Cyber Defense Response Engineer I


The Office of Cyber Security is the central cyber security governing body within San Francisco City & County government, delivering cyber security related technology, services, and policies. We protect and guide approximately 50 city departments, such as City Controller, Fire and Police Departments, and Board of Supervisors to name a few.

  • Core Service: Endpoint Protection and Management, Cyber Incident Response and Threat Intelligence, Data Logging and Security, Identity and Access Management, Disaster Recovery and Planning, Vendor Security Assessments, Cyber Security Architecture and Review, Cyber Security Training, Email Security

Cyber Defense Engineers will be part of the Cyber Defense Operations Team of the Office of Cyber Security. They will be work closely with members of the NOC and Help Desk staff of the Department of Technology, as well as the other Cyber Security teams of the approximately 50 different departments in their day-to-day efforts. Additionally, they will work with ad hoc teams to resolve incidents and determine root cause for security events. They are critical members of the Incident Response and Threat Intelligence teams.



Under the direction of Cyber Security Defense Operations Manager, you will

  • Detection, monitoring, analysis, resolution of security incidents, participate in providing containment recommendation.
  • Coordinate escalations to internal support teams to ensure timely delivery of incident resolutions.
  • Perform network/system/application/log intrusion detection analysis and trending.
  • Perform tuning of the SIEM filters and correlations to continuously improve monitoring.
  • Participate in the security incident handling efforts in response to a detected incident, and coordinate with other stakeholders.
  • Ensure that Service Level Agreements are met.
  • Maintain standard operating procedures, processes, and guidelines.
  • Automate security analysis, administration and remediation procedures, workflows and tasks.
  • Maintain awareness of trends in security regulatory, technology, and operational requirements.
  • Provide 24-hour on-call support to ensure rapid recovery from software or hardware problems for mission-critical systems and networks.



An associate degree in computer science, or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in computer science or a closely-related field].


Experience in analyzing, installing, configuring, enhancing and/or maintaining the components of an enterprise network may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units/ forty-five (45) quarter units with a minimum of 10 semester / 15 quarter units in computer science or a closely related field.

Completion of the 1010 Information Systems Trainee Program may be substituted for the required degree.

Desirable Qualifications:

  • IT certifications
  • Network +
  • Security +
  • CEH
  • Experience with Tools Below
  • Endpoint Security
  • SIEM
  • SOAR/Case Management Tools
  • Email Security
  • Coding Experience



Why Work for the Department of Technology (DT)? The Department of Technology (DT) is the centralized technology services provider in CCSF. We deliver technology infrastructure and services to approximately 33,000 employees! With an annual operating budget of over $140M and approximately 260 employees, DT provides a host of services that includes:

People-Centered Solutions: Working for San Francisco, you can have a powerful, meaningful effect on the community every day. When we solve problems, people are the heart of every solution!

Benefits of Working for CCSF:  In addition to challenging and rewarding work, the City provides a generous suite of benefits to its employees.

  • Job security, pension, and robust retirement options
  • Competitive pay with consistent bi-yearly or yearly increases
  • Generous paid time off, family leave, and more!
  • Diverse work environment in a diverse city
  • Union protections and representation
  • Career development and growth — move between departments, learn on the job, or take subsidized/reimbursed classes!

CLOSING THE DIGITAL DIVIDE — bring the benefits of the internet to low-income and marginalized residents!

SHINE A LIGHT ON WHAT MATTERS — join an award-winning production team at SFGovTV to help residents watch legislators or learn more about what makes this City great!

DRIVE INNOVATION — deliver new, cutting-edge technology to residents and city partners to help San Francisco serve its residents!