Fulltime Information Security Analyst openings in San Francisco Bay Area, United States on September 20, 2022

Cyber Security Analyst at Experfy Inc

Location: San Francisco

In this role, you will focus on developing and executing threat hunting operations to discover adversary activities that are not detected through traditional detection capabilities. You will be able to leverage first class security partners and threat intelligence teams to derive and hunt on known indicators of compromise, as well as developing strategies for discovering new techniques used by adversaries.

For greatest impact, you will develop and automate your hunt methodologies and findings to operationalize the capability across the Security Operations Center (SOC). Extending beyond the traditional blue team role, you will engage red teams and participate in purple team exercises that will build your perspective of the adversarial mindset as well as identify new techniques that need to be hunted. Finally, you will play a critical role in the continuous monitoring and response to major Incidents affecting the enterprise.

Requirements

Key responsibilities:
• Develop, document, and execute threat hunting operations to detect known adversary TTPs.
• Perform threat hunting operations across numerous data sets and security products to identify new and emerging adversary TTPs.
• Build and deploy automation and tools that enable hunting methodologies, investigation techniques, data enrichment, and workflow efficiencies. Operationalize these capabilities across the SOC.
• Document and communicate hunt methodologies and findings. Provide metrics to measure the impact of hunting operations.
• Collaborate with internal security partners, red teams, and threat intelligence teams to identify, prioritize, and research threat actor behaviors.
• Detect and respond to advanced threats, actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data
• Provide investigations, response, and root cause analysis to major incidents affecting the enterprise

Qualifications
Basic Qualifications:
• Bachelor’s degree in Computer Science or Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience.
• 3 years of experience in security operations, threat hunting and analysis, and/or incident response
• At least 1 year of experience automating and/or scripting with Python, Jupyter Notebooks, PowerShell, C#, or javascript
• At least 1 year of experience working with SQL-based databases, Kusto, Log Analytics.

Preferred Qualifications:
• Must have strong verbal and written communication skills; ability to communicate effectively to internal and external business partners as well as technical, and non-technical staff
• Demonstrated enthusiasm for learning new things and ability to pick up new ideas quickly
• Participate in current operations shifts, on call rotation, and focus area rotations
• Demonstrated knowledge of common/emerging attacks techniques.
• Experience developing on Azure PaaS technologies such as; Functions (and Durable Functions), Storage (blob, table, queues) and Logic Apps
• Experience correlating across very large and diverse datasets (Azure Data Lake, Azure Data Explorer, Cosmos DB).
• Experience in analyzing a wide variety of network and host security logs to detect and resolve security issues
• Understanding of common threat analysis model’s such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK
• Deep understanding of system internals on MacOS, Windows, and Linux
• Background in malware analysis
• Experience working within a diverse organization to gain support for your ideas; Seeks to leverage work of others to increase effectiveness
• Ability to effectively multi-task and prioritize in a fast-paced environment
• Demonstrates maturity and leadership qualities when dealing with conflicting views and difficult conversations

The ideal candidate will have experience in a team environment, experience in a Security Operations Center or equivalent experience in enterprise scale services and platforms, experience in development of security tools and automated investigations to support hunting operations, technical depth in highly dynamic, complex environment.
Apply Here
For Remote Cyber Security Analyst roles, visit Remote Cyber Security Analyst Roles

********

Security Compliance Analyst at UCSF Medical Center

Location: San Francisco

Job Summary

Experienced professional who knows how to apply theory and put it into practice with in-depth understanding of the professional field; independently performs the full range of responsibilities within the function; possesses broad job knowledge; analyzes problems / issues of diverse scope and determines solutions.

