OpenGov operates cloud infrastructure that processes digital services for more than 100 million Americans - roughly one in three people in the U.S. - across 2,000+ cities, counties, state agencies, and school districts. The attack surface spans financial management, procurement workflows, asset tracking, permitting systems, and public transparency portals. A breach here doesn't just leak PII; it could halt permit issuance, freeze municipal budgets, or corrupt procurement records across entire jurisdictions. The threat model includes nation-state actors targeting critical infrastructure, ransomware crews hunting soft government targets, and insider risks amplified by legacy integrations common in public-sector IT.
The security team defends a multi-tenant SaaS platform built on modern cloud architecture, with SIEM tooling feeding detection pipelines and Jira/Confluence anchoring incident workflows. Real challenges include securing data flows between OpenGov's platform and the fragmented, often outdated systems that state and local governments run on-premises. You're not just protecting the perimeter - you're hardening APIs that interface with decades-old ERP systems, auditing access controls across thousands of government users with varying technical maturity, and ensuring compliance frameworks scale as new jurisdictions onboard. The stack integrates Salesforce for CRM alongside purpose-built government finance and asset management modules, creating security boundaries that cross commercial tooling and custom code.
OpenGov's team brings 500+ combined years of government experience, which translates to domain fluency around compliance mandates like CJIS, FedRAMP-adjacent requirements, and state-specific data residency rules. Security engineering here means operationalizing controls that work for a city IT department with two staff and a state agency with mature SOC capabilities - simultaneously. The role demands technical rigor in cloud security fundamentals, threat modeling for high-value targets in the public sector, and the patience to navigate procurement cycles and audit regimes that move on government timelines.