Application Security Engineer
About the Company
Civis Analytics helps businesses use data to gain a competitive advantage in how they identify, attract, and engage loyal customers and employees. With an interdisciplinary team of data scientists, developers, and survey science experts, Civis works with Fortune 500 companies, the country’s largest nonprofits, and all levels of government to make data-driven decision-making essential to how the world’s best organizations operate.
Civis embraces the individuality of our employees and we celebrate each other's differences. Our products, services, and culture benefit from and thrive on the unique perspectives brought by each person in our Civis community. We're proud to be an equal opportunity workplace, and we are committed to equal employment opportunity regardless of race, age, sex, color, ancestry, religion, national origin, sexual orientation, gender identity, citizenship, marital status, disability, or Veteran status. If you have a disability or special need that requires accommodation, please let us know.
Learn more about Civis at www.civisanalytics.com.
About the Role
Are you a self-starter? Do you want to work where you can make an immediate impact? Civis is looking for a Application Security Engineer to join our team!
As an Application Security Engineer, you’ll be responsible for performing penetration testing on our applications, analyzing and providing appropriate security architectural recommendations, and working across multiple departments (including with our engineering and data science teams) to improve the security of our product.
In this role, you will:
- Perform a variety of application level penetration testing which will include both automated and manual review of our software
- Conduct a variety of static, dynamic, and manual code reviews of our software
- Perform application security architecture reviews to identify possible data privacy and security risk
- Consult with our engineering and data science teams to integrate automated security tools into our continuous integration and delivery pipeline
- Stay up-to-date with new application security vulnerabilities, tools and attack methods to better improve our information security posture
Civis has opportunities for applicants who are seasoned professionals, brilliant newcomers, and anywhere in between. We are looking for detail-oriented individuals from diverse backgrounds with demonstrated quantitative and problem-solving skills. We value creativity, hard work and on-the-job-excellence and offer competitive compensation and benefits packages. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States.
- BA/BS degree or equivalent practical experience
- 3-5 years’ experience in application security or Bachelor’s degree in Cyber Security/Information Security or an equivalent, relevant field
- Strong understanding of web and mobile application security vulnerabilities and concepts
- Ability to work both independently and collaboratively with peers, across teams, and with management
- Ability to deliver technical reports and communicate technical concepts to both non-technical business users as well as client technical stakeholders
- Demonstrated ability to perform vulnerability and penetration testing
- You understand that attackers don't work 9 to 5 and sometimes we can't either!
- 3-5 years in security analysis in cloud services (Amazon Web Services, Google Cloud Platform or Azure)
- 3+ years of experience with container technologies and at least 1+ with Kubernetes
- Prior pen testing experience
- Prior experience on an internal application security team
- Experience with Ruby on Rails, React & Python