Senior Security Engineer
Operations – Operations
Are you a self-starter? Do you want to work where you can make an immediate impact? Civis Analytics is looking for a Senior Security Engineer to join our team!
Civis Analytics was born on the campaign trail, with CEO Dan Wagner and our founding members spearheading the 2012 Obama for America analytics team. Since then, our DC and Chicago teams have been building software and growing rapidly among a steadily developing client base in education, energy, government, healthcare, media, nonprofits, and politics. It’s our mission to empower organizations to find truth and guide actions that will change their world for the better.
At Civis, we take protecting data seriously and are looking for a security engineer with security and compliance expertise. As a Senior Security Engineer, you will work with our General Counsel and team of DevOps Engineers on the constant stream of new products and technologies used to support our cloud platform.
You will design big picture security strategy while laying out the details of an implementation plan. You understand the constant need to balance the benefits of incremental security measures with the potential burdens on the business. You will proactively find and fix security problems, monitor our networks utilizing security tools such as SIEM and next-gen endpoint protection, and prioritize efforts based on risk. You’ll join our Chicago-based team, closely collaborating with engineers, data scientists, IT, and our client success team.
What's great about being an engineer at Civis? We believe in ownership of our work and continuous learning, and we set up our team to reinforce those values.
We trust engineers from all over our team to pick the right architecture, library, or framework for the job at hand. Civis security engineers set the strategic vision for our compliance plan in addition to the day-to-day details, and they work directly with the legal and sales teams to come up with novel ways move the business forward while keeping our systems secure.
We want you to never stop learning. Everyone has a mentor from day one and tracks their personal development alongside their technical deliverables. On the security engineering team, you’ll be joining a small core of infrastructure engineers and will help steer the course of our operations. You’ll work with compliance frameworks such as SSAE16, HIPAA, FERPA, and FedRAMP, perform routine vulnerability testing of our corporate office and AWS networks, help manage third-party penetration tests, and pretty much work with every AWS service available (seriously). Valuing continuous learning means recognizing that our strongest contributors stand out for their capabilities and not their credentials.
We are smart, fun, and a little bit weird. Does this sound like you?
To learn more about our culture, check out Civis Analytics on The Muse!
- B.S. or M.S. Computer Science, Information Systems, Information Security or related field (Math, Physics, Engineering) and equivalent security experience
- Excellent communication skills
- Enthusiasm for the constant fight to ensure security and ethical privacy on the internet and for our customers
- Exposure to security frameworks & compliance such as SSAE 16, HIPAA, FedRAMP, ISO 27001, etc
- Strong knowledge of UNIX/Linux and/or OS X
- Strong knowledge of TCP/IP and Networking
- Experience with sniffers such as tcpdump, WireShark, etc
- Experience with applied cryptography including PKI, SSL, and key management
- Experience with vulnerability testing tools such as Nessus, Qualys, OpenVAS, etc
- Strong knowledge of at least one modern scripting language (Python, Perl, Bash, etc)
- Ability to impress with knowledge of internet security issues
- Ability to be on call for incident response purposes
- At least one Security credential: GIAC (GCIA, GCIH, GPEN, etc) and/or CISSP preferred
- Experience working with HIPAA and FedRAMP Moderate compliance a huge plus
- Active member of the global security community a huge plus (research, blogging, presentations, conference attendance, etc)
- Experience with SQL and database administration (MySQL, Oracle, etc)
- Experience working with IDS/IPS (e.g. Snort)
- Experience with regular expressions (regex)
- SIEM experience (ArcSight, Splunk, QRadar, AlienVault, SumoLogic, etc)
- Experience performing security audits and working with external auditors
- Exposure to application security testing concepts (e.g. Fuzzing, XSS, SQL Injection, etc)
- Exposure to penetration testing frameworks such as Kali Linux and resident tools such as netcat, Nmap, Burp Suite, etc