Cyber Defense Data Engineer I


The Office of Cyber Security (OCS) is the centralized cyber security provider within San Francisco City & County government, delivering cyber guidance and services to approximately 28,000 employees and 800,000 citizens.  Core service areas include Business Continuity Planning and Disaster Recovery Planning, Identity and Access Management (IAM), Centralized Security Information and Event Management (SIEM), and Vulnerability Management. 

Cyber Defense Engineers will work closely with members of the OCS and Cyber Defense Operation (CDOT) staff in their day-to-day efforts. Additionally, they will work with ad hoc teams to resolve incidents and determine root cause for security events. They are critical members of the Incident Response and Threat Intelligence teams.



Essential Duties:

Under the direction of Cyber Security Defense Operations Manager, you will

  • Identify log sources required for sufficient visibility into security events
  • Work with City Departments to collect the identified logs
  • Perform ETL functions necessary for consumption of the logs into the SEIM.
  • Perform tuning of the SIEM filters and correlations to continuously improve monitoring.
  • Participate in the security incident handling efforts in response to a detected incident, and coordinate with other stakeholders.
  • Ensure that Service Level Agreements are met.
  • Maintain standard operating procedures, processes, and guidelines.
  • Automate security analysis, administration and remediation procedures, workflows and tasks.
  • Maintain awareness of trends in security regulatory, technology, and operational requirements.
  • Participate in audits.
  • Provide 24-hour on-call support to ensure rapid recovery from software or hardware problems for mission-critical systems and networks.



An associate degree in computer science, or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in computer science or a closely-related field].


Experience in analyzing, installing, configuring, enhancing and/or maintaining the components of an enterprise network may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units/ forty-five (45) quarter units with a minimum of 10 semester / 15 quarter units in computer science or a closely related field.

Completion of the 1010 Information Systems Trainee Program may be substituted for the required degree.

Desirable Qualifications:

  • 2 yrs. experience with Vulnerability Management and Scanning Tools such as Tenable Nessus Security Center, Rapid7 Nexpose, Qualys, etc.
  • 2 yrs. Experience with OS (Linux, Unix, Windows, Mac OSX) and Windows Services (Active Directory, LDAP, etc.)
  • 2 yrs. experience with management of common enterprise grade IT and Security technologies from major vendors (IBM, Cisco, Juniper, Symantec, Palo Alto, FireEye, HP, Microsoft, etc.)
  • Security +
  • 2 yrs. experience with email security tools




Why Work for the Department of Technology (DT)? The Department of Technology (DT) is the centralized technology services provider in CCSF. We deliver technology infrastructure and services to approximately 33,000 employees! With an annual operating budget of over $140M and approximately 260 employees, DT provides a host of services that includes:

People-Centered Solutions: Working for San Francisco, you can have a powerful, meaningful effect on the community every day. When we solve problems, people are the heart of every solution!

Benefits of Working for CCSF:  In addition to challenging and rewarding work, the City provides a generous suite of benefits to its employees.

  • Job security, pension, and robust retirement options
  • Competitive pay with consistent bi-yearly or yearly increases
  • Generous paid time off, family leave, and more!
  • Diverse work environment in a diverse city
  • Union protections and representation
  • Career development and growth — move between departments, learn on the job, or take subsidized/reimbursed classes!

CLOSING THE DIGITAL DIVIDE — bring the benefits of the internet to low-income and marginalized residents!

SHINE A LIGHT ON WHAT MATTERS — join an award-winning production team at SFGovTV to help residents watch legislators or learn more about what makes this City great!

DRIVE INNOVATION — deliver new, cutting-edge technology to residents and city partners to help San Francisco serve its residents!