This position will support the incubation of the UCSF School of Medicine (SOM) Research Security Program. Security Presidential Memorandum 33 (NSPM-33) mandates the establishment of research security programs at major institutions awarded federal research funds. UCSF School of Medicine (SOM) is ranked first among US medical schools in NIH dollars awarded and receives over $1 billion in total research funding annually. The SOM Research Security Program will support our ability to conduct mission critical research safely and securely. The program will focus on elements of cyber security, including foreign travel security, insider threat awareness and identification, and, as appropriate, export control training. This position will assist with maturing the existing School of Medicine Data Security Compliance Program to comply with evolving security and compliance policies and regulations, such as NSPM-33. This position will report to the SOM Data Security Compliance Program (DSCP) Manager. This position is expected to support the SOM DSCP manager in executing the vision of the SOM Research Security Program, including but not limited to:
• Developing and maintaining security and compliance program documentation
• Supporting regular security risk assessment and risk management activities
• Facilitating remediation and escalation of identified security risks and vulnerabilities
• Providing security and compliance consultation to SOM faculty, researchers, or staff
• Responding to security questionnaire requests from funders, sponsors, or partner institutions
• Developing, organizing and tracking appropriate security awareness trainings.

2 Year Contract

Department Description

UCSF School of Medicine Technology Services is the research & development group responsible for many innovations within the school, campus, and the medical center. Our group is focused on utilizing newer technologies and practices and how they can be implemented to solve problems. We provide the following services: Advocacy & Security, Design & Solution Discovery, Business Process, and Software Engineering. The team is made of multidisciplinary professionals with diverse background, and leads an Inclusion, Diversity, Equity, and Accessibility (IDEA) program.

Required Qualifications
• Bachelor’s degree in related area and minimum three years of directly related experience and / or equivalent experience / training.
• One (1) or more years’ experience in IT security compliance, technology assurance, risk management, audit, or related discipline.
• Experience creating IT security policies, procedures, audit workpapers, or runbook documentation.
• Ability to follow department processes and procedures.
• Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
• Demonstrated skills applying security controls to computer software and hardware.

Preferred Qualifications
• Experience using IT security systems and tools. Knowledge of data encryption techniques. Experience analyzing logs for security breaches.
• Knowledge of other areas of IT, department processes and procedures.
• Experience in incident response and digital forensics including data collection, examination, and analysis.
• Demonstrated skill at administering complex security controls and configurations to computer hardware, software, and networks.
• Knowledge of computer hardware, software and network security issues and approaches.

About UCSF

The University of California, San Francisco (UCSF) is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and excellence in patient care. It is the only campus in the 10-campus UC system dedicated exclusively to the health sciences. We bring together the world’s leading experts in nearly every area of health. We are home to five Nobel laureates who have advanced the understanding of cancer, neurodegenerative diseases, aging and stem cells.

Pride Values

UCSF is a diverse community made of people with many skills and talents. We seek candidates whose work experience or community service has prepared them to contribute to our commitment to professionalism, respect, integrity, diversity and excellence – also known as our PRIDE values.

In addition to our PRIDE values, UCSF is committed to equity – both in how we deliver care as well as our workforce. We are committed to building a broadly diverse community, nurturing a culture that is welcoming and supportive, and engaging diverse ideas for the provision of culturally competent education, discovery, and patient care. Additional information about UCSF is available at diversity.ucsf.edu

Join us to find a rewarding career contributing to improving healthcare worldwide.

Equal Employment Opportunity

The University of California San Francisco is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
Apply Here
For Remote Security Compliance Analyst roles, visit Remote Security Compliance Analyst Roles

********

Senior Security Engineer at Recruiting from Scratch

Location: San Francisco

Who is Recruiting from Scratch:

Recruiting from Scratch is a premier talent firm that focuses on placing the best product managers, software, and hardware talent at innovative companies. Our team is 100% remote and we work with teams across the United States to help them hire.

About our Client

Join our client in transforming the way remote teams work and communicate. Their AI-powered collaborative note-taking app works across Zoom, Google Meet, and Microsoft Teams to help teams record, transcribe, search and share meeting notes. In addition, we are making virtual meetings accessible to all employees – allowing team members with disabilities to participate in a world that is now dominated by virtual meetings.

With over 10M users experiencing their product, they are making an impact at scale and we are growing fast. The team is made up of top talent from companies like Google, Facebook, Yahoo!, Microsoft, Pinterest, Spotify, and Plaid. They are backed by leading investors that include David Cheriton (Google’s first investor), Tim Draper (Draper Associates), Spectrum Equity, Horizons Ventures, GGV Capital, and Duke University.

