Looking for a cybersecurity role where your work truly matters? Look no further – San Francisco International Airport (SFO) is seeking a Principal Cybersecurity Engineer.

Under the direction of the Director, Cybersecurity and Compliance, the Principal Cybersecurity Engineer analyzes, plans, designs, implements, maintains, troubleshoots, and enhances the confidentiality, integrity, and availability of large complex systems and networks. This position contributes to the overall security of Airport information assets and technologies through the creation and ongoing support of preventative detective and corrective controls. The Principal Cybersecurity Engineer identifies, refines, and analyzes cybersecurity data across a wide variety of sources to report against agree upon key performance indicators measuring the efficacy of these controls. This position works closely with Airport’s operations and engineering teams to remediate cybersecurity issues and concerns.

Apply now at: https://careers.sf.gov/l?go=C1dJOIxY

You are excited about this opportunity because you will:

– Serve as a primary subject matter expert for information security and cyber-security for SFO: maintain skills and expertise within areas of cybersecurity and information security for ICT and ICS environments. Contribute to requirements definitions on SFO initiatives and projects, including analysis of risks aligned with IT and OT reference architecture and standards.
– Work with clients to identify business and technical cybersecurity requirements. Determine cybersecurity requirements for the development or enhancement of large complex systems and networks that comprise the backbone of the Airport’s information technology and infrastructure; determine the suitability of existing solutions to meet these requirements. Lead the design, implementation, and monitoring of all remote-access mechanisms associated with Airport information assets.
– Assess the effectiveness of existing processes, procedures, controls, and safeguards to prevent cyber-security breaches across SFO’s infrastructure. Facilitate a consistent and positive security posture across multiple independent information systems throughout SFO. Assess and provide recommended cloud security controls to facilitate security of SFO cloud presence, including adequate accounting of data access controls. Identify and remediate threats and vulnerabilities to these assets.
– Maintain and continually improve SFO’s vulnerability management program, including but not limited to patch management, vulnerability scanning, and reporting monthly status on the program’s effectiveness. Recommend and implement new or revised security measures based on risk analysis for purposes of protecting SFO information systems and resources, performing periodic analysis of security measure effectiveness, and documenting deviations from intended mitigation.
– Identify and respond to cybersecurity threats and incidents as directed by the Cybersecurity and Compliance Director. Provide technical expertise to enable the Airport’s ability to identify and remediate exploitable cyber-related vulnerabilities present within the SFO’s infrastructure including the ability to detect and block emerging cyberattacks as they occur. Review cybersecurity vulnerabilities, advisories, and alerts from a variety of sources; determine applicability to Airport information systems and data, assess the potential impact on Airport operations; and coordinate follow-up activities based on the severity and exploitability of these vulnerabilities. Provide the technical expertise to enable the Airport’s ability to respond to cyber-related issues in accordance with digital forensic and incident response guidelines established by US-CERT and the U.S. Department of Justice.
– Lead the design, implementation, and monitoring of technical controls related to information security across all Airport divisions. Collaborate with engineering peers to analyze, detect, identify, and correct cybersecurity issues within Airport information systems; troubleshoot issues of high complexity and scope. Be responsible for planning, direction and oversight on multiple cyber security projects and initiatives. Direct projects to successfully meet schedule, budget, and scope.
– Direct and coordinate cybersecurity reviews of software architecture, programs, and code that is developed for and deployed within Airport information systems, including the implementation, and testing of remediation activity arising from cybersecurity assessments and audits. Administer penetration testing of SFO networks and systems. Ensure that remediation of infractions resulting from annual pen tests are properly documented and corrected in a timely fashion. Direct the coordination and implementation of corrective measures while adhering to change control policies and practices; this may involve site visits, telephone assistance, remote systems or network management, and participation in technical committees.
– Liaise with other Airport sections and City departments and maintain cooperative relationships with vendors, contractors, and other agencies. Facilitate communication between SFO and federal agencies in matters related to information security and cyber-security as directed by Cybersecurity and Compliance Director.
– Prepare documentation related to cybersecurity standards, specifications, and procedures, including troubleshooting techniques related to system and network software and hardware; develop and review documentation prior to general distribution. Demonstrate and provide training on cybersecurity technologies and systems to both IS and non-IS professionals including demonstration and training of staff in the use of new hardware or software products. Collaborate with vendors, technical support hot-lines, and other sections, divisions, and departments to resolve complex systems or network problems.
– Design, plan, integrate, test, implement, document, and enhance the physical and logical controls used to protect the confidentiality, integrity, and availability of Airport information systems and data, including, but not limited to SAML, public key encryption, secret key encryption, SSH, SSL, and multi-factor authentication. Configure, maintain, and install security products and applications including, but not implemented to: Tenable Nessus and Tenable Security Center, Crowdstrike MDR/EDR, and “next-generation” firewalls. Monitor network performance and capacity using management tools such as Splunk or SolarWinds. Perform and utilize protocol captures and decodes using commercial and open-source tools such as Wireshark and next-generation firewalls.

How to Qualify

Education: An associate degree in computer science, computer engineering, software engineering, or a closely related field from an accredited college or university or its equivalent in terms of total course credits/units. [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in one of the fields above or a closely related field].

AND

Experience: Five (5) years of experience analyzing, installing, configuring, enhancing, and/or maintaining the components of an enterprise network.

License and Certification:

Desirable Qualifications:

– Two (2) or more years of experience maintaining satisfactory attestation against one or more Cardholder Data Environments subject to the Payment Card Industry Data Security Standard (PCI-DSS).
– Two (2) or more years of operational experience managing a cybersecurity vulnerability management program, using cyber-security tools such as Tenable Nessus, Tenable Security Center and the Crowdstrike EDR/MDR platform in an airport environment or a similar large, regulated, complex multi-tenant environment.
– Two (2) or more years of experience working with business and technical stakeholders creating accurate network and data-flow diagrams from which accurate firewall policy can be established.
– Two (2) or more years of experience contributing to the success of large, complex, multi-year IT cyber-security projects and initiatives within a large federal, state, or municipal government department.
– (ISC)² certification or associate certification as Certified Information Systems Security Professional (CISSP) by the International Information System Security Certification Consortium, also known as (ISC)².
– Ability to obtain National Security Clearance.