Security Engineer

Chicago, IL

At Civis, we take protecting data seriously and are looking to add another security engineer with security and compliance expertise. As a Security Engineer, you will work with our Senior Security Engineer and team of DevOps Engineers on the constant stream of new products and technologies used to support our cloud platform.

You will proactively find and fix security problems, monitor our networks utilizing security tools such as SIEM and next-gen endpoint protection, and prioritize efforts based on risk.  You sweat the details.  You’ll join our Chicago-based technology team, closely collaborating with other engineers and data scientists.

We are looking for individuals from a wide range of backgrounds with demonstrated quantitative and problem-solving skills. We value creativity, hard work and on-the-job-excellence and offer competitive compensation and benefits packages. In compliance with federal law, all persons hired will be required to verify their identity and eligibility to work in the United States.

What's great about being an engineer at Civis? We believe in ownership of our work and continuous learning, and we set up our team to reinforce those values.

We trust engineers from all over our team to pick the right architecture, library, or framework for the job at hand. Civis security engineers set the strategic vision for our compliance plan in addition to the day-to-day details, and they work directly with the legal and sales teams to come up with novel ways move the business forward while keeping our systems secure.

We want you to never stop learning. Everyone has a mentor from day one and tracks their personal development alongside their technical deliverables. On the security engineering team, you’ll be joining a small core of infrastructure engineers and will help steer the course of our operations.  You’ll work with compliance frameworks such as SSAE16, HIPAA, FERPA, and FedRAMP, perform routine vulnerability testing of our corporate office and AWS networks, help manage third-party penetration tests, and pretty much work with every AWS service available (seriously).  Valuing continuous learning means recognizing that our strongest contributors stand out for their capabilities and not their credentials.

We are smart, fun, and a little bit weird. Does this sound like you?

Minimum Qualifications

    • B.S. or M.S. Computer Science, Information Systems, Information Security or related field (Math, Physics, Engineering) and equivalent security experience
    • Excellent communication skills
    • Enthusiasm for the constant fight to ensure security and ethical privacy on the internet and for our customers
    • Exposure to security frameworks & compliance such as SSAE 16, HIPAA, FedRAMP, ISO 27001, etc
    • Strong knowledge of UNIX/Linux and/or OS X
    • Strong knowledge of TCP/IP and Networking
    • Experience with sniffers such as tcpdump, WireShark, etc
    • Experience with applied cryptography including PKI, SSL, and key management
    • Experience with vulnerability testing tools such as Nessus, Qualys, OpenVAS, etc
    • Strong knowledge of at least one modern scripting language (Python, Perl, Bash, etc)
    • Ability to impress with knowledge of internet security issues
    • Ability to be on call for incident response purposes

Preferred Qualifications

    • At least one Security credential: GIAC (GCIA, GCIH, GPEN, etc) and/or CISSP preferred
    • Experience working with HIPAA and FedRAMP Moderate compliance a huge plus
    • Active member of the global security community a huge plus (research, blogging, presentations, conference attendance, etc)
    • Experience with SQL and database administration (MySQL, Oracle, etc)
    • Experience working with IDS/IPS (e.g. Snort)
    • Experience with regular expressions (regex)
    • SIEM experience (ArcSight, Splunk, QRadar, AlienVault, SumoLogic, etc)
    • Experience performing security audits and working with external auditors
    • Exposure to application security testing concepts (e.g. Fuzzing, XSS, SQL Injection, etc)
    • Exposure to penetration testing frameworks such as Kali Linux and resident tools such as netcat, Nmap, Burp Suite, etc