PRINCIPAL CYBERSECURITY ENGINEER

San Francisco International Airport (SFO), an enterprise department of the City and County of San Francisco, has a workforce of approximately 1,900 City employees and is committed to being a diverse, equitable, and inclusive employer.

SFO is more than an airport—we are a dynamic organization where employees collaborate with a wide range of stakeholders to support global travel, economic development, and public service. We are recognized as a leader in environmental sustainability, equity, and forward-thinking infrastructure, and continue to be at the forefront of transforming the travel experience.

Our mission is to deliver an airport experience where people and our planet come first.

Our Vision, Mission, and Core Values shape our culture and operations as we continue to build a supportive, purpose-driven workplace where all employees can thrive.

Learn more about careers at SFO at flysfo.com, and follow us on Facebook, Instagram, YouTube, LinkedIn, Bluesky and Threads.

APPOINTMENT TYPE: Permanent Exempt. This position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the Appointing Officer.

Specific information regarding this recruitment and position are listed below:

• Application Opened: Monday, October 6, 2025
• Application Deadline: Thursday, October 16, 2025
• Compensation: $165,334 to $207,974 Annually
• Work Schedule: Full-time, 40 hours per week.
• Work Location: San Francisco International Airport –ITT Division
• Recruitment ID: RTF0160107- 160108

Under the direction of the Director, Cybersecurity and Compliance, the Principal Cybersecurity Engineer analyzes, plans, designs, implements, maintains, troubleshoots, and enhances the confidentiality, integrity, and availability of large complex systems and networks. This position contributes to the overall security of Airport information assets and technologies through the creation and ongoing support of preventative detective and corrective controls.  The Principal Cybersecurity Engineer identifies, refines, and analyzes cybersecurity data across a wide variety of sources to report against agree upon key performance indicators measuring the efficacy of these controls.  This position works closely with Airport's operations and engineering teams to remediate cybersecurity issues and concerns.

You are excited about this opportunity because you will:

1. Serve as a primary subject matter expert for information security and cyber-security for SFO: maintain skills and expertise within areas of cybersecurity and information security for ICT and ICS environments. Contribute to requirements definitions on SFO initiatives and projects, including analysis of risks aligned with IT and OT reference architecture and standards.
2. Work with clients to identify business and technical cybersecurity requirements. Determine cybersecurity requirements for the development or enhancement of large complex systems and networks that comprise the backbone of the Airport's information technology and infrastructure; determine the suitability of existing solutions to meet these requirements. Lead the design, implementation, and monitoring of all remote-access mechanisms associated with Airport information assets.
3. Assess the effectiveness of existing processes, procedures, controls, and safeguards to prevent cyber-security breaches across SFO's infrastructure. Facilitate a consistent and positive security posture across multiple independent information systems throughout SFO. Assess and provide recommended cloud security controls to facilitate security of SFO cloud presence, including adequate accounting of data access controls. Identify and remediate threats and vulnerabilities to these assets.
4. Maintain and continually improve SFO’s vulnerability management program, including but not limited to patch management, vulnerability scanning, and reporting monthly status on the program’s effectiveness. Recommend and implement new or revised security measures based on risk analysis for purposes of protecting SFO information systems and resources, performing periodic analysis of security measure effectiveness, and documenting deviations from intended mitigation.
5. Identify and respond to cybersecurity threats and incidents as directed by the Cybersecurity and Compliance Director. Provide technical expertise to enable the Airport’s ability to identify and remediate exploitable cyber-related vulnerabilities present within the SFO’s infrastructure including the ability to detect and block emerging cyberattacks as they occur. Review cybersecurity vulnerabilities, advisories, and alerts from a variety of sources; determine applicability to Airport information systems and data, assess the potential impact on Airport operations; and coordinate follow-up activities based on the severity and exploitability of these vulnerabilities. Provide the technical expertise to enable the Airport’s ability to respond to cyber-related issues in accordance with digital forensic and incident response guidelines established by US-CERT and the U.S. Department of Justice.
6. Lead the design, implementation, and monitoring of technical controls related to information security across all Airport divisions. Collaborate with engineering peers to analyze, detect, identify, and correct cybersecurity issues within Airport information systems; troubleshoot issues of high complexity and scope.  Be responsible for planning, direction and oversight on multiple cyber security projects and initiatives. Direct projects to successfully meet schedule, budget, and scope.
7. Direct and coordinate cybersecurity reviews of software architecture, programs, and code that is developed for and deployed within Airport information systems, including the implementation, and testing of remediation activity arising from cybersecurity assessments and audits. Administer penetration testing of SFO networks and systems. Ensure that remediation of infractions resulting from annual pen tests are properly documented and corrected in a timely fashion. Direct the coordination and implementation of corrective measures while adhering to change control policies and practices; this may involve site visits, telephone assistance, remote systems or network management, and participation in technical committees.
8. Liaise with other Airport sections and City departments and maintain cooperative relationships with vendors, contractors, and other agencies. Facilitate communication between SFO and federal agencies in matters related to information security and cyber-security as directed by Cybersecurity and Compliance Director.
9. Prepare documentation related to cybersecurity standards, specifications, and procedures, including troubleshooting techniques related to system and network software and hardware; develop and review documentation prior to general distribution. Demonstrate and provide training on cybersecurity technologies and systems to both IS and non-IS professionals including demonstration and training of staff in the use of new hardware or software products. Collaborate with vendors, technical support hot-lines, and other sections, divisions, and departments to resolve complex systems or network problems.
10. Design, plan, integrate, test, implement, document, and enhance the physical and logical controls used to protect the confidentiality, integrity, and availability of Airport information systems and data, including, but not limited to SAML, public key encryption, secret key encryption, SSH, SSL, and multi-factor authentication. Configure, maintain, and install security products and applications including, but not implemented to: Tenable Nessus and Tenable Security Center, Crowdstrike MDR/EDR, and "next-generation" firewalls. Monitor network performance and capacity using management tools such as Splunk or SolarWinds. Perform and utilize protocol captures and decodes using commercial and open-source tools such as Wireshark and next-generation firewalls.

Qualifications

1. Education:

An associate degree in computer science, computer engineering, software engineering, or a closely related field from an accredited college or university or its equivalent in terms of total course credits/units. [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in one of the fields above or a closely related field].

AND

1. Experience:

Five (5) years of experience analyzing, installing, configuring, enhancing, and/or maintaining the components of an enterprise network.

License and Certification:

Desirable Qualifications:

• Two (2) or more years of experience maintaining satisfactory attestation against one or more Cardholder Data Environments subject to the Payment Card Industry Data Security Standard (PCI-DSS).
• Two (2) or more years of operational experience managing a cybersecurity vulnerability management program, using cyber-security tools such as Tenable Nessus, Tenable Security Center and the Crowdstrike EDR/MDR platform in an airport environment or a similar large, regulated, complex multi-tenant environment.
• Two (2) or more years of experience working with business and technical stakeholders creating accurate network and data-flow diagrams from which accurate firewall policy can be established.
  Two (2) or more years of experience contributing to the success of large, complex, multi-year IT cyber-security projects and initiatives within a large federal, state, or municipal government department.
• (ISC)² certification or associate certification as Certified Information Systems Security Professional (CISSP) by the International Information System Security Certification Consortium, also known as (ISC)².
• Ability to obtain National Security Clearance.

Every application is reviewed to ensure that you meet the minimum qualifications listed in the job ad. Please review our articles on Employment Application and Minimum Qualifications and Verification of Experience and/or Education for considerations taken when reviewing applications. 

Note: Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.  All work experience, education, training and other information substantiating how you meet the minimum qualifications must be included on your application by the filing deadline. Information submitted after the filing deadline will not be considered in determining whether you meet the minimum qualifications. 

Resumes will not be accepted in lieu of a completed City and County of San Francisco application. 

Applications completed improperly may be cause for ineligibility, disqualification or may lead to lower scores.

Selection Procedures:

The selection process will include evaluation of applications in relation to minimum requirements.  Applicants meeting the minimum qualifications are not guaranteed advancement to the interview.  Depending on the number of applicants, the Department may establish and implement additional screening mechanisms to comparatively evaluate the qualifications of candidates.  If this becomes necessary, only those applicants whose qualifications most closely meet the needs of the Department will be invited for an interview.

Notes: Applicants who meet the minimum qualifications are not guaranteed advancement through all of the steps in the selection procedure.

One-year full-time employment is equivalent to 2,000 hours (2,000 hours of qualifying work experience is based on a 40 hour work week). Any overtime hours that you work above 40 hours per week are not included in the calculation to determine full-time employment.

Transportation Security Administration (TSA) Security Clearance:

Candidates for employment with the San Francisco Airport Commission are required to undergo a criminal history record check, including FBI fingerprints, and Security Threat Assessment in order to determine eligibility for security clearance and may be required to undergo drug/alcohol screening. Per Civil Service Commission Rule Section 110.9.1, every applicant for an examination must possess and maintain the qualifications required by law and by the examination announcement for the examination. Failure to obtain and maintain security clearance may be basis for termination from employment with the Airport Commission.

Terms of Announcement and Appeal Rights:

Applicants must be guided solely by the provisions of this announcement, including requirements, time periods and other particulars, except when superseded by federal, state or local laws, rules or regulations. Clerical errors may be corrected by the posting the correction on the Department of Human Resources website at https://careers.sf.gov/.

Additional Information Regarding Employment with the City and County of San Francisco:

• Information About the Hiring Process
• Conviction History
• Employee Benefits Overview  
• Equal Employment Opportunity 
• Disaster Service Worker
• ADA Accommodation
• Right to Work
• Copies of Application Documents
• Diversity Statement

HOW TO APPLY

Applications for City and County of San Francisco jobs are only accepted through an online process. Visit https://careers.smartrecruiters.com/CityAndCountyOfSanFrancisco1/ and begin the application process.

• Select the “I’m Interested” button and follow instructions on the screen

Applicants may be contacted by email about this recruitment and, therefore, it is their responsibility to ensure that their registered email address is accurate and kept up-to-date. Also, applicants must ensure that email from CCSF is not blocked on their computer by a spam filter. To prevent blocking, applicants should set up their email to accept CCSF mail from the following addresses (@sfgov.org, @sfdpw.org, @sfport.com, @flysfo.com, @sfwater.org, @sfdph.org, @asianart.org, @sfmta.com, @sfpl.org, @dcyf.org, @first5sf.org, @famsf.org, @ccsf.edu, @smartalerts.info, and @smartrecruiters.com).

Applicants will receive a confirmation email from [email protected] that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received.

Analyst Information:  If you have any questions regarding this recruitment or application process, please contact the exam analyst, Ronnie Jones at [email protected].

All your information will be kept confidential according to EEO guidelines.

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.