Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Staff Security Engineer - Cyber Governance & Automation

$110k - $230k

Dormont Manufacturing Co

This role is designed for a staff‑level security practitioner with deep Cyber Governance, Risk, and Compliance (GRC) expertise who shapes the vision, strategy, and outcomes of GEICO’s cyber governance automation capabilities. The Staff Security Engineer owns the end‑to‑end automated cyber governance program, including defining and delivering the roadmap for continuous control monitoring and validation, scalable evidence collection, and real‑time audit readiness across GEICO’s hybrid cloud and on‑prem environments. This position partners closely with engineering and platform teams to translate complex regulatory, policy, and control requirements into prioritized, well‑defined automation capabilities, ensuring solutions are scalable, sustainable, and aligned to enterprise risk priorities. Cyber Governance Product & Program Ownership Contribute to the vision, strategy, and roadmap for GEICO’s cyber governance automation capabilities, driving delivery through prioritized execution and continuous improvement. Define how policies, standards, regulatory frameworks, and technical controls are operationalized and continuously validated through automated evidence collection. Own governance automation platforms end‑to‑end as the system of record for control health, evidence, and audit readiness across cloud and on‑prem environments. Drive near‑100% automation coverage, including designing scalable on‑prem automation strategies and governing compensating controls where full automation is not feasible, while maintaining audit defensibility. Define and enforce governance standards for automation coverage targets, evidence SLAs, control performance metrics, and telemetry requirements. Own the governance automation roadmap, prioritizing work based on risk reduction, regulatory requirements, and operational efficiency. Establish and operationalize a standardized, risk‑based remediation lifecycle, including severity classification, timelines, escalation paths, closure criteria, and enforced SLAs. Maintain ownership of remediation scheduling frameworks and forward‑looking visibility into upcoming deadlines. Ensure all non‑compliance is consistently tracked, prioritized, and driven to closure through scalable workflows. Partner with compliance, risk, audit, and engineering leaders to ensure governance capabilities align with enterprise risk priorities and regulatory obligations (e.g., NYDFS, PCI DSS, NIST CSF, SOC, ISO). Act as the single point of accountability for governance automation outcomes, including executive‑level risk, remediation, and audit‑readiness reporting with forecasting. Technical Strategy & Product Stewardship Own the product strategy and direction for GEICO’s Automated Cyber Governance capabilities, ensuring clear system‑of‑record definitions, scalability expectations, and alignment to long‑term enterprise needs. Partner with engineering and platform teams to define and prioritize governance automation capabilities, providing product requirements, architectural guardrails, and acceptance criteria rather than performing direct system development. Define and maintain integration principles, system boundaries, and data standards to ensure reliable, secure, and consistent evidence flows across cloud platforms, security tools, and internal systems. Evaluate and guide the responsible use of AI capabilities within governance platforms (e.g., evidence classification, control mapping suggestions, risk summarization), ensuring explainability, auditability, and alignment with regulatory expectations. Serve as the primary point of accountability for governance automation outcomes, working with engineering leaders to resolve complex platform challenges and ensure solutions remain reliable, sustainable, and fit for purpose. Ownership of 100% source system adoption feeding governance evidence (e.g., cloud, IAM, logging, asset inventory). Accountability for identifying and closing missing telemetry, integration gaps, inconsistent or unreliable data sources, and enforcement of standardized telemetry and data requirements across teams. Ownership of automated control quality assurance, including false positive / false negative reduction, control tuning, drift detection. Ensuring all automated evidence is audit‑defensible, traceable, aligned to regulatory intent. Ownership of control change management for new and modified controls. Translating regulatory, policy, and control changes into engineering requirements. Implementation guidance, evidence expectations. Proactive stakeholder communication: what is changing, why it matters, compliance deadlines, tracking and escalating control adoption readiness risks. Automation & Continuous Control Monitoring Define how security policies, standards, and control requirements are translated into automated, continuously monitored control capabilities, including clear requirements, success criteria, and evidence expectations. Establish standards and expectations for automated detection of control non‑adherence, and partner with engineering and remediation teams to ensure appropriate remediation guidance, workflows, or integrations are in place. Ensure evidence outputs are audit‑ready, traceable, repeatable, and aligned to regulatory intent, materially reducing reliance on point‑in‑time, manual evidence collection. Apply AI‑assisted techniques to improve control validation and evidence quality, such as anomaly detection, evidence completeness checks, control drift identification, and signal prioritization across large control populations. Leverage AI‑enabled insights to reduce noise and surface material control failures, ensuring governance automation focuses on true risk rather than generating low‑value alerts. Cross - Functional Leadership & Enablement Serve as a trusted partner and advisor to engineering, infrastructure, cloud, and security teams by providing clarity on governance requirements, regulatory