomize).
- Experience with event‑driven and batch data pipelines (e.g., Kafka/SNS/SQS/PubSub), relational data stores, and caching.
- Familiarity with cloud (AWS/Azure/GCP), containers/Kubernetes, and image pipelines (e.g., Packer).
- Solid understanding of authN/authZ, secrets management, and least‑privilege access for platforms and automation.
- Excellence in observability and reliability practices (OpenTelemetry/Prometheus/Grafana) with an SLO mindset.
- Strong documentation, communication, and stakeholder management skills.
Experience
- 8+ years of professional software or platform engineering experience, including building and operating automation at scale.
- 6+ years administering or engineering for Windows and/or Linux in enterprise environments.
- 4+ years integrating vulnerability scanners and/or building remediation workflows and platforms.
- 3+ years implementing configuration management or hardening frameworks (CIS, STIG) via policy/code.
- Demonstrated leadership driving cross‑team adoption and measurable risk reduction.
- 4+ years of hands-on experience with Azure, OpenStack, AWS, GCP, or other cloud services.
- 2+ years working with open-source frameworks.
Education
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or equivalent experience.
Annual Salary
$110,000.00 - $230,000.00
The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.
GEICO will consider sponsoring a new qualified applicant for employment authorization for this position.
The GEICO Pledge:
Great Company: At GEICO, we help our customers through life’s twists and turns. Our mission is to protect people when they need it most and we’re constantly evolving to stay ahead of their needs.
We’re an iconic brand that thrives on innovation, exceeding our customers’ expectations and enabling our collective success. From day one, you’ll take on exciting challenges that help you grow and collaborate with dynamic teams who want to make a positive impact on people’s lives.
Great Careers: We offer a career where you can learn, grow, and thrive through personalized development programs, created with your career – and your potential – in mind. You’ll have access to industry leading training, certification assistance, career mentorship and coaching with supportive leaders at all levels.
Great Culture: We foster an inclusive culture of shared success, rooted in integrity, a bias for action and a winning mindset. Grounded by our core values, we have an an established culture of caring, inclusion, and belonging, that values different perspectives. Our teams are led by dynamic, multi-faceted teams led by supportive leaders, driven by performance excellence and unified under a shared purpose.
As part of our culture, we also offer employee engagement and recognition programs that reward the positive impact our work makes on the lives of our customers.
Great Rewards: We offer compensation and benefits built to enhance your physical well-being, mental and emotional health and financial future.
- Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being.
- Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance.
- Access to additional benefits like mental healthcare as well as fertility and adoption assistance.
- Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year.
The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.
GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.