Cyber Defense Data Engineer I - Department of Technology (1041)

Position Overview

The Office of Cyber Security (OCS) is the centralized cyber security provider within San Francisco City & County government, delivering cyber guidance and services to approximately 28,000 employees and 800,000 citizens. Core service areas include Business Continuity Planning and Disaster Recovery Planning, Identity and Access Management (IAM), Centralized Security Information and Event Management (SIEM), and Vulnerability Management.

Cyber Defense Engineers will work closely with OCS and Cyber Defense Operation staff to resolve incidents and determine the root cause for security events. This role is critical for the Incident Response and Threat Intelligence teams.Permanent Exempt - Full Timeposition with a40-hour week. The primary work location is at the Department of Technology, One South Van Ness Avenue, 2nd Floor, with the expectation to worktwo days in the office every two weeksand occasional assignments at other sites as needed.

Key Responsibilities

• Identify log sources required for sufficient visibility into security events.
• Work with City Departments to collect the identified logs.
• Perform ETL functions necessary for consumption of the logs into the SIEM.
• Tune SIEM filters and correlations to continuously improve monitoring.
• Participate in security incident handling efforts and coordinate with stakeholders.
• Ensure thatService Level Agreementsare met.
• Maintain standard operating procedures, processes, and guidelines.
• Automate security analysis, administration, and remediation procedures, workflows, and tasks.
• Stay aware of trends in security regulatory, technology, and operational requirements.
• Participate in audits.
• Provide24-hour on-call supportto ensure rapid recovery from software or hardware issues for mission-critical systems and networks.