Staff Engineer – Red Team (AI)

GEICO•Palo Alto, CA

7d•$110,000 - $260,000

About The Position

At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities. Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers’ expectations while making a real impact for our company through our shared purpose. When you join our company, we want you to feel valued, supported and proud to work here. That’s why we offer The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers. We are seeking a hands-on Staff Security Engineer for our Red Team with deep technical expertise in running AI-driven adversary operations that measurably improve detection and response processes. You’ll execute at the intersection of offensive security and AI, developing novel Red Team capabilities and running operations against AI-powered systems. This role is responsible for working with other stakeholders in planning, executing, and delivering Red Team, Purple Team, and other Adversary Emulation operations. Outcomes will directly inform detection engineering, incident response readiness, and control validation. You will be responsible for the testing/evaluation of AI applications and agents as well as the leveraging of agentic AI to gain efficiencies for Red Team and penetration testing efforts. Success in this role means you can champion operations end-to-end: shape the scope and objectives, define safety controls and deconfliction, build or tailor emulation plans, execute advanced operator tradecraft in authorized environments, and deliver clear findings mapped to TTPs, telemetry gaps, and detection opportunities. You are someone with progressive experience on Offensive Security operations who can consistently translate realistic adversary behavior into practical defensive improvements and repeatable emulation capability. This role offers a unique opportunity to expand your influence, forge critical alliances, and lead the evolution of Adversary Emulation programs in a fast-paced environment. Your impact will be felt across the organization as we strengthen our defenses against ever-evolving cyber threats through simulation of real-world cyberattacks and attempts to breach the organization's defenses.

Requirements

8+ years of experience in Offensive Security operations.
5+ years of hands-on experience running Red Team, Purple Team, and other Adversary operations in enterprise environments.
Deep understanding of LLM architecture and familiarity with how models process input, manage context, and generate output.
Experience with AI frameworks and tools such as PyTorch, TensorFlow, Hugging Face, and LangChain.
Experience with Azure, AWS, GCP or other cloud providers.
Strong working knowledge of MITRE ATLAS and ATT&CK, and the ability to translate TTPs into repeatable emulations and measurable detection outcomes.
Hands-on experience with adversary emulation platforms, including building/maintaining emulations and running operations.
Demonstrated capability with core operator tradecraft (C2, payload delivery, privilege escalation, lateral movement, persistence, and operational security) appropriate to authorized testing.
Extensive use of red team frameworks: Cobalt Strike, Sliver, Metasploit, Empire, BloodHound.

Nice To Haves

OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certs.
GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus.
Breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programing.
Advanced level knowledge of Linux/Mac/Windows operating systems, AWS/Azure cloud environments and cloud-native resources (ex. Containers, Kubernetes, microservices, serverless functions).
Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections.

Responsibilities

Participate in AI-focused adversary operations: plan, execute and deliver Red Team, Purple Team and other Adversary Emulation operations.
Scope and design operations: define objectives, target scope, success criteria, safety controls.
Develop and run emulations: build, customize, and execute emulation plans using platforms such as MITRE Caldera, or similar products.
Execute advanced AI-leveraged tradecraft across enterprise environments (identity, endpoints, networks, cloud, SaaS) in a controlled, measurable way.
Partner with defenders: work directly with Detection Engineering, Threat Intelligence, and Risk Management to validate telemetry coverage, tune detections, improve response playbooks, and close visibility gaps.
Champion continuous improvement and innovation in adversary operations techniques, tools, and methodologies.

Benefits

Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being.
Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance.
Access to additional benefits like mental healthcare as well as fertility and adoption assistance.
Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume