Security Analyst III

CivicPlus is a high-growth technology company committed to creating more positive civic experiences. Inc. Magazine has selected CivicPlus as “One of the Fastest-Growing Privately Held Companies in the U.S.” since 2011.

Headquartered in Manhattan, Kansas, CivicPlus maintains satellite offices in Marlborough, Massachusetts, Tallahassee, Florida, Portland, Oregon, and New Haven, Connecticut, and has remote staff nationwide. Across all our in-office and remote locations, we foster fun, fast-paced, collaborative, and innovative environments.

Commitment to Diversity, Equity, Inclusion, and Belonging

We believe that diversity drives innovation. The best companies, like the best communities, foster environments in which everyone feels safe to be themselves. We believe our workforce should reflect the communities we serve. We are committed to attracting and retaining those who share our mission of helping government work better through an employee development strategy built on equity and equal opportunity. We promise to foster a culture of inclusion where everyone feels respected, appreciated, and welcome so that together, we create technology to build a better community.

We are looking for an experienced professional with a background in software security.

** We Offer You**

• An opportunity to help build technology solutions used by over 7,000 local governments and their citizens
• Competitive pay and benefits
• Our core values: purpose-driven, ambitious, trustworthy, team-player, and innovative
• The ability to work with and be inspired by colleagues who share your passion for using technology to improve citizen experiences

Job Overview

The Security Analyst III role is key member of the Hosting & Security team and is responsible for ensuring CivicPlus’ digital assets are protected against unauthorized access, NIST Security Framework Compliance, Vulnerability Management and Incident Response.

We’ll expect you to

• Provide mentorship and thought leadership on the security team
• Lead efforts to implement NIST Security Controls Framework across the CivicPlus Enterprise
• Conduct security assessments through vulnerability testing and risk analysis.
• Perform internal privacy impact assessments
• Participate as a key member of the Incident Response Team
• Monitor and audit logs across all product lines of the CivicPlus enterprise.
• Work directly with product teams to ensure that security and compliance are built into product.
• Provide Security Training & Awareness to CivicPlus staff and contractors
• Monitor the collection and storage of sensitive information such as PII, PHI and PCI related data.
• Participate in Due Diligence and Contract Reviews

What you'll need to succeed

• At least 3-5 years’ experience with Server Operating Systems, Networking, Security
• At least 5-10 years’ experience in conducting and leading NIST Security Framework Assessments and gap remediation.
• At least 5-10 years’ experience with OWASP
• At least 5-10 years’ experience working with security standards and best practices
• Position is on call

Preferred

• Degree in networking, programming, or related field or 5yrs of relevant experience
• One or more of the following certifications:
• CompTIA Security+
• CompTIA Cybersecurity Analyst
• CompTIA Advanced Security Practitioner
• CompTIA Security Analytics Expert certification
• The EC-Council Certified Ethical Hacker Certification
• Certified Security Analyst Training
• The GIAC Information Security Fundamentals
• The GIAC Security Essentials Certification
• Certified Information Systems Security Professional

Employment Practices:

• CivicPlus is proud to be an Equal Employment Opportunity employer. At CivicPlus, we celebrate and support diversity for the benefit of our employees, products, clients and communities we serve.
• Upon receiving an offer of employment, candidates must complete required pre-employment screenings, which include a drug test and background screen. Offer of employment is contingent upon this post offer screening process. All testing will be conducted by a licensed independent administrator, which will follow testing standards and background screens in accordance with state law.