Cybersecurity Expert I (9976) ITT- SFO (160108)

Under the direction of the Director Cybersecurity and Compliance the Cybersecurity Expert I analyzes plans designs implements maintains troubleshoots and enhances the confidentiality integrity and availability of large complex systems and networks. This position contributes to the overall security of Airport information assets and technologies through the creation and ongoing support of preventative detective and corrective controls.  Cybersecurity Expert I identifies refines and analyzes cybersecurity data across a wide variety of sources to report against agree upon key performance indicators measuring the efficacy of these controls.  This position works closely with Airports operations and engineering teams to remediate cybersecurity issues and concerns.

You are excited about this opportunity because you will:

1. Serve as a primary subject matter expert for information security and cyber-security for SFO: maintain skills and expertise within areas of cybersecurity and information security for ICT and ICS environments. Contribute to requirements definitions on SFO initiatives and projects including analysis of risks aligned with IT and OT reference architecture and standards.
2. Work with clients to identify business and technical cybersecurity requirements. Determine cybersecurity requirements for the development or enhancement of large complex systems and networks that comprise the backbone of the Airports information technology and infrastructure; determine the suitability of existing solutions to meet these requirements. Lead the design implementation and monitoring of all remote-access mechanisms associated with Airport information assets.
3. Assess the effectiveness of existing processes procedures controls and safeguards to prevent cyber-security breaches across SFOs infrastructure. Facilitate a consistent and positive security posture across multiple independent information systems throughout SFO. Assess and provide recommended cloud security controls to facilitate security of SFO cloud presence including adequate accounting of data access controls. Identify and remediate threats and vulnerabilities to these assets.
4. Maintain and continually improve SFOs vulnerability management program including but not limited to patch management vulnerability scanning and reporting monthly status on the programs effectiveness. Recommend and implement new or revised security measures based on risk analysis for purposes of protecting SFO information systems and resources performing periodic analysis of security measure effectiveness and documenting deviations from intended mitigation.
5. Identify and respond to cybersecurity threats and incidents as directed by the Cybersecurity and Compliance Director. Provide technical expertise to enable the Airports ability to identify and remediate exploitable cyber-related vulnerabilities present within the SFOs infrastructure including the ability to detect and block emerging cyberattacks as they occur. Review cybersecurity vulnerabilities advisories and alerts from a variety of sources; determine applicability to Airport information systems and data assess the potential impact on Airport operations; and coordinate follow-up activities based on the severity and exploitability of these vulnerabilities. Provide the technical expertise to enable the Airports ability to respond to cyber-related issues in accordance with digital forensic and incident response guidelines established by US-CERT and the U.S. Department of Justice.
6. Lead the design implementation and monitoring of technical controls related to information security across all Airport divisions. Collaborate with engineering peers to analyze detect identify and correct cybersecurity issues within Airport information systems; troubleshoot issues of high complexity and scope.  Be responsible for planning direction and oversight on multiple cyber security projects and initiatives. Direct projects to successfully meet schedule budget and scope.
7. Direct and coordinate cybersecurity reviews of software architecture programs and code that is developed for and deployed within Airport information systems including the implementation and testing of remediation activity arising from cybersecurity assessments and audits. Administer penetration testing of SFO networks and systems. Ensure that remediation of infractions resulting from annual pen tests are properly documented and corrected in a timely fashion.
8. Manage the coordination and implementation of corrective measures while adhering to change control policies and practices; this may involve site visits telephone assistance remote systems or network management and participation in technical committees.
9. Liaise with other Airport sections and City departments and maintain cooperative relationships with vendors contractors and other agencies. Facilitate communication between SFO and federal agencies in matters related to information security and cyber-security as directed by Cybersecurity and Compliance Director.
10. Prepare documentation related to cybersecurity standards specifications and procedures including troubleshooting techniques related to system and network software and hardware; develop and review documentation prior to general distribution.
11. Demonstrate and provide training on cybersecurity technologies and systems to both IS and non-IS professionals including demonstration and training of staff in the use of new hardware or software products. Collaborate with vendors technical support hot-lines and other sections divisions and departments to resolve complex systems or network problems.
12. Design plan integrate test implement document and enhance the physical and logical controls used to protect the confidentiality integrity and availability of Airport information systems and data including but not limited to SAML public key encryption secret key encryption SSH SSL and multi-factor maintain and install security products and applications including but not implemented to: Tenable Nessus and Tenable Security Center Crowdstrike MDR/EDR and next-generation firewalls. Monitor network performance and capacity using management tools such as Splunk or SolarWinds. Perform and utilize protocol captures and decodes using commercial and open-source tools such as Wireshark and next-generation firewalls.
13. Perform other duties as assigned.

Qualifications :

1. Education:

An associate degree in computer science computer engineering software engineering or a closely related field from an accredited college or university or its equivalent in terms of total course credits/units. i.e. at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in one of the fields above or a closely related field.

