Staff Engineer - Vulnerability Management Automation (Platform and Tools - VMs)

At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities. Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers' expectations while making a real impact for our company through our shared purpose. When you join our company, we want you to feel valued, supported and proud to work here. That's why we offer The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers. Position Summary GEICO is seeking an experienced Staff Engineer with a passion for building high performance, low maintenance, zero-downtime platforms, and applications. You will help drive our insurance business transformation as we transition from a traditional IT model to a tech organization with engineering excellence as its mission, while co-creating the culture of psychological safety and continuous improvement. Position Description Our Staff Engineers work with our Distinguished Engineers, Sr. Staff Engineers, and Sr. Engineers to innovate and build new systems, improve, and enhance existing systems as well as identify new opportunities to apply your knowledge to solve critical problems. You will lead the strategy and execution of a technical roadmap that will increase the velocity of delivering products and unlock new engineering capabilities. The Platform and Tools - VMs team is dedicated to realizing a secure, reliable, scalable, and highly efficient next-generation virtual machine lifecycle management and orchestration platform running on Kubernetes. We are seeking a Staff Engineer, Vulnerability Management Platform & Automation to architect, build, and operate large-scale automation for vulnerability discovery, prioritization, and remediation-alongside safe, zero-to-low downtime OS patch orchestration. You will deliver reliable platforms, services, and tooling that transform manual workflows into self-service, policy-driven, and observable software. This role sits at the intersection of security engineering, platform engineering, and software development, and includes meaningful overlap with configuration management work (e.g., infrastructure as code, config policy, and orchestration). You will own the technical strategy and execution for vulnerability management and patch automation-designing APIs, event-driven pipelines, controllers, schedulers, and integrations that keep diverse fleets current and compliant. You will partner with Platform/SRE, Security, and application teams to deliver predictable remediation at scale, with strong safety guardrails, telemetry, and SLOs. You will drive standardization, reuse, and paved-road experiences that accelerate delivery while reducing operational toil. Position Responsibilities Technical Leadership

• Define the technical roadmap for vulnerability management and patch automation platforms.
• Establish standards, patterns, and paved roads for scanning, triage, remediation, and verification.
• Mentor engineers across Security and Platform teams on software and systems design best practices.
• Drive design reviews, architecture decisions, and quality gates for reliability and security.

System Design & Implementation

• Design and implement services for asset/CMDB enrichment, risk scoring, and intelligent targeting (by business criticality, exposure, blast radius).
• Build controllers/schedulers for maintenance windows, deployment rings/canaries, pre/post checks, automated backoff/rollback, and progressive delivery.
• Deliver self-service CLIs/SDKs and internal UIs to request, schedule, and track remediation with clear SLAs and audit trails.
• Implement idempotent, policy-driven workflows for patching and baseline enforcement across Windows and Linux.
• Integrate with image pipelines (e.g., Packer/golden images) to shift-left patching and hardening.
• Integrate scanner data (e.g., Tenable/Nessus, Qualys, Rapid7) and external intel (CVSS v3.x, KEV, EPSS) into unified pipelines with deduplication, suppression/exception workflows, and verification.
• Build prioritization engines that combine exploitability, exposure, and business context to drive action.
• Operate and automate patch tooling and package managers (e.g., WSUS/MECM/SCCM, Ansible/Puppet/Chef/Salt, dnf/yum/apt, Winget/MSU) with safety guardrails.
• Enforce CIS Level 1 hardening via policy and code with drift detection and evidence capture.
• Integrate with CMDB and ITSM/ticketing (e.g., Remedy, ServiceNow) for change control, approvals, and auditability.
• Provide APIs/webhooks and event streams for downstream consumers (e.g., SIEM, data lake, dashboards).
• Publish reusable modules, reference implementations, and runbooks to scale adoption.

Strategy & Innovation

• Define the technical roadmap for vulnerability management and patch automation capabilities.
• Evaluate and recommend new tools, data sources, and methodologies (e.g., exploit

Apply tot his job Apply To this Job