CivicPlus, LLC is looking for a Security Operations Engineer to safeguard our systems, networks, and cloud environments. You will be responsible for monitoring, detecting, investigating, and responding to cybersecurity threats while continuously improving our security posture.

What You'll Do

Configure, administer, and continuously tune security technologies to support prevention, detection, response, and recovery capabilities.
Monitor security logs, alerts, and telemetry across on-premises and cloud environments; analyze anomalous activity and escalate or respond accordingly.
Investigate and respond to security alerts and incidents in production environments, performing threat hunting, root cause analysis, containment, eradication, and recovery.
Maintain, update, and test incident response playbooks and procedures aligned with modern cybersecurity frameworks.
Define, track, and report operational security metrics, including alert trends, incident volumes, response times, and control effectiveness.
Support internal and external security audits and compliance assessments by providing operational evidence and control validation artifacts.
Support backup, recovery, and system resilience capabilities as part of information system contingency and business continuity planning.
Collaborate cross-functionally with Engineering, IT, Cloud Operations, and Compliance teams to remediate vulnerabilities and strengthen security controls.
Develop and maintain clear, accurate documentation of security configurations, processes, investigations, and system changes.

What We're Looking For

Security+, Network+, or equivalent certification.
3–7 years of experience in security operations, incident response, defensive security, or a related field.
Experience coordinating and responding to security incidents in production environments.
Experience working with SaaS or cloud-native security technologies and platforms.
Strong understanding of security operations, incident response methodologies, and defensive security controls.
Demonstrated ability to analyze security threats and respond effectively under time-sensitive and high-pressure conditions.
Hands-on experience administering and supporting security technologies (SIEM, EDR, IDS/IPS, WAF, and related platforms).
Strong analytical, problem-solving, and documentation skills.
Ability to communicate technical findings clearly to technical and non-technical stakeholders.

Nice to Have

Bachelor’s degree in Computer Science, Cybersecurity, Information Security, Information Systems, or a related field.
CySA+, GCIA, GCED, or equivalent certification.