GEICO is seeking a Senior Engineer - Open-Source Software Security to join a collaborative team to build and implement open-source supply chain security solutions. As a senior software engineer, you will influence the architecture, design, and implementation of supply chain security in an open source first environment. We need our engineers to be versatile and enthusiastic to take on new problems across the full-stack as we look to implement the best and most secure open-source software. This role requires an awareness of all aspects of open-source software and the supply chain security landscape and frameworks. You will help ensure the usage of open source in the company's software and systems is secure from potential threats, known vulnerabilities, potential malicious dependencies, and supply chain threats.
Want more jobs like this?
Get Software Engineering jobs in Chevy Chase, MD delivered to your inbox every week.
Position Description:
The Senior Engineer - Open-Source Software Security role is a challenging yet rewarding position that requires a strong technical background, leadership skills, and a deep understanding of open-source software and cybersecurity. You will help design, develop, test, deploy, maintain, and enhance open-source supply chain security solutions. You will collaborate with engineering teams across the company and participate in open-source communities such as OpenSSF or the Linux Foundation. The application security team ensures that GEICO's applications are secure while also evaluating open-source legal compliance. The successful candidate will play a key role in ensuring the security and integrity of the company's open-source software and systems.
Position Responsibilities
As a Senior Engineer, you will:
- Evaluate, test, implement and manage open-source security tools and technologies.
- Conduct security research on the latest open-source threats, vulnerabilities, and mitigation strategies.
- Develop and maintain open-source security policies, protocols, and procedures
- Implement DevSecOps best practices with an eye towards automating compliance tooling
- Provide guidance and verification to application teams to ensure OSS license terms are adhered.
- Collaborate and guide software development teams to ensure secure coding practices are followed.
- Participate in open-source software communities.
- Stay up to date with the latest security news, advisories, and incidents
- Oversee contribution to the open-source community for published security findings, patches, and modules.
- Perform regular security audits, risk assessments, and anomaly detection.
- Mentor junior engineers and provide leadership in planning and execution
- Proficiency in programming or scripting languages such as Go, Rust, Java, C++, JavaScript, .NET, or Python
- Strong understanding of source code management tooling (primarily git)
- Understanding of open-source software, licensing, and ecosystem. Including understanding the risks in using open source.
- Knowledge of supply chain security projects hosted by OpenSSF and OWASP
- Demonstrated experience in being versatile, taking initiative and an enthusiasm to tackle problems across the enterprise software space
- Familiar with emerging cloud / application / open-source security trends, and the practical application of existing and emerging technologies to meet business needs.
- Excellent understanding and knowledge of application development life cycle methodologies such as agile software development and DevSecOps
- 4+ years of experience in full stack software development
- 2+ years of experience with software design and architecture
- 2+ years of experience testing and implementing software products
- Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or equivalent education or work experience
At this time, GEICO will not sponsor a new applicant for employment authorization for this position.
Benefits:
As an Associate, you'll enjoy our Total Rewards Program * to help secure your financial future and preserve your health and well-being, including:
- Premier Medical, Dental and Vision Insurance with no waiting period
- Paid Vacation, Sick and Parental Leave
- 401(k) Plan
- Tuition Reimbursement
- Paid Training and Licensures
Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.
The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.
GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.