Staff Engineer - Platform Security Engineering – Encryption and Tokenization
GEICO · Seattle, WA · 5 days ago
HybridInformation Technology$110k–$230k/yrFull-time
About the role
The GEICO Platform Security Engineering organization is seeking a Staff Engineer – Platform Security Engineering – Encryption and Tokenization to join our dynamic team.
Responsibilities
- Lead the design, development, and evolution of encryption, tokenization, and key management solutions within a defined platform or product domain.
- Drive hands-on implementation of secure data protection capabilities, contributing directly to production-ready systems while setting technical direction for the team.
- Ensure the quality, reliability, and operational excellence of encryption and tokenization services, including high availability, disaster recovery, observability, and auditable logging.
- Partner closely with compliance, security, data governance, and application teams to ensure cryptographic solutions align with company policies and regulatory requirements.
- Contribute to architectural decisions by proposing scalable, resilient designs for key management systems and data protection workflows.
- Apply knowledge of modern cryptography trends and standards to improve platform security and inform technical decisions.
- Provide technical mentorship and guidance to engineers on the team, helping raise the bar on secure coding, design quality, and operational practices.
- Collaborate with product and engineering stakeholders to integrate encryption and tokenization solutions that support business and platform goals.
- Identify opportunities to improve performance, cost efficiency, and developer experience within the encryption and key management ecosystem.
Qualifications
- Strong understanding of cryptographic encryption, tokenization, and Key Management Systems (KMS).
- Experience designing and implementing secure, scalable solutions for data at rest encryption, using open-source cryptographic libraries and protocols (e.g., FPE, AEAD).
- Strong software engineering skills, with experience building production-grade services (Go preferred).
- Working knowledge of key management technologies and libraries, such as Google Tink, PKCS#11, JCE, and OpenSSL.
- Experience operating stateful systems such as PostgreSQL, including replication and reliability considerations.
- Proven problem-solving skills with a security-first mindset and proactive approach to risk mitigation.
- Experience applying site reliability engineering (SRE) practices, including monitoring, alerting, and incident response (Grafana, Prometheus, Open Telemetry, eBPF).
- Experience building and maintaining CI/CD pipelines and infrastructure as code (e.g., Bazel, Terraform, Argo CD/Workflows/Rollouts).
- Strong communication skills, with the ability to explain technical concepts clearly to engineers and partner teams.
- Familiarity with hardware security modules (HSMs) and cryptography standards.
- Experience 6+ years of experience in security or software engineering with a focus on encryption, tokenization, key management, or cryptography.
- 3+ years of experience contributing to system design, architecture, and security-focused solutions.
- Experience working with open-source security or cryptography frameworks.
- Experience building and operating systems in cloud environments (AWS, GCP, Azure preferred).
Pay
$110,000.00 - $230,000.00
Schedule
Full-time