What we do

At Civis, we take a science-first approach to solving business problems using person-level data. With a blend of proprietary technology and statistical advisory services, we help public and private sector organizations find, understand and connect with the people they care about, so they can stop guessing and start using mathematical proof to guide decisions. We know others use “data science” and “analytics” as buzzwords, but at Civis we don’t stand for fluff, and we will always deliver scalable products and technologies — not PowerPoints — to drive your business forward. Learn more about Civis at www.civisanalytics.com.

Our mission

To democratize data science so organizations can stop guessing and make decisions based on numbers and scientific fact.

What we are looking for

Are you a self-starter? Do you want to work where you can make an immediate impact? Civis is looking for an Application Security Engineer to join our team!

As an Application Security Engineer, you’ll be responsible for performing penetration testing on our applications, analyzing and providing appropriate security architectural recommendations, and working across multiple departments (including with our engineering and data science teams) to improve the security of our product.

Responsibilities

• Work with our Director of Cybersecurity and our engineering team to better our threat stance for the company, our product, and our customers.
• Perform a variety of application level penetration testing which will include both automated and manual review of our software. 
• Conduct a variety of static, dynamic, and manual code reviews of our software.
• Perform application security architecture reviews to identify possible data privacy and security risk 
• Actively develop professional-grade software in our existing applications alongside other development teams as well as build new and enhanced tools inside the security group.
• Consult with our engineering and data science teams to integrate automated security tools into our continuous integration and delivery pipeline. 
• Stay up-to-date with new application security vulnerabilities, tools and attack methods to better improve our information security posture.

Minimum Requirements

•  1-3 years’ experience in application security or Bachelor’s degree in Cybersecurity/Information Security or an equivalent, relevant field.
• Experience developing web applications with frameworks such as Rails or Django
• Comfort working with SQL databases and cloud hosting infrastructure
• Strong understanding of web and mobile application security vulnerabilities and concepts. 
• Ability to work both independently and collaboratively with peers, across teams, and with management.
• Ability to deliver technical reports and communicate technical concepts to both non-technical business users as well as client technical stakeholders.
• Demonstrated ability to perform vulnerability and penetration testing. 
• You understand that threats don't work 9 to 5 and sometimes we can't either!

Preferred Qualifications

• Prior experience on an internal application security team 
• 3-5 years in security analysis in cloud services (Amazon Web Services, Google Cloud Platform or Azure)
• 3+ years of experience with container technologies and at least 1+ with Kubernetes.
• Prior pen testing experience
• Experience with Ruby on Rails, React & Python

Why join our team?

• The opportunity to be part of a growing tech startup focused on solving interesting and meaningful problems, invested in internal promotion, and committed to fostering a diverse, equal and inclusive workplace. 
• Competitive benefits, including unlimited PTO, 401K match with immediate vesting, health, dental, and vision benefits, paid parental leave, breastfeeding support including breastmilk shipping services for traveling moms, flexible work from home policy, commuter benefits, wellness initiatives including weekly group meditations, monthly on-site massage therapy, and pet insurance.
• Modern office, conveniently located in the Loop. Close to public transportation, great restaurants and beautiful city views.

Civis Analytics embraces the individuality of our employees and we celebrate each other's differences. Our products, services, and culture benefit from and thrive on the unique perspectives brought by each person in our community. We're proud to be an equal opportunity workplace, and we are committed to equal employment opportunity regardless of race, age, sex, color, ancestry, religion, national origin, sexual orientation, gender identity, citizenship, marital status, disability, or Veteran status. If you have a disability or special need that requires accommodation, please contact [email protected]

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States.

EEO IS THE LAW

EEO Supplement

Pay Transparency