Responsibilities
• Work with the team to ensure the security compliances and policies (Soc 2 Type II, GDPR, CCPA)
• Manage vulnerability scans on a regular cadence.
• Perform patch management and harden Linux systems on a regular cadence
• Manage both external, internal, and application penetration tests
• Build out the application security strategy and processes (SDLC, SAST, DAST)
• Maintain our SIEM system and develop log and monitoring systems for our corporate and production environments
• Proactively introduce new controls into the cloud infrastructure
• Report underlying security issues and propose appropriate security controls.
• Design and document security policies for the team
• Build up Cyber Incident Response Processes and Procedures.

Qualifications
• 5+ years of work experience in infrastructure or security engineering
• Bachelor’s in CS or EE
• Experience with production environment on AWS
• Experience working with modern SIEM solutions
• Experience in vulnerability scanning. Familiar with tools/technologies used.
• Expert in networking concepts (firewalls, load balancers, subnetting, etc).
• Familiar with Soc 2 Type II, GDPR, and CCPA
• Practical knowledge of applied cryptography (encryption at rest, TLS, hashing, etc).
• Experience defining secure configuration standards and working with the Engineering team to implement.
• Familiar with Linux systems, networking, and Linux administration

Employee Benefits
• Stock. Be a [literal] stakeholder in our company’s future.
• Food. Enjoy catered meals and boundless snacks.
• Fun. We host team lunches weekly and team events bi-quarterly.
• People. Work with talented, collaborative, and friendly people who love what they do.
• Health and Saving. Receive the benefits of comprehensive health, dental, vision and disability insurance.

Base Salary Range
• 150K-230K
Apply Here
For Remote Senior Security Engineer roles, visit Remote Senior Security Engineer Roles

********

Sr. IT Security Analyst – Security Programs & Policies at Federal Reserve Bank of Richmond in San Francisco, CA at Federal Reserve Bank Richmond

