Principal Cloud Operations Developer at AVEVA enhancing Cloud security and leading deployment process improvements. Collaborating with development teams to ensure operational security, stability and scalability.
About the role
- Lead, mentor, and grow a high-performing offensive security team focused on penetration testing, red teaming, and purple teaming.
- Conduct tactical security penetration test assessments to validate security of company applications (web, mobile, APIs) against OWASP Top 10 and provide feedback to Application Security to increase automated capabilities.
- Design and execute advanced threat emulation scenarios including physical, social, and digital attack vectors.
- Establish business outcome-oriented penetration testing roadmap; lead scoping and execution of program improvement initiatives and communicate status to leadership.
- Establish metrics and KPIs to ensure penetration testing activities meet security and business objectives and deliver results on time.
- Oversee communication and develop automated reporting/tracking of findings; follow up with remediation teams and escalate findings to senior leadership as needed.
- Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops.
- Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS.
- Champion continuous improvement and innovation in penetration testing methodologies, tools, and automation.
- Represent Offensive Security in senior leadership and audit discussions as subject matter expert.
- Manage the 3rd party penetration testing program: identify vendors, oversee vendor testing activities, and work with Sourcing to develop statements of work and procure services.
Requirements
- Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (e.g. Python, Shell).
- Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development.
- Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit.
- Relevant professional security certifications (preferred: OSCP, OSCE, CRTO, CISSP, GIAC Penetration Testing, GCTI, GPEN, GXPN).
- Breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programming.
- Advanced level knowledge of Linux/Mac/Windows operating systems, AWS/Azure/GCP cloud environments and cloud-native resources (Containers, Kubernetes, microservices, serverless functions).
- Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections.
- Proven experience building and guiding high performing offensive security teams, establishing best practices (scoping, ROE, deconfliction), and delivering results through automation.
- Proven track record to deliver business outcomes for meeting regulatory and compliance obligations (PCI, NYDFS, SOX …).
- Ability to hire talent across offensive security functions and align skills to business priorities.
- Experience managing 3rd party penetration testing programs, identifying vendors, overseeing vendor activities, developing statement of work documentation, and working with Sourcing to procure services.
- Required Experience: 10+ years of building, leading, and managing security or software engineering teams; 8+ years leading offensive security teams; 5+ years hands-on penetration-testing/red teaming/purple teaming; 4+ years with Azure, AWS, GCP or other cloud providers.
- Education: Bachelor’s degree in Cybersecurity, Computer Science or a related field.
- GEICO will consider sponsoring a new qualified applicant for employment authorization for this position.
Benefits
- Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being.
- Financial benefits including market-competitive compensation.
- 401K savings plan vested from day one that offers a 6% match.
- Performance and recognition-based incentives.
- Tuition assistance.
- Industry leading training, certification assistance, career mentorship and coaching.
- Employee engagement and recognition programs.
- Access to additional benefits like mental healthcare.
- Fertility and adoption assistance.
- Supports flexibility - workplace flexibility and GEICO Flex program, ability to work from anywhere in the US for up to four weeks per year.
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
CO
ConstelliumCybersecurity Manager
Responsable cybersécurité gérant la sécurité informatique de l'entreprise. Évaluant la conformité des systèmes d'information et pilotant la feuille de route cybersécurité.
DE
Daikin EuropeInformation Security Officer – ISO
Information Security Officer ensuring legal and cybersecurity compliance across IoT product development at Daikin. Supporting development teams and managing security awareness training.
NB
Newell BrandsEmployé technique, sécurité
Security employee monitoring site safety at Newell Brands, ensuring compliance with safety protocols. Supports services in emergency response and monitors site safety continually.
HS
HF SinclairIntern, Cybersecurity
Cybersecurity Intern assisting the Cyber GRC team and Project Manager at HF Sinclair. Gaining hands - on experience in Security Operations and Cyber Risk Management during the summer of 2026.
Associate Director overseeing Network Security Governance at Novartis in Prague or Hyderabad. Driving cyber maturity, risk management, and governance frameworks for secure network environments.
Senior Associate Systems Integration Specialist at NTT DATA responsible for client security solutions. Leading installations and troubleshooting break/fix incidents in a hybrid work environment.
NI
NTT DATA, Inc.Senior Associate Security Consultant – GRC
Senior Associate Security Consultant at NTT DATA making a difference through technical excellence in diverse teams. Collaborating on innovative technology and consulting projects in security consultancy.
FB
Federal Reserve BoardInformation Security Specialist
Information Security Specialist at Federal Reserve managing cybersecurity risk and assessments. Collaborating with tech professionals to enhance security posture and risk management processes.
AU
Jr Information Security Analyst conducting PCI - DSS compliance projects for AuditSafe. Supporting security controls implementation and leading technical meetings in a hybrid work environment.