Appointment Type:  Permanent Exempt. This position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the Appointing Officer.

• Application Opening: Friday, September 13, 2024

• Application Deadline: Apply Immediately. Application filing will be open at least through 5:00 PM on Friday September 20, 2024 and will close any time thereafter.

• Compensation Range: $159,692 - $200,850 annually

• Recruitment ID: REF44664D-01155096

• Location:  San Francisco International Airport

• Working Hours: Full-time, 40 hours per week, Monday – Friday, 8 am - 5 pm, Hybrid work schedule

San Francisco International Airport (SFO), an enterprise department of the City and County of San Francisco (CCSF), has approximately 1,700 CCSF employees and strives to be a diverse, equitable, and inclusive employer.

SFO’s mission is delivering an airport experience where people and our planet come first and our core values are Safety and Security, Teamwork, Excellence, Care, and Equity. Learn more about careers at SFO.

For more information about SFO, visit www.flysfo.com. Follow us on Twitter and Facebook.

Under the direction of the Director, Cybersecurity and Compliance, the Principal Cybersecurity Engineer is responsible for the overall security of information assets and technologies through the creation and support of preventative, detective, and corrective controls. Identifies, refines, and analyzes cyber-security data across a wide variety of sources to report against agreed upon key performance indicators measuring the efficacy of these controls. Works closely with IT operations and engineering teams to identify and remediate cyber-security issues and concerns.

The Principal Cybersecurity Engineer may provide technical supervision over other IS Engineers, technical leadership and direction, technical responsibility for completion of major projects, and serves as a technical authority for one or more related specialties. Performs and reviews complex work involving analysis, planning, designing, implementation, maintenance, troubleshooting and enhancement of complex large systems or networks and the physical and logical components that integrate these systems together. Serves as a lead technical architect and systems integrator for large complex systems and networks.

As a team member of SFO, you will embrace SFO’s core values and SFO’s Racial Equity Action Plan (https://www.flysfo.com/sites/default/files/Racial_Equity_Plan-4.06.2021-v19.pdf) .

You are excited about this opportunity because you will:

• Document cyber-security standards, specifications, policies, processes, procedures, and industry recognized best practices for the design, implementation, testing, deployment, and maintenance of cyber-security controls that ensure the confidentiality, integrity, and availability of airport information, information systems, and operational technology. Ensure said documentation is aligned to and consistent with departmental directives, policies and regulations. Reviews said documentation prior to general distribution.

• Establish and refine cyber security requirements for the development or enhancement of large complex systems and networks operating over dissimilar platforms and technologies that comprise the backbone of enterprise information and operational technology infrastructure. May involve harmonizing controls across different standards and frameworks including but not limited to the Payment Card Industry Data Security Standard, the National Institute of Standards and Technology Cyber Security Framework, and Department of Homeland Security Transportation Security Agency rules and regulations.

• Design, implement and enhance the preventative, detective, and corrective cyber security controls that protect airport information, information systems, and operational technology. Provide problem determination, corrective measures and technical support for said controls to the programmers, business analysts, project managers, operations staff, technicians, administrators, end users and management team. Liaise and collaborate between different sections, divisions, departments and engineering peers to analyze, detect, identify, and resolve cyber-security and operational issues of high complexity and scope.

• Plan, implement and maintain upgrades, updates, and fixes for enterprise systems and related cybersecurity components without adversely affecting the overall availability and reliability of said systems and networks. May be required to provide after-hours support for mission critical systems. Assist in the coordination and implementation of corrective measures while adhering to change control policies and practices.

• Manage and test cyber security configurations for Linux and Microsoft Windows operating systems, CrowdStrike, Palo Alto Networks firewalls, Amazon Web Services, Microsoft Azure and Entra ID in both production and non-production environments.

• Review cyber-security vulnerabilities, advisories, and alerts from a variety of sources; determines applicability to current and planned information systems and data, assesses potential impact to airport operations, and coordinates follow up activities based on the severity and exploitability of these vulnerabilities. Respond to cybersecurity incidents as directed.

• Assist in the development of strategic plans to meet cyber-security and technology needs, May research and conduct feasibility studies for new hardware and software necessary to implement said plans. Make recommendations on these studies and provide cost and time allocation estimates for same.

• Manage major projects to successfully meet schedule, budget, and scope. Work closely with vendors, contractors, technology stakeholders, and participate in technical committees and project delivery teams. May monitor, coordinate, and assist in developing technology budget. May direct and monitor technical support activities related to said activities.

• May review and recommend personnel actions in areas of performance, evaluation, training, selection and disciplinary measures. Ensure that appropriate policies and procedures are followed by subordinates. May supervise, provide guidance for and participate in the work of subordinates. May supervise and coordinate the analysis, planning, installation, integration, maintenance, customization and enhancement of hardware and software for complex large systems or networks.

• May include additional duties as assigned by the Airport's CIO and CISO.

• Perform other functions outlined in the 1044 IS-Engineer Principal (https://careers.sf.gov/classifications/?classCode=1044&setId=COMMN) job classification

Education: An associate degree in computer science, computer engineering, software engineering, or a closely related field from an accredited college or OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in one of the fields above or a closely-related field].