Location: San Francisco

Company Federal Reserve Bank of San FranciscoWhile the SF Fed is a Reserve Bank, we’re not what you might expect. We’re unreserved here. That means we seek new and diverse perspectives. We spark conversations and encourage debate. We build opportunity. We pursue careers that are true to ourselves. We are looking for people who want to help our country reach its full economic potential. When you join the SF Fed, you join a team of people working together to promote an inclusive economy that works for everyone.At our Bank, we have always supported telecommuting, and when we shift from our work from home posture, it will be in a hybrid model, allowing for generous telecommuting options. We know flexibility is very important to our employees, especially now. Right now, we are looking to add an Sr. IT Security Analyst to our Information Security Team. The Federal Reserve has a global mission and offers pioneering work in a stable environment with competitive pay, superior benefits AND a true work life balance. If you desire to be a member of a best-in-class team, and to develop your skills and experience beyond anything available in the commercial sector, the Federal Reserve is the place for you! In this critical role, you will support the management of cyber security programs and policies. You will help strengthen the position of the local Information Security department as a strategic partner to the Bank’s business areas. Additionally, you will make important contributions to our cyber security risk management processes, metrics, reports, and other security awareness and communication tools. Essential
Responsibilities:
Provide Information Security Program and Risk Management support by helping to define key risk indicators, capturing metrics, and analyzing the effectiveness of District and System information security programs and policies. Assist with crafting or adjusting ongoing programs and policies as warranted based on ongoing analysis of effectiveness and internal and external cyber threat landscape and risk posture. Evaluate the effectiveness of awareness and training programs and makes recommendations for improvement. Analyze information security control metrics to demonstrate effectiveness or need for control improvement. Develop regular security briefings and other collateral that communicates cybersecurity and organizational risk to various partners based on analytical viewpoints derived from multiple sources of internal and external security data points. Create, distribute, and update reports on information security service performance to management and information security governance forums. Work with staff from various groups communicating security issues and responding to requests for assistance and information. Promote the maturation of Insider Risk Program including developing and deploying training and awareness campaigns, creating and tracking new metrics and reporting, and completing program administration requirements. Requirement:
Bachelor’s degree in Computer Science, Information Systems, Computer Engineering, Cybersecurity, Systems Analysis or a related field or equivalent experience. Typically requires five or more years of information security related experience in areas such as:
security operations, testing, and/or system or security administration work. Working knowledge of security issues, techniques, and implications across computer platforms. Strong written and verbal communication skills. Strong knowledge of critical security controls (NIST Catalog 800-51?) Working knowledge of the processes, tools and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve, and prevent violations of IT security, to protect organizational data. Must be a U.S. Citizen. Helpful but not required:
Experience managing cyber security risk in the context of standard enterprise risk management practices. Working knowledge of scripting languages and/or process automation tools and techniques. MS SharePoint administration. JIRA Software administration. Familiar with NIST 800 special publications, ISO 27000, Cloud Security Alliance (CSA), and FedRAMP. Meaningful industry certifications such as AWS Security, CISSP, CISA, CRISC, CCSK, and/or CCSP. Effective October 1, 2021, all employees must be fully vaccinated against COVID-19 or qualify for an accommodation from the Bank’s vaccination policy; the Bank will provide accommodations as required by law for individuals unable to be vaccinated due to medical condition or sincerely held religious belief. At the Federal Reserve Bank of San Francisco, we offer a wonderful benefits package including:
Medical, Dental, Vision, Pretax Flexible Spending Account, Paid Leave Care, Backup Child Care Program, Pretax Day Care Flexible Spending Account, Vacation Days, Sick Days, Paid Holiday’s, Pet Insurance, Matching 401(k), and an unheard of Retirement / Pension. At the SF Fed, we believe in the diversity of our people, ideas, and experiences and are committed to building an inclusive culture that is representative of the communities we serve. The SF Fed is an Equal Opportunity Employer. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. #LI-Hybrid
Salary Range:
$80K — $100K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
Apply Here
For Remote Sr. IT Security Analyst – Security Programs & Policies at Federal Reserve Bank of Richmond in San Francisco, CA roles, visit Remote Sr. IT Security Analyst – Security Programs & Policies at Federal Reserve Bank of Richmond in San Francisco, CA Roles

********

Aviation Security Analyst – SFO – (9212) – (125721) at City and County of San Francisco

Location: San Francisco

Company Description

THIS IS A CITYWIDE EXAM

San Francisco is a vibrant and dynamic city, at the forefront of economic growth & innovation, urban development, arts & entertainment, as well as social issues & change. This rich tapestry of culture and ideas is sustained by our City’s commitment to heightening the quality of life for the diverse population of San Franciscans and residents of the greater Bay Area. Our employees play an important role not only in making our City what it is today but also in shaping the future of San Francisco.

Specific information regarding this recruitment process is listed below:
• Application Opening: September 19, 2022.
• Application Deadline: September 30, 2022.
• Compensation: $96,382- $117,130 Annually
• Recruitment ID: CBT-9212-125721 (RTF0125720-01029570)

San Francisco International Airport (SFO), an enterprise department of the City & County of San Francisco, has a workforce of approximately 1,700 City employees and strives to be a diverse, equitable, and inclusive employer.

SFO’s mission is to provide an exceptional airport in service to our communities and our core values are Safety and Security, Teamwork, Excellence, and Care. Learn more about careers at SFO.

For more information about SFO, visit www.flysfo.com. Follow us on twitter and facebook.
Job Description

Under general supervision, the Airport Safety Officer (Aviation Security) performs routine and special-emphasis security checks of terminal and gate boarding areas, cargo facilities, airport tenant leasehold, and perimeter fencing. This position will be instrumental in ensuring compliance with Airport and Transportation Security Regulations. This position responds to and investigates security incidents and access control alarms, issues admonishments for safety and security violations, ensures compliance with and enforces proper procedures, and works within the Security Operations Center (SOC) performing Closed-Circuit Television (CCTV) and access control system monitoring and surveillance.

