Jobs · Engineering · Maryland

Staff Engineer - Platform Security Engineering – Encryption and Tokenization

GEICO · Bethesda, MD · 4 days ago
HybridEngineering$110k–$230k/yrFull-time

About the role

The GEICO Platform Security Engineering organization is seeking a Staff Engineer – Platform Security Engineering – Encryption and Tokenization. This role is crucial in designing, implementing, and maintaining a robust Encryption and Tokenization platform.

Responsibilities

  • Lead the design, development, and evolution of encryption, tokenization, and key management solutions within a defined platform or product domain.
  • Drive hands-on implementation of secure data protection capabilities, contributing directly to production-ready systems while setting technical direction for the team.
  • Ensure the quality, reliability, and operational excellence of encryption and tokenization services, including high availability, disaster recovery, observability, and auditable logging.
  • Partner closely with compliance, security, data governance, and application teams to ensure cryptographic solutions align with company policies and regulatory requirements.
  • Contribute to architectural decisions by proposing scalable, resilient designs for key management systems and data protection workflows.
  • Apply knowledge of modern cryptography trends and standards to improve platform security and inform technical decisions.
  • Provide technical mentorship and guidance to engineers on the team, helping raise the bar on secure coding, design quality, and operational practices.
  • Collaborate with product and engineering stakeholders to integrate encryption and tokenization solutions that support business and platform goals.
  • Identify opportunities to improve performance, cost efficiency, and developer experience within the encryption and key management ecosystem.

Qualifications

  • Strong understanding of cryptographic encryption, tokenization, and Key Management Systems (KMS).
  • Experience designing and implementing secure, scalable solutions for data at rest encryption, using open-source cryptographic libraries and protocols (e.g., FPE, AEAD).
  • Strong software engineering skills, with experience building production-grade services (Go preferred).
  • Working knowledge of key management technologies and libraries, such as Google Tink, PKCS#11, JCE, and OpenSSL.
  • Experience operating stateful systems such as PostgreSQL, including replication and reliability considerations.
  • Proven problem-solving skills with a security-first mindset and proactive approach to risk mitigation.
  • Experience applying site reliability engineering (SRE) practices, including monitoring, alerting, and incident response (Grafana, Prometheus, Open Telemetry, eBPF).
  • Experience building and maintaining CI/CD pipelines and infrastructure as code (e.g., Bazel, Terraform, Argo CD/Workflows/Rollouts).
  • Strong communication skills, with the ability to explain technical concepts clearly to engineers and partner teams.
  • Familiarity with hardware security modules (HSMs) and cryptography standards.
  • Experience 6+ years of experience in security or software engineering with a focus on encryption, tokenization, key management, or cryptography.
  • 3+ years of experience contributing to system design, architecture, and security-focused solutions.
  • Experience working with open-source security or cryptography frameworks.
  • Experience building and operating systems in cloud environments (AWS, GCP, Azure preferred).

Pay

$110,000.00 - $230,000.00

Schedule

Full-time

Benefits

GEICO offers a comprehensive benefits package including health insurance, retirement plans, paid time off, and more. For details, please refer to the benefits section of the job posting.

Skills

Strong understanding of cryptographic encryption, tokenization, and Key Management Systems (KMS). Experience designing and implementing secure, scalable solutions for data at rest encryption. Strong software engineering skills, with experience building production-grade services (Go preferred). Working knowledge of key management technologies and libraries, such as Google Tink, PKCS#11, JCE, and OpenSSL. Experience operating stateful systems such as PostgreSQL, including replication and reliability considerations. Proven problem-solving skills with a security-first mindset and proactive approach to risk mitigation. Experience applying site reliability engineering (SRE) practices, including monitoring, alerting, and incident response (Grafana, Prometheus, Open Telemetry, eBPF). Experience building and maintaining CI/CD pipelines and infrastructure as code (e.g., Bazel, Terraform, Argo CD/Workflows/Rollouts). Strong communication skills, with the ability to explain technical concepts clearly to engineers and partner teams. Familiarity with hardware security modules (HSMs) and cryptography standards. Experience 6+ years of experience in security or software engineering with a focus on encryption, tokenization, key management, or cryptography. 3+ years of experience contributing to system design, architecture, and security-focused solutions. Experience working with open-source security or cryptography frameworks. Experience building and operating systems in cloud environments (AWS, GCP, Azure preferred).

Benefits

Annual bonus, health insurance, retirement plans, paid time off, and other perks.

Contact

To apply, please visit our careers page and submit your resume and cover letter. For more information about GEICO, visit our website.

Similar jobs