Cyber Defense Operations Engineer - Department of Technology (1042)

Position Overview

The Cyber Defense Infrastructure Enhancement project is a multi-year initiative designed to modernize and strengthen the cybersecurity posture of the City and County of San Francisco (CCSF). The project replaces outdated monitoring tools with advanced technologies and deploys cyber defense capabilities across CCSF-connected networks and independently managed environments, ensuring real-time visibility and data security for essential city services.

As the Cyber Defense Operations Engineer, you will protect the integrity and availability of CCSF's Cyber Defense Operations infrastructure by monitoring security systems, identifying potential threats, and assisting in incident investigation and resolution. This role is critical in supporting CCSF's mission to secure sensitive data and maintain uninterrupted service delivery.

Appointment Type: Permanent Exempt (PEX), Full Time. The project duration is 36 months and is project-based.
Work Location: Department of Technology, 1 S Van Ness Ave, San Francisco, CA 94103, with potential travel as required.
Nature of Work: Hybrid work schedule with possible 24-hour on-call support for mission-critical systems.

Key Responsibilities

• Assist in Root Cause Analysis by collaborating with senior team members to identify the causes of security incidents and implement improvements to prevent reoccurrence.
• Conduct routine Security Audits to assess existing security controls, identify potential gaps, and ensure compliance with internal policies and external regulations.
• Support penetration testing and vulnerability assessments to identify weaknesses in systems and applications.
• Monitor and report on key security metrics by documenting incidents, configurations, and processes, and generating routine security reports.
• Configure, maintain, and troubleshoot security tools, including antivirus software, firewalls, and endpoint protection platforms, ensuring up-to-date protection.
• Engage in proactive threat hunting activities to detect and mitigate potential risks before they affect systems.
• Assist in vulnerability management by scanning systems and networks, supporting remediation efforts, and tracking patches and updates.
• Collaborate with senior engineers and participate in team meetings and on-call rotations to enhance incident handling and security practices.
• Commit to continuous learning and professional development through hands-on experience, training, and certifications on the latest cybersecurity trends.