The essential functions of this classification include, but are not limited to, the following:
• Inspects and evaluates Airport and tenant facilities, access controls, barriers, fences, and lighting for compliance with Airport and Transportation Security Regulations; suspends operations when unsecured conditions are discovered and reopens operations when inspection indicates unsecured conditions have been rectified.
• Ensures compliance with and enforces proper procedures for Airport’s Access Control System to prevent unauthorized and/or unescorted access to the Sterile Secured and Air Operations Area (AOA), verifies proper Airport identification media.
• Responds to and investigates security breaches and violations; conducts interviews; recommends corrective action, prepares, and files appropriate reports and conducts follow-up inspections; makes assessments of modifications completed.
• Issues admonishments for safety and security violations; maintains and updates admonishment database.
• Conducts routine and special-emphasis security checks of terminal and gate boarding areas, cargo facilities, airport tenant leasehold, and perimeter fencing; responds to and investigates security calls and access control alarms.
• Oversees security operations for construction projects, special events, and other special security operations to ensure compliance with the Airport Security Program (ASP); provides proper security materials and conducts briefings to appropriate entities.
• Monitors the procedures and operations of air carriers and tenants with security responsibilities over Exclusive Areas as established by agreement with the Airport.
• Provides Airport staff and aviation and non-aviation tenants with regulatory information and guidance.
• Responds to and assists in all security emergencies and crises such as Explosive Device threats, air piracy, and terrorism.
• Prepares informational and operational reports.
• Provides special administrative or management assistance to Airport Security Coordinator in support of the Airport Security Program (ASP); may be assigned temporarily to the duties of an Operations Supervisor, as necessary; evaluates and recommends new security systems and technology.
• Works within Security Operations Center (SOC) performing Closed-Circuit Television (CCTV) and access control system monitoring and surveillance ensuring compliance with Transportation Security Association (TSA) and Airport Regulations.
• Develops training programs, standard operating procedures, and other related programs as directed by the supervisor. May be required to speak in front of groups and/or provide operations-related training to airline tenants, service companies, or other aeronautical or non-aeronautical users.
• May include additional duties as assigned.
Qualifications

Education: High school diploma or equivalent (GED or High School Proficiency Examination).

Experience: Two (2) years of safety or security operations experience at an airport, airbase, airline, military base, or emergency communications dispatch center, including six (6) months of recent experience reflecting the ability to analyze aviation security-related data and to develop recommendations in Aviation Security, including the composition of related letters, memoranda, and reports.

License and Certification: Possession of a valid California driver’s license. (California driver’s license and Airport driving permit must be obtained to be eligible for employment.)

Experience Substitution:
• Possession of an Associate’s degree from an accredited college or university (or equivalent 60 semester or 90 quarter units) may substitute for one (1) year of the required experience; OR
• Possession of a Bachelor’s degree from an accredited college or university with a major in Aviation Management or a related field may substitute for the two (2) years of the required experience.

Desirable Qualifications:

The stated desirable qualifications may be used to identify job finalists at the end of the selection process when candidates are referred to hiring.
• Working knowledge of CRF Part 1542.
• Working knowledge of CCTV, video analytics, security systems, and surveillance skills.
• Ability to work for extended periods of time with CCTV and computer systems.
• Excellent customer service skills

NOTE: Applicants must meet the minimum qualification requirement by the final filing date unless otherwise noted.

NOTE: One year of full-time employment is equivalent to 2,000 hours (2,000 hours of qualifying work experience is based on a 40-hour work week). Any overtime hours that you work above 40 hours per week are not included in the calculation to determine full-time employment.

Verification

“Applicants may be required to submit verification of qualifying education and experience at any point during the recruitment and selection process. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at https://sfdhr.org/how-verify-education-requirements

Note: Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.

All work experience, education, training, and other information substantiating how you meet the minimum qualifications must be included on your application by the filing deadline. Information submitted after the filing deadline will not be considered in determining whether you meet the minimum qualifications.

Resumes will not be accepted in lieu of a completed City and County of San Francisco application.

