Staff Engineer – Red Team (AI)

GEICO•Palo Alto, CA

About The Position

At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities. Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers’ expectations while making a real impact for our company through our shared purpose. When you join our company, we want you to feel valued, supported and proud to work here. That’s why we offer The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers. We are seeking a hands-on Staff Red Team Engineer with deep technical expertise in running adversary operations that measurably improve detection and response processes. This role is responsible for working with other operators in planning, executing, and delivering Red Team, Purple Team, and other Adversary Emulation operations, with outcomes that directly inform detection engineering, incident response readiness, and control validation. Success in this role means you can champion operations end-to-end: shape the scope and objectives, define safety controls and deconfliction, build or tailor emulation plans, execute advanced operator tradecraft in authorized environments, and deliver clear findings mapped to TTPs, telemetry gaps, and detection opportunities. You are someone with progressive experience on Offensive Security operations who can consistently translate realistic adversary behavior into practical defensive improvements and repeatable emulation capability. This role offers a unique opportunity to expand your influence, forge critical alliances, and lead the evolution of Enterprise Adversary Emulations Program in a fast-paced environment. Your impact will be felt across the organization as we strengthen our defenses against ever-evolving cyber threats through simulation of real-world cyberattacks and attempts to breach the organization's defenses.

Requirements

8+ years of experience in Offensive Security operations.
5+ years of hands-on experience running Red Team, Purple Team, and other Adversary operations in enterprise environments.
Experience with Azure, AWS, GCP or other cloud providers.
Strong working knowledge of industry frameworks such as MITRE ATT&CK and the ability to translate TTPs into repeatable emulations and measurable detection outcomes.
Hands-on experience with adversary emulation platforms, including building/maintaining emulations and running operations.
Demonstrated capability with core operator tradecraft (C2, payload delivery, privilege escalation, lateral movement, persistence, and operational security) appropriate to authorized testing.
Extensive use of red team frameworks: Cobalt Strike, Sliver, Metasploit, Empire, BloodHound

Nice To Haves

OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certs.
GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus.
Breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programing.
Advanced level knowledge of Linux/Mac/Windows operating systems, AWS/Azure cloud environments and cloud-native resources (ex. Containers, Kubernetes, microservices, serverless functions)
Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections.

Responsibilities

Participate in adversary operations: plan, execute and delivery of Red Team, Purple Team and other Adversary Emulation operations.
Scope and design operations: define objectives, target scope, success criteria, safety controls.
Develop and run emulations: build, customize, and execute emulation plans using platforms such as MITRE Caldera or similar products.
Execute advanced tradecraft across enterprise environments (identity, endpoints, networks, cloud, SaaS) in a controlled, measurable way.
Partner with defenders: work directly with Detection Engineering, Threat Intelligence and Risk Management to validate telemetry coverage, tune detections, improve response playbooks, and close visibility gaps.
Champion continuous improvement and innovation in the adversary operations techniques, tools, and methodologies.

Benefits

Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being.
Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance.
Access to additional benefits like mental healthcare as well as fertility and adoption assistance.
Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume