San Francisco International Airport (SFO), an enterprise department of the City & County of San Francisco, has a workforce of approximately 1,700 City employees and strives to be a diverse, equitable, and inclusive employer.

SFO’s mission is to provide an exceptional airport in service to our communities and our core values are Safety and Security, Teamwork, Excellence, Care and Equity. Learn more about careers at SFO.

For more information about SFO, visit www.flysfo.com. Follow us on twitter and facebook.

SFO is seeking a Cyber Security Engineer who has hands-on experience developing, implementing, and maintaining effective cybersecurity strategies and infrastructures to protect critical systems, networks, and services in a multifaceted and complex operational environment. The ideal candidate will have the expertise to serve as a risk consultant to the key business stakeholders on actual and emerging cyber threats with the ability to clearly articulate those risks and provide actionable plans for risk and threat mitigation. If you are a strategic cyber security thinker who can plan and implement innovative technological and procedural solutions and able to proactively respond to emerging and sophisticated cyber threats that could threaten the integrity and availability of critical infrastructure, then we encourage you to apply!

Appointment Type:  Permanent-Exempt.  This position is exempt from Civil Service Commission rules pursuant to the City and County of San Francisco, Charter Section 10.104, and incumbents serve at the discretion of the Appointing Officer.

Under the direction of the Acting Chief Information Security Officer (CISO), the 9976 Principal Cyber Security Engineer will play a critical role in developing, implementing, and maintaining effective cybersecurity strategies and infrastructures to protect the Airport's critical systems, networks, and sensitive data.  The position’s primary focus will be to further strengthen SFO information security posture in response to emerging cyber threats that are becoming more sophisticated and persistent.  It is imperative that every effort is made to protect the integrity, availability, and confidentiality of information communications technology (ICT), industrial control systems (ICS), and electronic data resources against cyber threats.  To that end, the 9976 Principal Cyber Security Engineer will identify and implement cyber security policies, standards, guidelines, processes, procedures, and operational practices while ensuring its goals and objectives are properly aligned with SFO business stakeholders.

Job Duties:

• Primary subject matter expert for information security and cyber-security for SFO: maintains skills and expertise within areas of cybersecurity and information security for ICT and ICS environments.
• Liaise with other Airport sections and City departments for matters related to information security and cyber-security; Maintain cooperative relationships with vendors, contractors and other agencies within the City.
• Recommends and implements new or revised security measures based on risk analysis for purposes of protecting SFO information systems and resources, performing periodic analysis of security measure effectiveness, and documenting all deviations from intended mitigation.
• Maintains and continually improves SFO’s vulnerability management program, to include patch management, vulnerability scanning, and reporting monthly status on the program’s effectiveness.
• Develops, maintains, and oversees an agile software develop life cycle process for SFO development teams, as well as undertake measures to ensure remediation actions effectively mitigate risk.
• Engages in requirements definitions on SFO IT initiatives and projects, including analysis of risks aligned with SFO IT and architecture standards.
• Assesses and provides recommended cloud security controls to facilitate security of SFO cloud presence, including adequate accounting of data access controls.
• Responsible for planning, direction and oversight on multiple cyber security projects and initiatives.
• Facilitates a consistent and positive security posture across multiple, independent information systems throughout SFO.
• Identifies and manages cyber-security threats and incidents as directed by the Chief Information Officer and Chief Information Security Officer (CISO).
• Assesses the effectiveness of existing processes, procedures, controls, and safeguards to prevent cyber-security breaches across SFO’s infrastructure.
• Provides technical expertise to enable the Airport’s ability to identify and remediate exploitable cyber-related vulnerabilities present within SFO’s infrastructure including the ability to detect and block emerging cyberattacks as they occur.
• Provides the technical expertise to enable the Airport’s ability to respond to cyber-related issues in accordance with digital forensic and incident response guidelines established by US-CERT and the U.S. Department of Justice.
• Leads the design, implementation, and monitoring of technical controls related to information security across all Airport divisions.
• Leads annual penetration testing of SFO networks and systems. Ensures that remediation of infractions resulting from annual pen tests are corrected in timely fashion, and are well documented. This includes updates to policies and internal operating procedures as needed.
• Leads the design, implementation, and monitoring of all remote-access mechanisms associated with Airport information assets; identifies and remediates threats and vulnerabilities to these assets.
• Serves as the primary liaison with Airport subcontractors on matters related to Airport cyber-security issues and concerns.
• Provides strategic direction and oversight within the field of information security and forensics as directed by CISO.
• Facilitates communication between SFO and federal agencies in matters related to information security and cyber-security as directed by CISO: ICSCERT, US-CERT, MS-ISAC , Federal Bureau of Investigation, United States Secret Service, Electronic Crimes Task Force.
• Provides technical direction and oversight for Airport-managed information systems subject to Federal Criminal Justice Information Systems (CJIS) Security Policy in a manner consistent with the MOU between the San Francisco Airport Commission and the San Francisco Police Department.
• Oversees the design, implementation, and monitoring of remote-access mechanisms associated with Airport information assets.
• Performs duties as assigned

