GEICO
Staff Security Engineer – Red Team (AI)
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About GEICO
GEICO, or Government Employees Insurance Company, is a leading auto insurer in the U.S., founded in 1936. Initially targeting federal government employees and military personnel, GEICO has grown to serve the general public across all 50 states and the District of Columbia. The company has a strong history of innovation, being one of the first to adopt computerized systems for sales and claims, and it offers 24/7 customer support. GEICO primarily provides auto insurance for both private and commercial vehicles. In addition to auto coverage, it also offers homeowners, renters, and boat insurance through its GEICO Insurance Agency. The company emphasizes customer convenience with mobile apps for quoting and purchasing policies, as well as drive-in claims offices and walk-in sales locations. With over 28 million vehicles insured, GEICO is committed to accessibility and customer care.
Security at GEICO
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- GEICO's AppSec philosophy is to 'Protect security, privacy and integrity of customer and associate data & systems'.
- They focus on developer enablement by 'Providing a golden path for application construction and deployment' and having a 'best practice and frameworks team' that 'implements initial shared functionality and full SDLC including CI/CD'.
- Their risk philosophy emphasizes validating application security 'against OWASP Top 10 threats'.
- A stated goal is to 'work with the Application Security team to provide feedback and recommendations'.
- Gaps include no explicit 'AppSec mission statement' beyond general cyber wording, and no explicit phrasing like 'developer-first' or 'security as an enabler' was found.
Security Team
- GEICO's AppSec team structure is not fully public, though 'Cyber' is listed under tech.
- Key public-facing leaders include Katie W. in Product Security, Rick Vadgama as 'Global CISO and Cybersecurity & IT Operations Leader', and Anthony Mangieri as 'Head of Security for GEICO Insurance'.
- No public headcount for the AppSec team was found.
- As of, at least one AppSec-focused job posting (Senior Manager, Offensive Security) was located.
- Common skill patterns from job postings include 'penetration testing', 'OWASP Top 10', 'automated reporting/tracking of findings', and 'NIST, PCI DSS' compliance.
- Gaps include no public charter or org chart showing whether AppSec is centralized or embedded, and many LinkedIn profile details are gated.
Key Initiatives
No public evidence was found for a Security Champions program at GEICO. 'Shift Left' practices are indicated by 'full SDLC including CI/CD' and 'Providing a golden path for application construction and deployment'. The vulnerability management process involves developing 'automated reporting/tracking of findings identified during testing activities, following up with remediation teams' and ensuring 'penetration testing activities are meeting security and business objectives ... establishing metrics & KPIs'. Secure SDLC artifacts include 'initial shared functionality and full SDLC including CI/CD'. Recent initiatives (last 6 months as of) include hiring for Offensive Security leadership and public LinkedIn activity from Product Security leader Katie W. Gaps include no public, detailed vulnerability intake-to-remediation SLAs or explicit ticketing tool references, and no public statement naming a bug bounty provider.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.