intent, and how they are operationalized through scalable solutions. Influence partner teams to adopt a product‑and‑automation first approach to governance, compliance, and policy adherence, reducing manual effort and improving consistency across the enterprise. Communicate complex technical and regulatory concepts clearly to a broad range of stakeholders, including engineers, risk and audit partners, and executive leadership. Contribute to raising the organization’s governance, automation, and product maturity through guidance, enablement, and cross‑functional collaboration. Program Maturity & Continuous Improvement Continuously assess governance automation capabilities, processes, and supporting tools to identify opportunities to scale adoption, increase automation coverage, and improve effectiveness. Own the definition and evolution of cyber governance metrics and reporting, including dashboards that provide clear visibility into control health, automation coverage, audit readiness, and risk posture for executive and stakeholder audiences. Track product and program outcomes, identify gaps against regulatory and risk objectives, and prioritize improvement initiatives that advance maturity quarter over quarter. Incorporate AI‑driven insights into governance metrics and reporting, such as trend analysis, control health forecasting, or remediation prioritization, to improve executive visibility and decision‑making. Promote continuous learning and best practice sharing across cyber governance, risk, audit, and engineering communities to improve consistency, effectiveness, and long‑term sustainability. Metrics, Reporting & Executive Insight Establishes and enforces the cyber governance metric model that directly drives control effectiveness, remediation accountability, and enterprise risk reduction. The Staff Security Engineer has clear ownership of defining, standardizing, and operationalizing metrics that are automation‑backed, auditable, and actively used to hold teams accountable. Accountable for defining and owning core governance metrics, including: Automation coverage (%) across regulatory and internal control sets Continuous vs. manual control execution ratio Evidence freshness and SLA adherence for automated controls Control failure rates and recurrence trends Remediation mean time to resolution (MTTR) Tool, control, and automation adoption and utilization rates SLA adherence by severity tier for policy, control, and regulatory findings Executive reporting produced by this role: Clearly ties automation outcomes to measurable risk reduction Demonstrates sustained, real‑time audit readiness and control health Quantifies operational efficiency gains from automation, including reduced manual effort, faster remediation, and fewer audit‑driven escalations Required Qualifications 6+ years of experience across Cyber Governance, Risk, and Controls (GRC), with demonstrated ownership of complex, cross‑functional programs or products that deliver measurable compliance and risk outcomes. Proven experience defining, scaling, and evolving governance automation or compliance platforms, including ownership of outcomes such as control validation, evidence quality, and audit readiness. Strong technical fluency with cloud platforms, integrations, and automation concepts, with the ability to partner effectively with engineering teams to define requirements and evaluate implementation approaches (without direct system development responsibility). Deep understanding of major security and compliance frameworks (e.g., NIST CSF, NYDFS 500, PCI DSS, SOC, ISO 27001) and the ability to translate regulatory expectations into scalable governance capabilities. Demonstrated ability to lead and align complex initiatives across GRC, engineering, risk, and audit stakeholders, with accountability for outcomes, adoption, and long‑term sustainability. Technical Skills Strong technical fluency across modern engineering concepts, with the ability to partner effectively with engineering teams on the design and delivery of scalable governance automation capabilities. Experience owning and scaling off‑the‑shelf automated governance and compliance platforms (e.g., Drata, Vanta or similar), including defining control mappings, evidence models, automation coverage targets, and integration strategy. Working knowledge of APIs, authentication mechanisms (e.g., OAuth, SAML), and common data formats (e.g., JSON, XML), sufficient to define requirements, evaluate approaches, and assess integration feasibility. Familiarity with cloud platforms (AWS, Azure, and/or GCP) and an understanding of how security controls are implemented, validated, and evidenced within cloud environments. Exposure to containers, cloud‑native services, and CI/CD environments to support informed decision‑making and collaboration (nice to have). Experience applying or governing AI‑assisted capabilities within security, cyber governance or risk platforms, with an understanding of model limitations, data quality considerations, and audit implications. What Success Looks Like Cyber governance controls and evidence are continuously monitored, validated, and audit‑ready, with minimal reliance on manual or point‑in‑time processes. Engineers and control owners experience reduced audit friction, clear expectations, and repeatable governance workflows embedded into standard operating practices. Leadership has clear, reliable visibility into control health, risk posture, and remediation progress through consistent, trusted metrics. Governance automation capabilities scale with the business and adapt quickly to changing regulatory requirements, risk priorities, and technology evolution. Annual Salary $110,000.00 - $230,000.00 The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations. At this time, GEICO will not sponsor a new applicant for employment authorization for this position. The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled. GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants. #J-18808-Ljbffr Dormont Manufacturing Co

Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the Staff Security Engineer - Cyber Governance & Automation in Bethesda, MD vacancy
  • $110k - $230k

    GEICO is seeking a Staff Security Engineer to lead their cyber governance automation program. This position focuses on setting the vision and strategy for continuous control monitoring and will work closely with engineering to translate regulatory requirements into effective... 
    Cyber

    Dormont Manufacturing Co

    Bethesda, MD
    1 day ago
  • $110k - $230k

    GEICO’s Cybersecurity Security Engineering & Analytics, Automation (SEA) team is seeking a Staff Cyber Software Engineer — a hands‑on, passionate builder who is energized by solving hard problems and writing software that matters. This is a strong individual contributor... 
    Cyber
    Hourly pay
    Work experience placement
    Local area

    Dormont Manufacturing Co

    Bethesda, MD
    1 day ago
  •  ...exceptionally skilled Offensive Cyber Research Engineer for an in‑office position...  ...background—ideally from government/military Digital Network...  ...for attack technique automation and adversary emulation Research...  ...to the broader cyber security research community Identify... 
    Cyber
    Full time
    Work at office
    Worldwide
    Flexible hours

    Twenty

    Arlington, VA
    1 day ago
  • $150k - $180k

     ...center organization is seeking a Global Security Policy Architect to develop and maintain...  ...security policy framework across physical, cyber, and personnel security. Candidates...  ...least 12 years of experience in security governance, familiarity with global regulations, and... 
    Cyber

    Tract Capital Management, LP

    Alexandria, VA
    16 hours ago
  • $120k - $260k

     ...an experienced Senior Staff Engineer, Cybersecurity...  ...SOX, HIPAA, and other cyber regulatory obligations...  ...compliance by design, automated evidence collection,...  ...assessments across GEICO’s security domains.GEICO is...  ...regulatory compliance, governance strategy, and continuous... 
    Cyber
    Hourly pay
    Work experience placement
    Local area

    Geico

    Bethesda, MD
    4 days ago
  • $120k - $175k

     ...Technology Cyber Security Architect Cooley is seeking...  ...changes Partner with engineering, infrastructure,...  ...security, privacy, and governance into system design and...  ...technologies, including AI and automation platforms...  ...well with all levels of staff and coordinate with... 
    Cyber
    Full time
    Temporary work
    Work at office
    Flexible hours
    Weekend work

    Cooley

    Washington DC
    3 days ago
  • EmergencyMD is seeking a Senior Security Risk Management Engineer to lead risk management framework (RMF) implementation and cybersecurity compliance...  ...client. You will bridge cybersecurity engineering and governance, ensuring systems maintain authorization. Qualified... 
    Cyber

    EmergencyMD

    Washington DC
    2 days ago
  • $86.8k - $198k

    A leading technology solutions provider in Alexandria, VA is looking for a Cyber Automation Engineer to lead data engineering activities across mission-driven projects. This role involves mentoring a team, overseeing data pipelines, and ensuring effective cybersecurity... 
    Cyber

