Offensive Security Engineer; HYBRID

Position: Staff Offensive Security Engineer (HYBRID)
GEICO .
For more information, please .
** At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities.
**** Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers’ expectations while making a real impact for our company through our shared purpose.
**** When you join our company, we want you to feel valued, supported and proud to work here. That’s why we offer The GEICO Pledge:
Great Company, Great Culture, Great Rewards and Great Careers.
** As a
** Staff Engineer of Offensive Security**, you'll be at the forefront of our cybersecurity strategy for penetration testing, advanced attack simulations, and enabling organization to prevent, detect, and respond to cyber threats.

Your role is pivotal in shaping our security posture, collaborating closely with senior leadership to influence risk decisions and ensure regulatory readiness.

We seek a hands-on offensive security engineer with deep technical expertise in penetration testing, real-world adversary tactics, and risk frameworks, capable of driving measurable improvements in our cyber resilience. Candidates are expected to have hands-on penetration testing experience while driving security and compliance initiatives to perform overall offensive security functions including red and purple teaming. The ideal candidate must possess a highly technical skillset and the ability to collaborate with stakeholders across the company to integrate penetration testing and other offensive security functions within company processes.

You'll challenge the status quo, identifying opportunities to elevate our security engineering excellence through automation and innovative approaches. Your ability to think big, anticipate and adapt change, and address root causes will be key to delivering greater business value while proactively examining actions and refining  this high-stakes environment, you'll ensure implementation of industry best practices and execution of offensive security functions while meeting regulatory compliance requirements.

This role offers a unique opportunity to expand your influence, forge critical alliances, and lead the evolution of offensive security in a fast-paced environment. Your impact will be felt across the organization as you strengthen our defenses against ever-evolving cyber threats through simulation of real-world cyberattacks and attempts to breach the organization's defenses.
** Responsibilities**:
* Lead highly effective large-scale penetration testing initiatives.
* Participate in simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming).
* Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities.
* Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes.
* Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors.
* Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops.
* Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS.
* Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies.
*
* Required Qualifications:

*** Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, Power Shell).
* Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development.
* Hands-on experience with tools like Cobalt Strike, Mythic, Blood Hound, and Auto Sploit.
* Relevant professional security…