Security Operations Engineer

CivicPlus, LLC

1d•$61,700 - $87,600

About The Position

The Security Operations (SecOps) Engineer is responsible for monitoring, detecting, investigating, and responding to cybersecurity threats across the organization’s systems, networks, and cloud environments. This role operates and continuously improves security monitoring and response technologies, supports incident response and resilience planning, and ensures operational security controls are effective and measurable. The position is accountable for timely threat detection, effective incident containment, and continuous improvement of the organization’s security posture. About CivicPlus At CivicPlus, we strive to bring our company vision to life through innovation and collaboration. Supported by approachable leadership and transparent communication, we're empowered to make an impact on local government and the residents they serve. Grow your career alongside great people, where authenticity is welcome, successes are celebrated, and potential is nurtured.

Requirements

Strong understanding of security operations, incident response methodologies, and defensive security controls.
Demonstrated ability to analyze security threats and respond effectively under time-sensitive and high-pressure conditions.
Hands-on experience administering and supporting security technologies (SIEM, EDR, IDS/IPS, WAF, and related platforms).
Strong analytical, problem-solving, and documentation skills.
Ability to communicate technical findings clearly to technical and non-technical stakeholders.
Security+, Network+, or equivalent (required).
3–7 years of experience in security operations, incident response, defensive security, or a related field.
Experience coordinating and responding to security incidents in production environments.
Experience working with SaaS or cloud-native security technologies and platforms.

Nice To Haves

Bachelor’s degree in Computer Science, Cybersecurity, Information Security, Information Systems, or a related field (preferred).
Equivalent work experience may be considered in lieu of a degree.
CySA+, GCIA, GCED, or equivalent (preferred).

Responsibilities

Configure, administer, and continuously tune security technologies to support prevention, detection, response, and recovery capabilities, including SIEM, EDR, IDS/IPS, WAF, vulnerability scanning tools, and cloud security platforms.
Monitor security logs, alerts, and telemetry across on-premises and cloud environments; analyze anomalous activity and escalate or respond in accordance with established procedures.
Investigate and respond to security alerts and incidents in production environments, performing threat hunting, root cause analysis, containment, eradication, and recovery activities.
Maintain, update, and test incident response playbooks and procedures aligned with modern cybersecurity frameworks (including NIST 800-61); document lessons learned and implement improvements.
Define, track, and report operational security metrics, including alert trends, incident volumes, response times, and control effectiveness.
Support internal and external security audits and compliance assessments by providing operational evidence, incident documentation, and control validation artifacts.
Support backup, recovery, and system resilience capabilities as part of information system contingency and business continuity planning.
Collaborate cross-functionally with Engineering, IT, Cloud Operations, and Compliance teams to remediate vulnerabilities, strengthen security controls, and improve detection coverage.
Develop and maintain clear, accurate documentation of security configurations, processes, investigations, and system changes to support knowledge sharing and operational continuity.
Other duties as assigned by leadership.