Senior Security Engineer

Chicago, IL
Technology – Tech
Full-time

At Civis, we take protecting data seriously and are looking for a security engineer with security and compliance expertise. As a Senior Security Engineer, you will work with our General Counsel and team of DevOps Engineers on the constant stream of new products and technologies used to support our cloud platform.

You will design big picture security strategy while laying out the details of an implementation plan. You understand the constant need to balance the benefits of incremental security measures with the potential burdens on the business. You will proactively find and fix security problems, monitor our networks utilizing security tools such as SIEM and next-gen endpoint protection, and prioritize efforts based on risk.  You’ll join our Chicago-based team, closely collaborating with engineers, data scientists, IT, and our client success team.

We are looking for individuals from a wide range of backgrounds with a demonstrated ability to define and tailor a security strategy that fits Civis' business and overall growth objectives. This individual will also have top-notch quantitative and problem-solving skills. We value creativity, hard work, and on-the-job-excellence and offer competitive compensation and benefits packages. In compliance with federal law, all persons hired will be required to verify their identity and eligibility to work in the United States.

What's great about being an engineer at Civis? We believe in ownership of our work and continuous learning, and we set up our team to reinforce those values.

We trust engineers from all over our team to pick the right architecture, library, or framework for the job at hand. Civis security engineers set the strategic vision for our compliance plan in addition to the day-to-day details, and they work directly with the legal and sales teams to come up with novel ways move the business forward while keeping our systems secure.

We want you to never stop learning. Everyone has a mentor from day one and tracks their personal development alongside their technical deliverables. On the security engineering team, you’ll be joining a small core of infrastructure engineers and will help steer the course of our operations.  You’ll work with compliance frameworks such as SSAE16, HIPAA, FERPA, and FedRAMP, perform routine vulnerability testing of our corporate office and AWS networks, help manage third-party penetration tests, and pretty much work with every AWS service available (seriously).  Valuing continuous learning means recognizing that our strongest contributors stand out for their capabilities and not their credentials.

We are smart, fun, and a little bit weird. Does this sound like you?

Civis Analytics has opportunities for applicants who are seasoned professionals, brilliant newcomers, and anywhere in between. We are looking for detail-oriented individuals from diverse backgrounds with demonstrated quantitative and problem-solving skills. We value creativity, hard work and on-the-job-excellence and offer competitive compensation and benefits packages. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States.

To learn more about our culture, check out Civis Analytics on The Muse!

Minimum Qualifications

    • B.S. or M.S. Computer Science, Information Systems, Information Security or related field (Math, Physics, Engineering) and equivalent security experience
    • Excellent communication skills
    • Enthusiasm for the constant fight to ensure security and ethical privacy on the internet and for our customers
    • Exposure to security frameworks & compliance such as SSAE 16, HIPAA, FedRAMP, ISO 27001, etc
    • Strong knowledge of UNIX/Linux and/or OS X
    • Strong knowledge of TCP/IP and Networking
    • Experience with sniffers such as tcpdump, WireShark, etc
    • Experience with applied cryptography including PKI, SSL, and key management
    • Experience with vulnerability testing tools such as Nessus, Qualys, OpenVAS, etc
    • Strong knowledge of at least one modern scripting language (Python, Perl, Bash, etc)
    • Ability to impress with knowledge of internet security issues
    • Ability to be on call for incident response purposes

Preferred Qualifications

    • At least one Security credential: GIAC (GCIA, GCIH, GPEN, etc) and/or CISSP preferred
    • Experience working with HIPAA and FedRAMP Moderate compliance a huge plus
    • Active member of the global security community a huge plus (research, blogging, presentations, conference attendance, etc)
    • Experience with SQL and database administration (MySQL, Oracle, etc)
    • Experience working with IDS/IPS (e.g. Snort)
    • Experience with regular expressions (regex)
    • SIEM experience (ArcSight, Splunk, QRadar, AlienVault, SumoLogic, etc)
    • Experience performing security audits and working with external auditors
    • Exposure to application security testing concepts (e.g. Fuzzing, XSS, SQL Injection, etc)
    • Exposure to penetration testing frameworks such as Kali Linux and resident tools such as netcat, Nmap, Burp Suite, etc