Security Operations Engineer
Remote
Applications have closed
Civis Analytics
Data solutions that deliver messages to your audiences and turn your data into successful campaigns. Make smarter, faster decisions that drive real results.Civis is seeking a Security Operation Engineer to join the Civis Information Security Team. This position will work with the Director of Information Security on setting and executing Civis’ zero trust security strategy and driving security engineering solutions to meet key security program milestones and cost objectives.
As a Security Operation Engineer, you will be responsible for championing infrastructure and operation security engineering, and driving SecDevOps, threat and vulnerability management and security best practices to ensure that the Civis is sufficiently protected against internal and external threats, as well as operating in compliance with SOC2 and FedRAMP requirements.
We are looking for someone who is passionate about security engineering and looking forward to implementing creative solutions to a wide variety of real-world technical issues. An ideal candidate would bring with them expertise in creative problem solving, the ability to work on multiple tasks in parallel, and the ability to manage expectations in a fast-paced environment, all while maintaining a high quality of work. We are looking for an individual who can rapidly adapt and learn new technologies/concepts.
Responsibilities
- Lead Civis’ Security Engineering by working alongside engineering, IT and security teams to enhance the security of Civis information systems and to ensure our network infrastructure is well-protected.
- Responsible for identifying & remediating security weaknesses, evaluating/reviewing existing security configuration, and proposing improvements and cost-effective solutions for future enhancements.
- Develop, maintain and implement information security policies, standards and procedures and ensure projects related to Information Technology and Engineering adhere to Security by Design principles.
- Assess the risk of open source libraries, applications and architectures through threat modeling and communicating potential vulnerabilities.
- Help to define and implement SecDevOps and SDLC practices across Civis’s engineering team, promoting a security-first mindset.
- Perform continuous security assessments and penetration testing, report findings and provide recommendations to the Director of Information Security.
- Work with various stakeholders to automate mundane or time-sensitive tasks. Integrate automation scripts into the security architecture in a transparent and supportive manner to augment the team current abilities.
- Lead incident response events and activities.
Required Qualifications
- 1+ years of technical hands-on security engineering experience.
- 1+ years of information technology experience.
- Hands-on experience with Python scripting language.
- Familiar with industry security frameworks and tooling such as SASE, SWG, SIEM, NGAV.
- Experience building security monitoring and management controls using AWS Services such as Security Hub, Inspector and Guard Duty.
- Deep foundational knowledge in security engineering, information technology, networking, architecture, protocols, file systems, and linux operating systems.
- Passionate about security and promoting security culture across the organization.
- Ability to comfortably collaborate across IT disciplines and teams including third parties and be able to provide constructive input into the discussion.
- Ability to work rapidly with the pressure of completing deadlines and frequent interruptions in a fast-paced team environment.
- Attention to detail and understanding how systems-thinking can make an impact with smart moves in people, processes, and technologies.
- Provide emergency on-call support on a rotating schedule.
- Excellence in documentation of policies, procedures, and guidelines.
- Strong problem-solving and process improvement skills.
- Excellent verbal and written communication skills.
Preferred Qualifications
- Relevant industry security certification is a plus.
- Experience with cloud security is a plus; ideally AWS.
- Experience with SaaS products is a plus.
- Scripting languages experience such as Ruby, Javascript, Bash, Python is a plus; ideally Python and Ruby.
- Experience with data encryption and access control.
- Practical experience in implementing and monitoring information security compliance and frameworks (e.g., NIST CSF, CIS Top 20, FedRAMP, SOC2).
- Demonstrated ability to translate requirements into design and subsequent solution build.
- Experience applying security risk assessment methodology to system development, including threat model development, vulnerability assessments, and resultant security risk analysis.
Tags: Automation AWS Bash Cloud Compliance Encryption FedRAMP Incident response JavaScript Linux Monitoring NIST Open Source Pentesting Python Risk analysis Risk assessment Ruby SaaS Scripting SDLC Security assessment Security strategy SIEM SOC 2 Strategy Vulnerabilities Vulnerability management
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs