Staff Engineer - Vulnerability Management Automation (Platform and Tools - VMs)

GEICO is seeking an experienced Staff Engineer with a passion for building high performance, low maintenance, zero-downtime platforms, and applications. You will help drive our insurance business transformation as we transition from a traditional IT model to a tech organization with engineering excellence as its mission, while co-creating the culture of psychological safety and continuous improvement., Our Staff Engineers work with our Distinguished Engineers, Sr. Staff Engineers, and Sr. Engineers to innovate and build new systems, improve, and enhance existing systems as well as identify new opportunities to apply your knowledge to solve critical problems. You will lead the strategy and execution of a technical roadmap that will increase the velocity of delivering products and unlock new engineering capabilities.

The Platform and Tools - VMs team is dedicated to realizing a secure, reliable, scalable, and highly efficient next-generation virtual machine lifecycle management and orchestration platform running on Kubernetes., * Define the technical roadmap for vulnerability management and patch automation platforms.

• Establish standards, patterns, and paved roads for scanning, triage, remediation, and verification.
• Mentor engineers across Security and Platform teams on software and systems design best practices.
• Drive design reviews, architecture decisions, and quality gates for reliability and security.

System Design & Implementation

• Design and implement services for asset/CMDB enrichment, risk scoring, and intelligent targeting (by business criticality, exposure, blast radius).
• Build controllers/schedulers for maintenance windows, deployment rings/canaries, pre/post checks, automated backoff/rollback, and progressive delivery.
• Deliver self-service CLIs/SDKs and internal UIs to request, schedule, and track remediation with clear SLAs and audit trails.
• Implement idempotent, policy-driven workflows for patching and baseline enforcement across Windows and Linux.
• Integrate with image pipelines (e.g., Packer/golden images) to shift-left patching and hardening.
• Integrate scanner data (e.g., Tenable/Nessus, Qualys, Rapid7) and external intel (CVSS v3.x, KEV, EPSS) into unified pipelines with deduplication, suppression/exception workflows, and verification.
• Build prioritization engines that combine exploitability, exposure, and business context to drive action.
• Operate and automate patch tooling and package managers (e.g., WSUS/MECM/SCCM, Ansible/Puppet/Chef/Salt, dnf/yum/apt, Winget/MSU) with safety guardrails.
• Enforce CIS Level 1 hardening via policy and code with drift detection and evidence capture.
• Integrate with CMDB and ITSM/ticketing (e.g., Remedy, ServiceNow) for change control, approvals, and auditability.
• Provide APIs/webhooks and event streams for downstream consumers (e.g., SIEM, data lake, dashboards).
• Publish reusable modules, reference implementations, and runbooks to scale adoption.

Strategy & Innovation

• Define the technical roadmap for vulnerability management and patch automation capabilities.
• Evaluate and recommend new tools, data sources, and methodologies (e.g., exploit intel, risk models).
• Drive adoption of best practices for scanning, prioritization, and safe remediation across engineering teams.
• Identify opportunities to reduce operational overhead through standardization, policy, and automation.
• Stay current with industry trends and emerging technologies in vulnerability and patch engineering., * Work closely with Platform/SRE, Security, and application engineering teams to plan and execute safe changes.
• Collaborate with product managers and stakeholders to understand risk, requirements, and timelines.
• Communicate complex technical concepts and trade-offs to both technical and non-technical audiences.
• Document architecture decisions, patterns, and best practices; present proposals and updates to leadership.

Operational Excellence

• Define and track SLOs for patch compliance, time-to-remediate by severity, change success rate, and re-open rate.
• Implement observability (metrics/logs/traces), health checks, and alerting across the platform.
• Ensure resilience through canaries, rate limiting, circuit breakers, retries with backoff, and safe rollbacks.
• Establish disaster recovery strategies and conduct game days/chaos testing for critical workflows.
• Maintain compliance with security and regulatory requirements; ensure usability, reliability, security, and performance.
• Troubleshoot and resolve complex issues; fulfill on-call responsibilities appropriate to the platform., Great Rewards: We offer compensation and benefits built to enhance your physical well-being, mental and emotional health and financial future.
• Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family's overall well-being.
• Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance.
• Access to additional benefits like mental healthcare as well as fertility and adoption assistance.
• Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year.

Do you have experience in Infrastructure as Code (IaC)?, Do you have a Bachelor's degree?, * Strong software engineering background building production services and tooling (Python or Go preferred; TypeScript a plus).

• Deep knowledge of Linux and Windows Server administration and patching in enterprise environments.
• Hands-on experience with vulnerability scanners and their APIs (Tenable/Nessus, Qualys, Rapid7) and risk models (CVSS, KEV, EPSS).
• Proficiency with configuration management and IaC (Ansible/Puppet/Chef/Salt; Terraform/Pulumi/Crossplane, Helm/Kustomize).
• Experience with event-driven and batch data pipelines (e.g., Kafka/SNS/SQS/PubSub), relational data stores, and caching.
• Familiarity with cloud (AWS/Azure/GCP), containers/Kubernetes, and image pipelines (e.g., Packer).
• Solid understanding of authN/authZ, secrets management, and least-privilege access for platforms and automation.
• Excellence in observability and reliability practices (OpenTelemetry/Prometheus/Grafana) with an SLO mindset.
• Strong documentation, communication, and stakeholder management skills., * 8+ years of professional software or platform engineering experience, including building and operating automation at scale.
• 6+ years administering or engineering for Windows and/or Linux in enterprise environments.
• 4+ years integrating vulnerability scanners and/or building remediation workflows and platforms.
• 3+ years implementing configuration management or hardening frameworks (CIS, STIG) via policy/code.
• Demonstrated leadership driving cross-team adoption and measurable risk reduction.
• 4+ years of hands-on experience with Azure, OpenStack, AWS, GCP, or other cloud services.
• 2+ years working with open-source frameworks., * Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or equivalent experience.

Pulled from the full job description

• Tuition reimbursement
• Health insurance
• Adoption assistance
• 401(k) 6% Match

Great Company: At GEICO, we help our customers through life's twists and turns. Our mission is to protect people when they need it most and we're constantly evolving to stay ahead of their needs. We're an iconic brand that thrives on innovation, exceeding our customers' expectations and enabling our collective success. From day one, you'll take on exciting challenges that help you grow and collaborate with dynamic teams who want to make a positive impact on people's lives. Great Careers: We offer a career where you can learn, grow, and thrive through personalized development programs, created with your career - and your potential - in mind. You'll have access to industry leading training, certification assistance, career mentorship and coaching with supportive leaders at all levels. Great Culture: We foster an inclusive culture of shared success, rooted in integrity, a bias for action and a winning mindset. Grounded by our core values, we have an an established culture of caring, inclusion, and belonging, that values different perspectives. Our teams are led by dynamic, multi-faceted teams led by supportive leaders, driven by performance excellence and unified under a shared purpose. As part of our culture, we also offer employee engagement and recognition programs that reward the positive impact our work makes on the lives of our customers.