What we do

At Civis Analytics, we bring objective, data-driven truth to organizational decision-making—from the boardroom to the world’s largest progressive social causes.

This mission isn’t an aspiration: it’s something we see realized every day, and it brings purpose to everything we’re working on.

We combine a sophisticated SaaS product with our specialized data science consultancy to empower tens of thousands of active users to make millions of data-driven decisions every month. From joining disparate data sources and automating reporting, to building more elaborate models of targeted audiences and optimizing messages for them, organizations like the Bill and Melinda Gates Foundation, the City of Boston, and iHeart Radio trust Civis’s technology to make their most critical decisions.

Core to our product and consulting offerings is Civis Platform, which makes it easy to import, manage, transform, analyze, and report on data with integrated open source tools. Our customers love Civis Platform because it empowers them to focus on finding data-driven answers to their most critical questions—in other words, we empower them to run their business, rather than running a tech stack. 

Learn more about Civis at www.civisanalytics.com.

Due to the uncertainty of COVID-19, all Civis offices are closed and employees are remote until further notice. This is being closely monitored as the situation evolves. Although it’s likely our offices will reopen, positions hired outside of Civis office locations will be remote roles.

What we are looking for

Data protection is a fundamental element of everything we do, and as Cybersecurity Director, you will play a leading role in these efforts. You will report to and work with our General Counsel to design agile, big-picture organizational security strategy that encompasses network, application, and physical security, regularly reassess that strategy based on developments in the security landscape and periodic threat-modeling exercises, continuously improve company-wide security mindset and awareness, define security vendor strategy (aka ‘buy vs build’), and lay out execution plans to implement our security strategy.

This is a highly visible and critical role in our organization with significant individual contribution and leadership responsibilities. Not only will you design company-wide security, you will also flex your hunting and hacking muscles to proactively find and fix vulnerabilities, leverage our MSSP and security tools to prioritize efforts, lead security vendor relationships, and more importantly, you’ll have an opportunity to recruit, manage, and develop a security team. The ideal candidate understands the constant need to balance the benefits of incremental security measures with the potential burdens on business and operations. You’ll have broad decision-making authority, so you’ll also need to work and manage effectively across multiple departments. 

Minimum Qualifications

• 7-10 years of relevant cybersecurity experience
• B.S. or M.S. in Computer Science, Information Systems, Information Security or related field (Math, Physics, Engineering) and equivalent security experience
• Demonstrated experience in application security, threat detection, incident response, and threat/vulnerability mitigation
• Must have experience with AWS and AWS security technologies -- Guard Duty, Cloud Trail, Redshift, etc.
• Experience with Kubernetes or similar container technologies
• Hunting, blue team, and internal penetration testing experience
• Experience developing security vendor strategy that “scales security” in an organization
• At least one Security credential: GIAC (GCIA, GCIH, GPEN, etc) and/or CISSP preferred
• Ability to influence highly technical colleagues to raise overall security awareness across the organization
• Enthusiasm to embrace the constant challenge of ensuring a high-level of security, privacy, and a data-handling ethics practices across our business and among our users

Preferred Qualifications

• Specific experience with container security
• Strong knowledge of at least one modern scripting language (e.g. Python)
• Experience implementing DLP and CASB technologies
• Experience leading a small security team
• Active member of the global security community a huge plus (research, blogging, presentations, conference attendance, etc)
• Experience performing security audits and working with external auditors
• Sound understanding of security frameworks & compliance such as SSAE 16, HIPAA, FedRAMP, ISO 27001, etc
• Deep knowledge of application security testing concepts (e.g. Fuzzing, XSS, SQL Injection, etc) and penetration testing frameworks such as Kali Linux and tools like netcat, Nmap, Burp Suite, etc
• SIEM experience (ArcSight, Splunk, QRadar, AlienVault, SumoLogic, etc)
• Experience identifying and addressing security challenges related to database administration (MySQL, Oracle, etc)
• Proficiency with applied cryptography including PKI, SSL, and key management
• Proven Experience with vulnerability testing tools such as Nessus, Qualys, OpenVAS, etc
• Strong knowledge of UNIX/Linux and/or OS X
• Experience with sniffers such as tcpdump, WireShark, etc

Who we are

Civis offers opportunities for newcomers, seasoned professionals, and anyone in between. Our teams are energized by complex challenges and value diversity of thought. Opportunities to stand out and inspire happen daily, and we trust and encourage you to act on your ideas—no matter how big they are. 

We offer you the tools and community you need to do your best work. Each of us is committed to holding ourselves accountable for results, challenging the status quo, and finding new ways to help our company—and each other—grow.

Why join our team?

• The opportunity to be part of a growing tech organization focused on solving interesting and meaningful problems, invested in internal promotion, and committed to fostering a diverse, equal, and inclusive workplace. 
• Competitive benefits, including unlimited PTO; 401K match with immediate vesting; health, dental, and vision benefits; fully paid parental leave; breastfeeding support, including breastmilk shipping services for traveling moms; commuter benefits; wellness initiatives, including weekly group meditations; monthly on-site massage therapy; and pet insurance.

• To support employees in our now-fully remote work environment, we have expanded our virtual journal and book clubs, Donut Pals (organized virtual coffee meet-ups), Lightning Talks (five-minute presentations on anything you’d like), Lunch-and-Learns, and HR Open Discussions (bi-weekly meet-ups where we discuss ideas and topics of the day in a casual format). We are also able to support and accommodate flexible work from-home-schedules to help employees juggle their responsibilities.

Civis embraces the individuality of our employees, and we celebrate each other's differences. Our products, services, and culture benefit from and thrive on the unique perspectives brought by each person in our Civis community. We're proud to be an equal opportunity workplace, and we are committed to equal employment opportunity regardless of race, age, sex, color, ancestry, religion, national origin, sexual orientation, gender identity, citizenship, marital status, disability, or veteran status. If you have a disability or special need that requires accommodation, please contact us [email protected].

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States.

EEO IS THE LAW

EEO Supplement

Pay Transparency