Cyber Defense Data Engineer I - Department of Technology (1041)

Career Opportunity

Cyber Defense Data Engineer I - Department of Technology (1041)

Recruitment: RTF0129587-01151666

Published: May 11, 2023

Contact:

Carol Wong - carol.x.wong@sfgov.org

Apply using SmartRecruiters, the City and County of San Francisco's application portal Learn More

Department: Technology
Job class: 1041-IS Engineer-Assistant
Salary range: $119,158.00 - $149,890.00
Role type: Permanent Exempt What does this mean?
Hours: Full-time

About:

This announcement has been updated to adjust the Company Description.

Why Work for the Department of Technology (DT)? DT is the centralized technology services provider in the City and County of San Francisco (CCSF). We deliver technology infrastructure and services to approximately 33,000 employees! With an annual operating budget of over $140M and approximately 260 employees, DT provides a host of services that range from Public Safety radio and wiring and Network services to Enterprise Support and the Cloud.

Benefits of Working for CCSF: In addition to challenging and rewarding work, the City provides a generous suite of benefits to its employees.

Job security, pension, and robust retirement options
Competitive pay with consistent bi-yearly or yearly increases
Hybrid Work with a minimum of 20% of time spent in our office in San Francisco, California for all IT related roles
Generous paid time off, family leave, and more!
Diverse work environment in a diverse city
Union protections and representation
Career development and growth — move between departments, learn on the job, or take subsidized/reimbursed classes!

PEOPLE-CENTERED SOLUTIONS — have a powerful, meaningful effect on the community each day with people at the heart of every solution!

CLOSING THE DIGITAL DIVIDE — bring the benefits of the internet to low-income and marginalized residents!

SHINE A LIGHT ON WHAT MATTERS — join an award-winning production team at SFGovTV to help residents watch legislators or learn more about what makes this City great!

DRIVE INNOVATION — deliver new, cutting-edge technology to residents and city partners to help San Francisco serve its residents!

Role description

The Office of Cyber Security (OCS) is the centralized cyber security provider within San Francisco City & County government, delivering cyber guidance and services to approximately 28,000 employees and 800,000 citizens. Core service areas include Business Continuity Planning and Disaster Recovery Planning, Identity and Access Management (IAM), Centralized Security Information and Event Management (SIEM), and Vulnerability Management.

Cyber Defense Engineers will work closely with members of the OCS and Cyber Defense Operation (CDOT) staff in their day-to-day efforts. Additionally, they will work with ad hoc teams to resolve incidents and determine root cause for security events. They are critical members of the Incident Response and Threat Intelligence teams.

Essential Duties:

Under the direction of Cyber Security Defense Operations Manager, you will

Identify log sources required for sufficient visibility into security events
Work with City Departments to collect the identified logs
Perform ETL functions necessary for consumption of the logs into the SEIM.
Perform tuning of the SIEM filters and correlations to continuously improve monitoring.
Participate in the security incident handling efforts in response to a detected incident, and coordinate with other stakeholders.
Ensure that Service Level Agreements are met.
Maintain standard operating procedures, processes, and guidelines.
Automate security analysis, administration and remediation procedures, workflows and tasks.
Maintain awareness of trends in security regulatory, technology, and operational requirements.
Participate in audits.
Provide 24-hour on-call support to ensure rapid recovery from software or hardware problems for mission-critical systems and networks.

Job Type:

The Permanent Exempt - Full Time position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the appointment officer. The anticipated duration of this project position is thirty-six (36) months and will not result in an eligible list or permanent civil service hiring.

Nature of Work:

Incumbent must be willing to work a 40-hour week as determined by the department.

Work Location:

Incumbent will conduct the majority of work at the Department of Technology, One South Van Ness Avenue, 2nd Floor. However, there may be situations where the incumbent will be required to work at other sites throughout the City of San Francisco as necessary. This position is not supporting 100% working remotely that employee needs to work two days in the office every two weeks.

How to qualify

Education:

An associate degree in computer science, or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in computer science or a closely-related field].

Substitution:

Experience in analyzing, installing, configuring, enhancing and/or maintaining the components of an enterprise network may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units/ forty-five (45) quarter units with a minimum of 10 semester / 15 quarter units in computer science or a closely related field.

Completion of the 1010 Information Systems Trainee Program may be substituted for the required degree.

Desirable Qualifications:

2 yrs. experience with Vulnerability Management and Scanning Tools such as Tenable Nessus Security Center, Rapid7 Nexpose, Qualys, etc.
2 yrs. Experience with OS (Linux, Unix, Windows, Mac OSX) and Windows Services (Active Directory, LDAP, etc.)
2 yrs. experience with management of common enterprise grade IT and Security technologies from major vendors (IBM, Cisco, Juniper, Symantec, Palo Alto, FireEye, HP, Microsoft, etc.)
Security +
2 yrs. experience with email security tools

Note:

1) Security Clearances & Background Investigations: Criminal Justice Information Services (CJIS) Security Clearance may be required. Positions in this classification may require that successful candidates who become eligible for appointment may be required to go through a background investigation to determine the candidate's suitability for employment in this classification. Factors considered in the investigation may include employment history, use of illegal/controlled substances. Reasons for rejection based on this investigation may include, but not limited to applicable convictions, repeated or serious violations of the law, inability to accept supervision, inability to follow rules and regulations, falsification of application materials and/or other relevant factors. Failure to obtain and maintain security clearance may be basis for termination.

Verification: Applicants may be required to submit verification of qualifying education and experience at any point in the application and/or departmental selection process. Written verification (proof) of qualifying experience must verify that the applicant meets the minimum qualifications stated on the announcement. Written verification must be submitted on employer’s official letterhead, specifying name of employee, dates of employment, types of employment (part-time/full-time), job title(s), description of duties performed, and the verification must be signed by the employer. City employees will receive credit for the duties of the class to which they are appointed. Credit for experience obtained outside of the employee’s class will be allowed only if recorded in accordance with the provisions of the Civil Service Commission Rules. Experience claimed in self-employment must be supported by documents verifying income, earnings, business license and experience comparable to the minimum qualifications of the position. Copies of income tax papers or other documents listing occupations and total earnings must be submitted. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at http://sfdhr.org/index.aspx?page=456.

Note: Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.

What else should I know?

Compensation: $54.6625 - $68.7500 (hourly) / $113,698 - $143,000 (annual)

How to Apply:

Applicants are encouraged to apply immediately as this recruitment may close at any time, but not before December 29, 2022 at 11:59PM.
Important:
- Your application MUST include a resume. To upload, please attach using the "additional attachments" function.

You may contact Carol Wong via email at carol.x.wong@sfgov.org with questions regarding this opportunity.

Late or incomplete submissions will not be considered. Mailed, hand delivered or faxed documents/applications will not be accepted.

Right to Work:

All persons entering the City and County of San Francisco workforce are required to provide verification of authorization to work in the United States.

Helpful Information

All your information will be kept confidential according to EEO guidelines.

CONDITION OF EMPLOYMENT: All City and County of San Francisco employees are required to be fully vaccinated against COVID-19 as a condition of employment. Someone is fully vaccinated when 14 days have passed since they received the final dose of a two-shot vaccine or a dose of a one-shot vaccine. Any new hire must present proof of full vaccination status to be appointed. Any new hire who will be routinely assigned or occasionally enter High-Risk Settings, must provide proof of having received a COVID-19 booster vaccine by March 1, 2022, or once eligible.

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.