APPOINTMENT TYPE: This is a Permanent Exempt (PEX) (Category 12) position.  This position is excluded by the Charter from the competitive civil service examination process and incumbents are “at will” and shall serve at the discretion of the Appointing Officer.  

*This announcement has been re-issued for additional qualified pool and reflect changes in the minimum qualification.  Applicants who have already applied for this recruitment do not need to re-apply.*

Specific information regarding this recruitment and position are listed below:

• Application Open: Monday, March 2, 2026
• Application Deadline: Friday, March 6, 2026
• Apply immediately. Application filing will be open at least through 5:00 PM on Friday, March 6, 2026 and will close any time thereafter.
• Compensation: $167,804 to $211,094 Annually
• Work Schedule: Full-time, 40 hours per week.
• Work Location: San Francisco International Airport –ITT Division
• Recruitment ID: PEX-9976-160108

San Francisco International Airport (SFO) is a world-class, award-winning airport that served more than 54 million guests in Fiscal Year 2025. SFO offers non-stop flights to 60+ international cities on over 40 international carriers. The Bay Area’s largest airport also connects non-stop with 80+ U.S. cities on 10 domestic airlines.

As an enterprise department of the City & County of San Francisco, SFO has a workforce of approximately 1,900 City employees. In Fiscal Year 2021, SFO generated more than 28,000 direct jobs and $6.1B in business activity.

SFO is more than an airport— we are a dynamic organization where employees collaborate with a wide range of stakeholders to support global travel, economic development, and public service. We are recognized as a leader in safety, environmental sustainability, and forward-thinking infrastructure, and continue to be at the forefront of transforming the travel experience.

Our Vision, Mission, and Core Values shape our culture and operations as we continue to build a supportive, purpose-driven workplace where all employees can thrive. Our mission is to deliver an airport experience where people and our planet come first.

Learn more about careers at SFO at flysfo.com, and follow us on Facebook, Instagram, YouTube, LinkedIn, Bluesky and Threads

Under the direction of the Director, Cybersecurity and Compliance, the Cybersecurity Expert I analyzes plans, designs, implements, maintains, troubleshoots, and enhances the confidentiality, integrity, and availability of large complex systems and networks. This position contributes to the overall security of Airport information assets and technologies through the creation and ongoing support of preventative detective and corrective controls.  Cybersecurity Expert I identifies, refines, and analyzes cybersecurity data across a wide variety of sources to report against agree upon key performance indicators measuring the efficacy of these controls.  This position works closely with Airport's operations and engineering teams to remediate cybersecurity issues and concerns.

You are excited about this opportunity because you will:

1. Serve as a primary subject matter expert for information security and cyber-security for SFO: maintain skills and expertise within areas of cybersecurity and information security for ICT and ICS environments. Contribute to requirements definitions on SFO initiatives and projects, including analysis of risks aligned with IT and OT reference architecture and standards.
2. Work with clients to identify business and technical cybersecurity requirements. Determine cybersecurity requirements for the development or enhancement of large complex systems and networks that comprise the backbone of the Airport's information technology and infrastructure; determine the suitability of existing solutions to meet these requirements. Lead the design, implementation, and monitoring of all remote-access mechanisms associated with Airport information assets.
3. Assess the effectiveness of existing processes, procedures, controls, and safeguards to prevent cyber-security breaches across SFO's infrastructure. Facilitate a consistent and positive security posture across multiple independent information systems throughout SFO. Assess and provide recommended cloud security controls to facilitate security of SFO cloud presence, including adequate accounting of data access controls. Identify and remediate threats and vulnerabilities to these assets.
4. Maintain and continually improve SFO’s vulnerability management program, including but not limited to patch management, vulnerability scanning, and reporting monthly status on the program’s effectiveness. Recommend and implement new or revised security measures based on risk analysis for purposes of protecting SFO information systems and resources, performing periodic analysis of security measure effectiveness, and documenting deviations from intended mitigation.
5. Identify and respond to cybersecurity threats and incidents as directed by the Cybersecurity and Compliance Director. Provide technical expertise to enable the Airport’s ability to identify and remediate exploitable cyber-related vulnerabilities present within the SFO’s infrastructure including the ability to detect and block emerging cyberattacks as they occur. Review cybersecurity vulnerabilities, advisories, and alerts from a variety of sources; determine applicability to Airport information systems and data, assess the potential impact on Airport operations; and coordinate follow-up activities based on the severity and exploitability of these vulnerabilities. Provide the technical expertise to enable the Airport’s ability to respond to cyber-related issues in accordance with digital forensic and incident response guidelines established by US-CERT and the U.S. Department of Justice.
6. Lead the design, implementation, and monitoring of technical controls related to information security across all Airport divisions. Collaborate with engineering peers to analyze, detect, identify, and correct cybersecurity issues within Airport information systems; troubleshoot issues of high complexity and scope.  Be responsible for planning, direction and oversight on multiple cyber security projects and initiatives. Direct projects to successfully meet schedule, budget, and scope.
7. Direct and coordinate cybersecurity reviews of software architecture, programs, and code that is developed for and deployed within Airport information systems, including the implementation, and testing of remediation activity arising from cybersecurity assessments and audits. Administer penetration testing of SFO networks and systems. Ensure that remediation of infractions resulting from annual pen tests are properly documented and corrected in a timely fashion.
8. Manage the coordination and implementation of corrective measures while adhering to change control policies and practices; this may involve site visits, telephone assistance, remote systems or network management, and participation in technical committees.
9. Liaise with other Airport sections and City departments and maintain cooperative relationships with vendors, contractors, and other agencies. Facilitate communication between SFO and federal agencies in matters related to information security and cyber-security as directed by Cybersecurity and Compliance Director.
10. Prepare documentation related to cybersecurity standards, specifications, and procedures, including troubleshooting techniques related to system and network software and hardware; develop and review documentation prior to general distribution.
11. Demonstrate and provide training on cybersecurity technologies and systems to both IS and non-IS professionals including demonstration and training of staff in the use of new hardware or software products. Collaborate with vendors, technical support hot-lines, and other sections, divisions, and departments to resolve complex systems or network problems.
12. Design, plan, integrate, test, implement, document, and enhance the physical and logical controls used to protect the confidentiality, integrity, and availability of Airport information systems and data, including, but not limited to SAML, public key encryption, secret key encryption, SSH, SSL, and multi-factor authentication.Configure, maintain, and install security products and applications including, but not implemented to: Tenable Nessus and Tenable Security Center, Crowdstrike MDR/EDR, and "next-generation" firewalls. Monitor network performance and capacity using management tools such as Splunk or SolarWinds. Perform and utilize protocol captures and decodes using commercial and open-source tools such as Wireshark and next-generation firewalls.
13. Perform other duties as assigned.

