About the Company

Are you a self-starter? Do you want to work where you can make an immediate impact? Civis Analytics is looking for a Cybersecurity Lead to join our team!

Civis Analytics helps leading businesses, nonprofits and government use data to identify, attract, and engage customers, constituents and citizens. With a blend of proprietary data, technology and advisory services, and an interdisciplinary team of data scientists, developers, and survey science experts, Civis helps organizations stop guessing and start using statistical proof to guide decisions. Learn more about Civis at www.civisanalytics.com.

Civis embraces the individuality of our employees and we celebrate each other's differences. Our products, services, and culture benefit from and thrive on the unique perspectives brought by each person in our Civis community. We're proud to be an equal opportunity workplace, and we are committed to equal employment opportunity regardless of race, age, sex, color, ancestry, religion, national origin, sexual orientation, gender identity, citizenship, marital status, disability, or Veteran status. If you have a disability or special need that requires accommodation, please let us know.

About the Role

Data protection is a fundamental element of everything we do, and as Cybersecurity Lead, you will play a leading role in these efforts. You will report to and work with our General Counsel to design agile, big-picture organizational security strategy that encompasses network, application, and physical security, regularly reassess that strategy based on developments in the security landscape and periodic threat-modeling exercises, continuously improve company-wide security mindset and awareness, define security vendor strategy (aka ‘buy vs build’), and lay out execution plans to implement our security strategy.

This is a highly visible and critical role in our organization with significant individual contribution and leadership responsibilities. Not only will you design company-wide security, you will also flex your hunting and hacking muscles to proactively find and fix vulnerabilities, leverage our MSSP and security tools to prioritize efforts, lead security vendor relationships, and more importantly, you’ll have an opportunity to recruit, manage, and develop a security team. The ideal candidate understands the constant need to balance the benefits of incremental security measures with the potential burdens on business and operations. You’ll have broad decision-making authority, so you’ll also need to work and manage effectively across multiple departments. This position is located in Chicago.

Minimum Qualifications

• 7-10 years of relevant cybersecurity experience
• B.S. or M.S. in Computer Science, Information Systems, Information Security or related field (Math, Physics, Engineering) and equivalent security experience
• Demonstrated experience in application security, threat detection, incident response, and threat/vulnerability mitigation
• Must have experience with AWS and AWS security technologies -- Guard Duty, Cloud Trail, Redshift, etc.
• Experience with Kubernetes or similar container technologies
• Hunting, blue team, and internal penetration testing experience
• Experience developing security vendor strategy that “scales security” in an organization
• At least one Security credential: GIAC (GCIA, GCIH, GPEN, etc) and/or CISSP preferred
• Ability to influence highly technical colleagues to raise overall security awareness across the organization
• Enthusiasm to embrace the constant challenge of ensuring a high-level of security, privacy, and a data-handling ethics practices across our business and among our users

Preferred Qualifications

• Specific experience with container security
• Strong knowledge of at least one modern scripting language (e.g. Python)
• Experience implementing DLP and CASB technologies
• Experience leading a small security team
• Active member of the global security community a huge plus (research, blogging, presentations, conference attendance, etc)
• Experience performing security audits and working with external auditors
• Sound understanding of security frameworks & compliance such as SSAE 16, HIPAA, FedRAMP, ISO 27001, etc
• Deep knowledge of application security testing concepts (e.g. Fuzzing, XSS, SQL Injection, etc) and penetration testing frameworks such as Kali Linux and tools like netcat, Nmap, Burp Suite, etc
• SIEM experience (ArcSight, Splunk, QRadar, AlienVault, SumoLogic, etc)
• Experience identifying and addressing security challenges related to database administration (MySQL, Oracle, etc)
• Proficiency with applied cryptography including PKI, SSL, and key management
• Proven Experience with vulnerability testing tools such as Nessus, Qualys, OpenVAS, etc
• Strong knowledge of UNIX/Linux and/or OS X
• Experience with sniffers such as tcpdump, WireShark, etc