    Phase2 Technology

    Alexandria, VA
    2 days ago
  •  ...leading technology firm in Arlington, VA, seeks an experienced Cyber Automation Engineer to drive data engineering and cybersecurity initiatives....  ...in defense cyber operations and familiarity with security data pipelines. Responsibilities include guiding engineering... 
    Cyber
    Flexible hours

    Phase2 Technology

    Arlington, VA
    2 days ago
  • $3,000 per month

     ...Lockheed Martin, Rotary Mission Systems Cyber & Intelligence invites you to step up to...  ...to undermine our way of life. As a cyber security professional at Lockheed Martin, you’ll...  ...standards, confer with users or system engineers; analyze systems flow, data usage and work... 
    Cyber

    Lockheed Martin

    Garrett Park, MD
    16 hours ago
  •  ...equities within Sponsor governance forums and working...  ...support in applying network engineering techniques in...  ...experience in network security architectures, such as...  ...solutions that incorporate automation (e.g., via Infrastructure...  ...from evolving cyber threats. With 18+ years... 
    Cyber
    For contractors
    Local area

    J5cyberconsulting

    Washington DC
    1 day ago
  • Association of Old Crows is looking for a Principal Endpoint Security Systems Engineer to join their Cyber Security Engineering team. This position requires expertise in maintaining and upgrading security capabilities in a hybrid environment. The ideal candidate will have... 
    Cyber

    Association of Old Crows

    Bethesda, MD
    1 day ago
  • $86.8k - $198k

    Booz Allen Hamilton is hiring a Cyber Intelligence Automation Engineer in Arlington, VA to lead data engineering efforts on critical missions. The ideal candidate has significant experience in cybersecurity, specifically with SIEM and SOAR platforms, and holds a TS/SCI... 
    Cyber

    Booz Allen Hamilton

    Arlington, VA
    1 day ago
  • Booz Allen Hamilton is seeking a Senior Cyber Automation Engineer in Washington, D.C. to design and integrate automation solutions for cyber operations. The role involves improving detection workflows and optimizing resource use. Applicants should have over 5 years of experience... 
    Cyber

    Booz Allen Hamilton

    Washington DC
    2 days ago
  • Principal Endpoint Security Systems Engineer Leidos has an exciting opportunity a Principal Endpoint Security...  ...security systems engineer to join our Cyber Security Engineering team. The focus...  ...performance Determine methods to automate and improve the performance of the... 
    Cyber

    Association of Old Crows

    Bethesda, MD
    2 days ago
  •  ...opportunity for Information Systems Security Engineer (ISSE) SME in our Intel...  ..., systems engineers, and government stakeholders—to integrate effective...  ...Investigate and respond to cyber security incidents (system...  ...boundless. We challenge our staff with interesting assignments... 
    Cyber
    Immediate start
    Flexible hours

    Leidos

    Bethesda, MD
    4 days ago
  • $100k - $120k

     ...C.C.D. Cogent Communications Deutschland GmbH is seeking a Cybersecurity Analyst (Security & AI Governance) to protect information assets and manage cyber threats. The role involves collaboration with IT teams and business stakeholders to align cybersecurity and AI governance... 
    Cyber

    C.C.D. Cogent Communications Deutschland GmbH

    Washington DC
    3 days ago
  • Nightwing Group is seeking a Test Engineer to support incident response for U.S. Government customers. Responsibilities include establishing and conducting automated and manual testing, and ensuring...  ..., VA, and contribute to critical cyber defense efforts. #J-18808-Ljbffr... 
    Cyber

    Nightwing Group

    Arlington, VA
    16 hours ago
  • $126.1k - $227.95k

     ...opportunity a Principal Endpoint Security Systems Engineer in our National Security Sector's (NSS) Cyber & Analytics Business Area (...  ...performance) Determine methods to automate and improve the performance of...  ...boundless. We challenge our staff with interesting assignments... 
    Cyber
    Immediate start
    Flexible hours