1. Education:

An associate degree in computer science, computer engineering, software engineering, or a closely related field from an accredited college or university or its equivalent in terms of total course credits/units. [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in one of the fields above or a closely related field].

AND

2. Experience:

Five (5) years of experience analyzing, installing, configuring, enhancing, and/or maintaining the components of an enterprise network.

Substitution:

Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units/ forty-five (45) quarter units with a minimum of 10 semester / 15 quarter units in one of the fields above or a closely related field.

Completion of the 1010 Information Systems Trainee Program may be substituted for the required degree.

One-year full-time employment is equivalent to 2,000 hours (2,000 hours of qualifying work experience is based on a 40-hour work week). Any overtime hours that you work above 40 hours per week are not included in the calculation to determine full-time employment.

Desirable Qualifications:

• Two (2) or more years of experience designing, implementing, and managing security policy on Palo Alto Networks firewalls in a large, complex environment.
• Two (2) or more years of operational experience managing a cybersecurity vulnerability management program, using cyber-security tools such as the Crowdstrike EDR/MDR platform in an airport environment or a similar large, regulated, complex multi-tenant environment.
• Two (2) or more years of experience working with business and technical stakeholders creating accurate network and data-flow diagrams from which accurate firewall policy can be established.
• Two (2) or more years of experience designing, implementing, supporting Microsoft Entra ID hybrid joined devices, including responding to cybersecurity incidents involving Microsoft Entra ID, Microsoft Intune and Windows Hello.
• Two (2) or more years of experience contributing to the success of large, complex, multi-year IT cyber-security projects and initiatives within a large federal, state, or municipal government department.
• Ability to meet and maintain compliance with IC-710 requirements for Controlled Unclassified Information (CUI).
• Ability to obtain National Security Clearance.

Verification:

Every application is reviewed to ensure that you meet the minimum qualifications listed in the job ad. Please review our articles on Employment Application and Minimum Qualifications and Verification of Experience and/or Education for considerations taken when reviewing applications. 

Note: Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.  All work experience, education, training and other information substantiating how you meet the minimum qualifications must be included on your application by the filing deadline. Information submitted after the filing deadline will not be considered in determining whether you meet the minimum qualifications. 

Resumes will not be accepted in lieu of a completed City and County of San Francisco application. 

Applications completed improperly may be cause for ineligibility, disqualification or may lead to lower scores.

Selection Procedures:

The selection process will include evaluation of applications in relation to minimum requirements.  Applicants meeting the minimum qualifications are not guaranteed advancement to the interview.  Depending on the number of applicants, the Department may establish and implement additional screening mechanisms to comparatively evaluate the qualifications of candidates.  If this becomes necessary, only those applicants whose qualifications most closely meet the needs of the Department will be invited for an interview.

Notes: Applicants who meet the minimum qualifications are not guaranteed advancement through all of the steps in the selection procedure.

Transportation Security Administration (TSA) Security Clearance:

Candidates for employment with the San Francisco Airport Commission are required to undergo a criminal history record check, including FBI fingerprints, and Security Threat Assessment in order to determine eligibility for security clearance and may be required to undergo drug/alcohol screening. Per Civil Service Commission Rule Section 110.9.1, every applicant for an examination must possess and maintain the qualifications required by law and by the examination announcement for the examination. Failure to obtain and maintain security clearance may be basis for termination from employment with the Airport Commission.

Medical Examination: Prior to appointment, candidates must successfully pass a medical examination to determine their ability to perform the essential functions of the job and/or the ability to meet the physical minimum requirements.

Additional Information Regarding Employment with the City and County of San Francisco:

• Information About the Hiring Process
• Conviction History
• Employee Benefits Overview  
• Equal Employment Opportunity 
• Disaster Service Worker
• ADA Accommodation
• Right to Work
• Copies of Application Documents
• Diversity Statement

Where to Apply
All job applications for the City and County of San Francisco must be submitted through our online portal. Please visit https://careers.sf.gov/ to begin your application process. Computers are available for the public (9:00 a.m. to 4:00 p.m. Monday through Friday) to file online applications in the lobby of the Dept. of Human Resources at 1 South Van Ness Avenue, 4th Floor and at the City Career Center at City Hall,1 Dr. Carlton B. Goodlett Place, Room 110.

Ensure your application information is accurate, as changes may not be possible after submission. Your first and last name must match your legal ID for verification, and preferred names can be included in parentheses. Use your personal email address, not a shared or work email, to avoid unfixable issues.

Applicants will receive a confirmation email from [email protected] that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received.

Exam Analyst Information:  If you have any questions regarding this recruitment or application process, please contact exam analyst Ronnie Jones at [email protected]

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.