Education:  An associate degree in computer science or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in computer science or a closely-related field]; AND

Experience: 

• Five (5) years of recent and verifiable experience in information security and/or cyber-security of a multifaceted and complex operational environment.
• Five (5) years of recent and verifiable experience in technology risk assessment in large complex mission critical environments and designing and developing cyber related controls to mitigate the risk. 

Please note:  The above years of experiences requirement must be obtained within the last seven (7) years.

Substitution:  Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years).  Thirty (30) semester units or forty-five (45) quarter units equal one (1) year.

Working Condition:  Essential duties require the following physical skills and work environment:  Ability to work in a standard office environment which may involve prolonged sitting, bending and operation of typing, word processing and other office equipment; and ability to work evening meetings.

DESIRABLE QUALIFICATIONS:

The stated desirable qualifications may be used to identify job finalists at the end of the selection process when candidates are referred for hiring.

• Possession of a Bachelor’s degree in information technology, telecommunications, management information systems, computer science, computer engineering, or a closely related field, or discipline.
• Industry certifications are highly desirable in one or more disciplines related to audit, project management and/or information security, e.g. CISSP, PCI ISA, CRISC, PMP.
• Recent and verifiable experience reviewing firewall logs and refining firewall security policies.
• Recent and verifiable experience with information security cloud architecture (particularly AWS)
• Recent and verifiable experience developing and implementing an enterprise cybersecurity program.
• Working knowledge of multiple cyber-related audit frameworks.
• Ability to direct auditing and/or quality assurance efforts designed to ensure ongoing compliance against agreed upon standards and practices.

Applicants must meet the minimum qualification requirement by the final filing date unless otherwise noted.

One year full-time employment is equivalent to 2,000 hours (2,000 hours of qualifying work experience is based on a 40 hour work week). Any overtime hours that you work above 40 hours per week are not included in the calculation to determine full-time employment.

All your information will be kept confidential according to EEO guidelines.

Compensation: $141,934.00 - $178,516.00 Yearly.  Salary upon appointment will be based on candidate’s documented and substantiated exceptional skills and experience. 

Information about the Hiring Process: click here

Filing Deadline: Interested applicants are encouraged to apply as soon as possible as this announcement my close at any time after 5:00 PM on Friday, November 19, 2021.

Question: if you have any questions regarding this job, please contact the Recruiter at [email protected]. 

Selection Procedure:

The selection process will include evaluation of applications in relation to minimum requirements.  Applicants meeting the minimum qualifications are not guaranteed advancement to the interview.  Depending on the number of applicants, the Department may establish and implement additional screening mechanisms to comparatively evaluate the qualifications of candidates.  If this becomes necessary, only those applicants whose qualifications most closely meet the needs of the Department will be invited for an interview.

Notes:  Applicants who meet the minimum qualifications are not guaranteed advancement through all of the steps in the selection procedure.

Transportation Security Administration (TSA) Security Clearance
Candidates for employment with the San Francisco Airport Commission are required to undergo a criminal history record check, including FBI fingerprints, and Security Threat Assessment in order to determine eligibility for security clearance and may be required to undergo drug/alcohol screening. Per Civil Service Commission Rule Section 110.9.1, every applicant for an examination must possess and maintain the qualifications required by law and by the examination announcement for the examination. Failure to obtain and maintain security clearance may be basis for termination from employment with the Airport Commission.

CONDITION OF EMPLOYMENT:  All City and County of San Francisco employees are required to be vaccinated against COVID-19 as a condition of employment.  For details on how it is applicable to your employment, please click here.

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.