Technology Expert I - Principal Cyber Security Engineer - SFO (9976)

Position Overview

Appointment Type: Permanent-Exempt. This role is exempt from Civil Service Commission rules pursuant to the City and County of San Francisco Charter Section 10.104, and incumbents serve at the discretion of the Appointing Officer. Under the direction of the Acting Chief Information Security Officer (CISO), the 9976 Principal Cyber Security Engineer will play a critical role in developing, implementing, and maintaining effective cybersecurity strategies and infrastructures to protect SFO’s critical systems, networks, and sensitive data. The position’s primary focus is to strengthen SFO’s information security posture in response to emerging, sophisticated cyber threats while ensuring the integrity, availability, and confidentiality of ICT, ICS, and electronic data resources.

Key Responsibilities

• Serve as the primary subject matter expert for information security and cybersecurity for SFO, maintaining cutting-edge skills in both ICT and ICS environments.
• Liaise with other Airport sections, City departments, vendors, contractors, and agencies to address information security and cybersecurity matters.
• Recommend and implement new or revised security measures based on risk analysis to protect SFO information systems and resources, including documenting deviations from intended mitigations.
• Maintain and enhance SFO’s vulnerability management program, including patch management, vulnerability scanning, and monthly effectiveness reporting.
• Develop, maintain, and oversee an agile software development lifecycle process for SFO development teams, ensuring remediation actions effectively mitigate risks.
• Engage in requirements definitions for IT initiatives and projects, analyzing risks in alignment with SFO IT and architecture standards.
• Assess and recommend cloud security controls to ensure adequate data access and protection for SFO’s cloud presence.
• Plan, direct, and provide oversight on multiple cybersecurity projects and initiatives.
• Facilitate a consistent and positive security posture across multiple, independent information systems within SFO.
• Identify and manage cybersecurity threats and incidents as directed by the Chief Information Officer and CISO.
• Assess the effectiveness of existing processes, procedures, controls, and safeguards to prevent cybersecurity breaches across SFO’s infrastructure.
• Provide technical expertise to identify and remediate exploitable cyber-related vulnerabilities, including detecting and blocking emerging cyberattacks.
• Offer technical direction to ensure SFO can respond to cyber-related issues in accordance with digital forensic and incident response guidelines established by US-CERT and the U.S. Department of Justice.
• Lead the design, implementation, and monitoring of technical controls related to information security across all Airport divisions.
• Oversee annual penetration testing of SFO networks and systems, ensuring timely remediation and proper documentation of any security infractions.
• Direct the design, implementation, and monitoring of all remote-access mechanisms associated with Airport information assets, identifying and mitigating threats and vulnerabilities.
• Serve as the primary liaison with Airport subcontractors regarding cybersecurity issues and concerns.
• Provide strategic direction and oversight in the field of information security and forensics as directed by the CISO.
• Facilitate communication between SFO and federal agencies—including ICSCERT, US-CERT, MS-ISAC, FBI, United States Secret Service, and the Electronic Crimes Task Force—on information security matters.
• Offer technical oversight for Airport-managed information systems subject to the Federal Criminal Justice Information Systems (CJIS) Security Policy, in accordance with the MOU between the San Francisco Airport Commission and the San Francisco Police Department.
• Oversee the design, implementation, and monitoring of remote-access mechanisms associated with Airport information assets.
• Perform additional duties as assigned.