Experience: Five (5) years of recent and verifiable experience analyzing, installing, configuring, enhancing, and/or maintaining cyber security controls across an enterprise network.

Note: One-year full-time employment is equivalent to 2000 hours (2000 hours of qualifying work experience is based on a 40 hours work week.)  Any overtime hours that you work above forty (40) hours per week are not included in the calculation to determine full-time employment.

Note: Applicants must meet the minimum qualification requirement by the final filing date unless otherwise noted.

Desirable Qualifications:

The stated desirable qualifications may be considered at the end of the selection process when candidates are referred for hiring.

• Four (4) years of verifiable cybersecurity experience working in an airport environment or similar experience within the DHS Transportation Systems Sector.

• Three (3) years of verifiable cybersecurity experience managing and maintaining satisfactory compliance against the PCI Data Security Standard.

• Two (2) years of verifiable cybersecurity experience managing Palo Alto Networks firewalls or similar next-generation devices capable of deep packet inspection.

• Two (2) years of verifiable cybersecurity experience managing a successful vulnerability management program using CrowdStrike, Tenable or similar.

• Two (2) years of verifiable cybersecurity experience implementing, troubleshooting and supporting network segmentation strategies for Linux and Microsoft Windows endpoints across Juniper network switches and routers or similar enterprise class networking infrastructure.

• One or more of the following certifications:

• Certified Information Systems Security Professional (CISSP) by the International Information System Security Certification Consortium, also known as (ISC)², or associate CISSP certification.

• Certification as Payment Card Industry Internal Security Assessor (ISA) or Qualified Security Assessor (QSA) by the Payment Card Industry (PCI) Security Standards Council (SSC).

• SANS Cybersecurity certifications in GIAC (Global Information Assurance Certification), GICSP (Cybersecurity of Industrial Control Systems), Certified Ethical Hacker (CEH) Certification from the International Council of Electronic Commerce Consultants (EC-Council), or other SANS certifications based on similar cyber-security knowledge and experienced.

• Citizen of the United States, Canada, United Kingdom, Australia, or New Zealand.

Verification:

Applicants may be required to submit verification of qualifying education and experience at any point during the recruitment and selection process. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at https://sfdhr.org/how-verify-education-requirements.

All work experience, education, training and other information substantiating how you meet the minimum qualifications must be included on your application by the filing deadline.

Information submitted after the filing deadline will not be considered in determining whether you meet the minimum qualifications.

Resumes will not be accepted in lieu of a completed City and County of San Francisco application. 

Applications completed improperly may be cause for ineligibility, disqualification or may lead to lower scores.

Note: Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.

Transportation (TSA) Security Clearance: Candidates for employment with the San Francisco Airport Commission are required to undergo a criminal history record check, including FBI fingerprints, and Security Threat Assessment to determine eligibility for security clearance and may be required to undergo drug/alcohol screening. Per Civil Service Commission Rule Section 110.9.1, every applicant for an examination must possess and maintain the qualifications required by law and by the examination announcement for the examination. Failure to obtain and maintain security clearance may be the basis for termination of employment with the Airport Commission.

Additional Information Regarding Employment with the City and County of San Francisco:

• Information About the Hiring Process (https://careers.sf.gov/knowledge/process/)  

• Conviction History (https://careers.sf.gov/knowledge/conviction-history/)  

• Employee Benefits Overview  (https://careers.sf.gov/benefits/)   

• Equal Employment Opportunity (https://www.sf.gov/what-equal-employment-opportunity-and-how-file-claim)   

• Disaster Service Worker (https://sfdhr.org/disaster-service-workers)  

• ADA Accommodation (https://sfdhr.org/information-about-hiring-process#applicantswithdisabilities)  

• Veterans Preference (https://sfdhr.org/recruitment-details#veteranspreference)  

• Seniority Credit in Promotional Exams (https://sfdhr.org/recruitment-details#senioritycredit)  

• Right to Work (https://sfdhr.org/recruitment-details#identification)  

• Copies of Application Documents (https://sfdhr.org/recruitment-details#copies)  

• Diversity Statement (https://sfdhr.org/recruitment-details#diversitystatement)  

HOW TO APPLY

Applications for City and County of San Francisco jobs are only accepted through an online process. Visit https://careers.smartrecruiters.com/CityAndCountyOfSanFrancisco1/ and begin the application process.

• Select the “I’m Interested” button and follow instructions on the screen.

Applicants may be contacted by email about this recruitment and, therefore, it is their responsibility to ensure that their registered email address is accurate and kept up-to-date. Also, applicants must ensure that email from CCSF is not blocked on their computer by a spam filter. To prevent blocking, applicants should set up their email to accept CCSF mail from the following addresses (@sfgov.org, @sfdpw.org, @sfport.com, @flysfo.com, @sfwater.org, @sfdph.org, @asianart.org, @sfmta.com, @sfpl.org, @dcyf.org, @first5sf.org, @famsf.org, @ccsf.edu, @smartalerts.info, and @smartrecruiters.com).

Applicants will receive a confirmation email that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received.

Recruitment Analyst Information: If you have any questions regarding this recruitment or application process, please contact the analyst Yevette Ivy Solmoro at yevetteivy.sugabosol@flysfo.com.

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.