AND

2. Experience:

Five (5) years of experience analyzing installing configuring enhancing and/or maintaining the components of an enterprise network.

Substitution:

Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units/ forty-five (45) quarter units with a minimum of 10 semester / 15 quarter units in one of the fields above or a closely related field.

Completion of the 1010 Information Systems Trainee Program may be substituted for the required degree.

One-year full-time employment is equivalent to 2000 hours (2000 hours of qualifying work experience is based on a 40-hour work week). Any overtime hours that you work above 40 hours per week are not included in the calculation to determine full-time employment.

Desirable Qualifications:

• Two (2) or more years of experience designing implementing and managing security policy on Palo Alto Networks firewalls in a large complex environment.
• Two (2) or more years of operational experience managing a cybersecurity vulnerability management program using cyber-security tools such as the Crowdstrike EDR/MDR platform in an airport environment or a similar large regulated complex multi-tenant environment.
• Two (2) or more years of experience working with business and technical stakeholders creating accurate network and data-flow diagrams from which accurate firewall policy can be established.
• Two (2) or more years of experience designing implementing supporting Microsoft Entra ID hybrid joined devices including responding to cybersecurity incidents involving Microsoft Entra ID Microsoft Intune and Windows Hello.
• Two (2) or more years of experience contributing to the success of large complex multi-year IT cyber-security projects and initiatives within a large federal state or municipal government department.
• Ability to meet and maintain compliance with IC-710 requirements for Controlled Unclassified Information (CUI).
• Ability to obtain National Security Clearance.

Verification:

Every application is reviewed to ensure that you meet the minimum qualifications listed in the job ad. Please review our articles on Employment Application and Minimum Qualifications and Verification of Experience and/or Education for considerations taken when reviewing applications. 

Note: Falsifying ones education training or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.  All work experience education training and other information substantiating how you meet the minimum qualifications must be included on your application by the filing deadline. Information submitted after the filing deadline will not be considered in determining whether you meet the minimum qualifications. 

Resumes will not be accepted in lieu of a completed City and County of San Francisco application. 

Applications completed improperly may be cause for ineligibility disqualification or may lead to lower scores.

Selection Procedures:

The selection process will include evaluation of applications in relation to minimum requirements.  Applicants meeting the minimum qualifications are not guaranteed advancement to the interview.  Depending on the number of applicants the Department may establish and implement additional screening mechanisms to comparatively evaluate the qualifications of candidates.  If this becomes necessary only those applicants whose qualifications most closely meet the needs of the Department will be invited for an interview.

Notes: Applicants who meet the minimum qualifications are not guaranteed advancement through all of the steps in the selection procedure.

Transportation Security Administration (TSA) Security Clearance:

Candidates for employment with the San Francisco Airport Commission are required to undergo a criminal history record check including FBI fingerprints and Security Threat Assessment in order to determine eligibility for security clearance and may be required to undergo drug/alcohol screening. Per Civil Service Commission Rule Section 110.9.1 every applicant for an examination must possess and maintain the qualifications required by law and by the examination announcement for the examination. Failure to obtain and maintain security clearance may be basis for termination from employment with the Airport Commission.

Medical Examination: Prior to appointment candidates must successfully pass a medical examination to determine their ability to perform the essential functions of the job and/or the ability to meet the physical minimum requirements.

Additional Information :

Additional Information Regarding Employment with the City and County of San Francisco:

• Information About the Hiring Process
• Conviction History
• Employee Benefits Overview  
• Equal Employment Opportunity 
• Disaster Service Worker
• ADA Accommodation
• Right to Work
• Copies of Application Documents
• Diversity Statement

Where to Apply
All job applications for the City and County of San Francisco must be submitted through our online portal. Please visit  begin your application process. Computers are available for the public (9:00 a.m. to 4:00 p.m. Monday through Friday) to file online applications in the lobby of the Dept. of Human Resources at 1 South Van Ness Avenue 4th Floor and at the City Career Center at City Hall1 Dr. Carlton B. Goodlett Place Room 110.

Ensure your application information is accurate as changes may not be possible after submission. Your first and last name must match your legal ID for verification and preferred names can be included in parentheses. Use your personal email address not a shared or work email to avoid unfixable issues.

Applicants will receive a confirmation email from  that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received.

Exam Analyst Information:  If you have any questions regarding this recruitment or application process please contact exam analyst Ronnie Jones at

The City and County of San Francisco encourages women minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex race age religion color national origin ancestry physical disability mental disability medical condition (associated with cancer a history of cancer or genetic characteristics) HIV/AIDS status genetic information marital status sexual orientation gender gender identity gender expression military and veteran status or other protected category under the law.

Remote Work :

No

Employment Type :

Full-time