    Fairygodboss

    Bethesda, MD
    2 days ago
  • Limelight Health is seeking a Test Engineer to support incident response for U.S. Government customers facing cyber-attacks. The role involves defining and performing tests...  ...complex systems, utilizing both manual and automated techniques to ensure system integrity. Ideal... 
    Cyber

    Limelight Health

    Arlington, VA
    2 days ago
  • Two-Six-Technologies is seeking a Systems Engineer in Washington D.C. to manage hybrid simulation environments using Infrastructure as...  ...audiences, and requires a strong background in networking and automation. This position includes opportunities for onsite work in... 
    Cyber

    Two-Six-Technologies

    Washington DC
    3 days ago
  • $110k - $135k

     ...Manager, the Web Developer Embeds security across the SDLC for mission-...  ...web/app logs forIoCs; builds automation for threat-intel integration...  ...~3+ Web AppSec / AppSec Engineering / SSDLC ~ Modern web tech incl...  ...Education:Bachelor's+ (CS/Cyber/IS/Engineering/related).... 
    Cyber

    BaseCamp Consulting & Solutions

    Washington DC
    2 days ago
  • $100k - $120k

     ...Washington D.C., is looking for a skilled Cybersecurity Analyst (Security & AI Governance) to safeguard the organization’s information assets and...  ...This role involves identifying, assessing, and mitigating cyber threats while aligning with security policies and industry... 
    Cyber

    Cogent Communications

    Washington DC
    4 days ago
  •  ...have an active Top Secret Security Clearance Node is supporting a U.S. Government customer to provide...  ...analysis summaries, and other cyber intelligence reports...  ...Science, Computer Engineering, Computer Information Systems...  ...an independent Digital Automation & Cognitive Engineering... 
    Cyber

    Node.Digital

    Arlington, VA
    2 days ago
  •  ...Job Title: Systems Admin/Cyber Security Engineer Work Model: Remote (must live in the United States) Pay rate: open to both W2 and established...  ..., cybersecurity operations, patch management, automation, networking, and enterprise change management experience.... 
    Cyber
    Live in
    Local area
    Remote work

    System One

    Vienna, VA
    4 days ago
  •  ...contract supporting NMEC by designing, developing, and implementing secure systems in on‑premises infrastructure and integrating security...  ..., incident response, forensics analysis, and security automation efforts. Required Qualifications Active TS/SCI with ability to... 
    Cyber
    Contract work

    RPMGlobal

    Bethesda, MD
    1 day ago
  • $110k - $230k

    Position Description As a Staff Engineer, you will work closely with engineers and partner teams to design, build, and evolve secure data protection platforms, enhancing existing systems...  ...with compliance, security, data governance, and application teams to ensure cryptographic... 
    Hourly pay
    Work experience placement
    Local area

    Dormont Manufacturing Company

    Bethesda, MD
    2 days ago
  • $86.8k - $198k

     ...unstructured data available today than ever before. As a Cyber Automation Engineer, you know that organizing data can yield pivotal insights...  ...defensive cyber operations, cybersecurity engineering, or security platform architecture 3+ years of experience designing security... 
    Cyber
    Full time
    Contract work
    Part time
    Local area
    Remote work

    Phase2 Technology

    Alexandria, VA
    1 day ago
  •  ...Loss Prevention (DLP) Engineer. Serve as the technical...  ...visibility across security leadership, risk, and...  ...DLP, including policy automation, agent health, and performance...  ...aligned to data governance requirements. Integrate...  ...Software Development, Cyber and Network Security,... 
    Cyber
    Temporary work
    Relocation package

    ENS Solutions, LLC

    Washington DC
    4 days ago
  • A cybersecurity solutions provider is seeking a Cyber Security Analyst - Intermediate to support cybersecurity governance and defense. This role requires expertise in RMF/A&A processes and SOC operations, utilizing tools like Microsoft Sentinel for monitoring. Preferred... 
    Cyber
    Remote job

    Decision Point

    Washington DC
    16 hours ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Staff Security Engineer - Cyber Governance & Automation. Be the first to apply!