Cyber Defense Operations Engineer - Department of Technology (1042)

Company Description

Are you ready to make an impact in one of the most innovative cities? The Department of Technology (DT) is looking for passionate IT professionals to help shape the future of technology in San Francisco! As the centralized technology services provider for the City and County of San Francisco (CCSF), DT delivers critical infrastructure and services to over 33,000 employees—supporting public safety, municipal broadband, cybersecurity, cloud solutions, and more! With a $140M+ annual budget and a team of 300+ experts, DT is leading the charge in digital transformation. DT provides services through our core areas of IT Excellence:

• IT Project Management Office
• Enterprise Application Services
• Cloud Center of Excellence
• IT Operations and Support including the Service Desk and NOC
• City Infrastructure including the Network, Telcom and Data Centers
• Office of Cybersecurity including Cyber Defense, Identity Management and Disaster Recovery
• Public Safety Systems and Municipal Broadband Fiber
• SFGovTV Broadcasting Services
• IT Finance and Administration Services
• Emerging Technologies

Why Join Us?  Innovative & Impactful Work At DT, you won’t just work on IT—you’ll power a city. Your expertise will directly impact the residents of San Francisco, from closing the digital divide to ensuring secure, efficient city operations.

Benefits of Working for CCSF:  In addition to challenging and rewarding work, the City provides a generous suite of benefits to its employees.

• Competitive pay, benefits, and retirement options

• Career growth opportunities through training, internal mobility, and subsidized education

• Diverse work environment in a diverse city

• The Department has a hybrid work schedule

Join the team that’s shaping the future of technology in San Francisco. Apply today and be part of a dynamic, innovative, and mission-driven IT team!

Job Description

The Cyber Defense Infrastructure Enhancement project is a multi-year initiative designed to modernize and strengthen the City and County of San Francisco’s (CCSF) cybersecurity posture. This project involves replacing outdated monitoring tools with advanced technologies and deploying cyber defense capabilities across both CCSF-connected networks and independently managed environments. These efforts are vital to maintaining real-time visibility, securing sensitive data, and supporting uninterrupted service delivery across city departments.

The Cyber Defense Operations Engineer is critical to protecting the integrity and availability of CCSF's Cyber Defense Operations infrastructure and the data environments that support essential citywide services. The selected candidate will be responsible for proactively monitoring security systems, identifying potential threats, and assisting in the investigation and resolution of security incidents.

The ideal candidate will bring a strong background in IT security, demonstrate hands-on experience with cybersecurity tools and platforms, and be capable of working effectively in a fast-paced environment with minimal supervision. Their expertise will be instrumental in supporting the successful execution of this project and advancing CCSF’s

The Cyber Defense Operations Engineer will perform technical and analytical tasks that contribute to both daily security operations and long-term strategic goals. The role focuses on assisting with incident response, root cause analysis, vulnerability assessments, security audits, tool support, and threat hunting. It also involves maintaining documentation, tracking key metrics, and contributing to continuous improvement efforts. The position requires collaboration with senior engineers and cross-functional teams, and includes an expectation of ongoing professional development in cybersecurity best practices.

Essential duties include, but are not limited to, the following:

1. Assist in Root Cause Analysis: Collaborate with senior team members to identify the underlying causes of security incidents and contribute to continuous improvement efforts to prevent recurrence.
2. Conduct Routine Security Audits: Support regular security audits to assess the effectiveness of existing security controls, identify potential gaps, and ensure compliance with internal policies and external regulations.
3. Support Penetration Testing: Assist in the preparation and execution of penetration tests or vulnerability assessments to identify security weaknesses in systems and applications.
4. Monitor and Report on Security Metrics: Regularly track and report on key security performance indicators (KPIs) to support the continuous improvement of security measures and response processes. Document incidents, configurations, and processes for use in audits and incident post-mortems. Generate routine security reports, assist in tracking security metrics, and identify areas for improvement.
5. Security Tool Configuration and Maintenance: Help configure, maintain, and troubleshoot security tools, including antivirus software, firewalls, and endpoint protection platforms. Assist in ensuring that security configurations are up-to-date and functioning properly. Help with research and analysis of emerging threats and provide basic recommendations for mitigation.
6. Engage in Threat Hunting Activities: Participate in proactive threat-hunting efforts to detect and mitigate potential risks before they manifest as security incidents.
7. Vulnerability Management: Assist in scanning systems and networks for vulnerabilities using tools like Tanium and support remediation efforts. Help track and report on vulnerabilities, patches, and updates to ensure systems are secure.
8. Collaboration and Team Support: Work closely with senior engineers and other team members to learn about incident handling, security technologies, and best practices. Participate in regular team meetings and on-call rotations as necessary.
9. Learning and Development: Continuously improve technical knowledge and skills through hands-on experience, training, and certifications. Stay up to date with the latest cybersecurity threats and trends through self-study and external resources.

Appointment Type

Permanent Exempt (PEX), Full Time position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the appointment officer. The anticipated duration of this project position is thirty-six (36) months and will not result in an eligible list or permanent civil service hiring. Project-based positions cannot be ongoing or exceed 36 months.

Work Location

Incumbent will conduct the majority of work at the Department of Technology, (1 S Van Ness, Ave San Francisco, CA 94103).  However, there may be situations where the incumbent will be required to work at other sites throughout the City of San Francisco as necessary.

Nature of Work

The Department has a hybrid work schedule. Traveling within San Francisco may be required.

Incumbent may be required to provide 24-hour on-call support to ensure rapid recovery from software or hardware problems for mission-critical systems and networks.

Qualifications

MINIMUM QUALIFICATIONS

Experience: One (1) year of experience analyzing, installing, configuring, enhancing, and/or maintaining the components of an enterprise network.

Substitution: Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units/r forty-five (45) quarter units with a minimum of 10 semester / 15 quarter units in one of the fields above or a closely related field.

Completion of the 1010 Information Systems Trainee Program may be substituted for the required degree.

DESIRABLE QUALIFICATIONS:

• 3 yrs. experience with Vulnerability Management and Scanning Tools such as Tenable Nessus Security Center, Rapid7 Nexpose, Qualys, etc.
• 3 yrs. Experience with OS (Linux, Unix, Windows, Mac OSX) and Windows Services (Active Directory, LDAP, etc.)
• 3 yrs. experience with management of common enterprise grade IT and Security technologies from major vendors (IBM, Cisco, Juniper, Symantec, Palo Alto, FireEye, HP, Microsoft, etc.)
• CompTIA Security + Certification
• 3 yrs. experience with email security tools
• 3 yrs. experience in coding using APIs, Python and other coding languages.

Verification: Applicants may be required to submit verification of qualifying education and experience at any point in the application and/or departmental selection process. Written verification (proof) of qualifying experience must verify that the applicant meets the minimum qualifications stated on the announcement. Written verification must be submitted on employer’s official letterhead, specifying name of employee, dates of employment, types of employment (part-time/full-time), job title(s), description of duties performed, and the verification must be signed by the employer. City employees will receive credit for the duties of the class to which they are appointed. Credit for experience obtained outside of the employee’s class will be allowed only if recorded in accordance with the provisions of the Civil Service Commission Rules. Experience claimed in self-employment must be supported by documents verifying income, earnings, business license and experience comparable to the minimum qualifications of the position. Copies of income tax papers or other documents listing occupations and total earnings must be submitted. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at http://sfdhr.org/index.aspx?page=456.

Note: Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.

Additional Information

Compensation: $66.6750 - $83.8625 (hourly) /$138,684- $174,434 (annually) 

How to Apply: Applicants are encouraged to apply immediately as this recruitment may close at any time, but not before 11:59PM, Friday, August 29, 2025.

• Your application MUST include a resume.  To upload, please attach using the "additional attachments" function.
• You may contact Melanie S. Bautista via e-mail at melanie.sotto@sfgov.org with questions regarding this opportunity.
• Late or incomplete submissions will not be considered. Mailed, hand delivered or faxed documents/applications will not be accepted.

Additional Information Regarding Employment with the City and County of San Francisco:

• Information About the Hiring Process
• Conviction History
• Employee Benefits Overview
• Equal Employment Opportunity
• Disaster Service Worker
• ADA Accommodation
• Right to Work
• Copies of Application Documents
• Diversity Statement

All your information will be kept confidential according to EEO guidelines.

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.