Applications completed improperly may be cause for ineligibility, and disqualification or may lead to lower scores.

SELECTION PROCEDURES:

After application submission, candidates deemed qualified must complete all subsequent steps to advance in this selection process, which includes the following:

Minimum Qualification Supplemental Questionnaire (MQSQ) (Weight: Qualifying)

Candidates will be required to complete an MQSQ as part of the employment application. This MQSQ is designed to obtain specific information regarding an applicant’s experience in relation to the Minimum Qualifications (MQ) for this position. The MQSQ will be used to evaluate if the applicant possesses the required minimum qualifications.

Airport Safety Officer Core Exam (Weight 40%)

Candidates who meet the minimum qualifications will be invited to participate in a written, multiple-choice examination, designed to measure their relative knowledge, skills, and abilities in job-related areas. The “core” multiple-choice examination component may include, but not be limited to;
• Knowledge of Federal Aviation Administration (FAA) Rules and Regulations and Transportation Security Regulations (TSR).
• Knowledge of Airfield and Airport Safety & Security principles, methods, practices, and equipment.
• Ability to read and comprehend Federal Aviation Administration (FAA) and Transportation Security Administration (TSA) regulations, and State and Local codes.
• Ability to write operational and investigative reports.
• Ability to read maps, diagrams, and airfield plans.
• Ability to communicate effectively and establish good working relationships. Ability to solve problems quickly and prioritize varied demands.

The examination is administered via computer or in paper format. Qualified candidates will be notified of the particular format to be used in their test appointment notification.

Aviation Security Subtest (Weight 25%)

Candidates will be administered a written multiple-choice test designed to measure knowledge, skills, and/or abilities in job-related areas which may include but not be limited to:
• Knowledge of Federal Aviation Administration (FAA) Rules and Regulations and Transportation Security Regulations (TSR).
• Knowledge of Airport Safety & Security principles, methods, practices, and equipment. Ability to write operational and investigative reports.
• Ability to read maps, diagrams, and airfield plans.
• Ability to communicate effectively and establish good working relationships.

The examination is administered via computer or in paper format. Qualified candidates will be notified of the particular format to be used in their test appointment notification.

This is a standardized examination and, therefore, test questions and test answers are not available for public inspection or review.

You will receive one or more scores with respect to the multiple-choice exam component. One will correspond to the Airport Safety Officer Core Exam component and, should any specialty subtests be added to that component, you may receive one or more additional “specialty” scores. Any scores attained on these components will be valid and “banked“ for three years, starting from the date of the examination. This means that, during this three-year time period, you will not be required to take any test components for which you have already attained a score. If the selection process for the future announcement is held within one year of the date of this examination and it includes any of these components [i.e., core exam or specialty subtest(s)], your score(s) for the corresponding test component(s) will be automatically applied to that announcement. However, after one year, you have the option to either (a) apply your test score(s) to the other announcement or (b) re-take the test component(s). Re-testing is permitted no sooner than one year from the date of the examination and only in association with your eligibility for another announcement for which the test component (core or specialty subtest) is used. Please note that, should you re-test, your re-test score would become your official score since it is the most recent.

Supplemental Questionnaire (Weight 35%)

Applicants will be sent a Supplemental Questionnaire designed to measure the knowledge, skills, and/or abilities in job-related areas which may include, but not be limited to:
• Knowledge of Airport Safety & Security principles, methods, practices, and equipment.
• Federal Aviation Administration (FAA) Rules and Regulations and Transportation Security Regulations (TSR).
• Ability to write operational and investigative reports.
• Read and comprehend Federal Aviation Administration (FAA) and Transportation Security Administration (TSA) regulations, State and Local codes, maps, diagrams, and airfield plans.
• Communicate effectively and establish good working relationships.
• Work under stressful physical and emotional conditions on a daily basis.
• Solve problems quickly and prioritize varied demands.

NOTE: A passing score must be achieved on all three components in order to be placed/ranked on the Eligible List. Candidates will be placed on the eligible list in rank order according to their final score.

Note: Applicants who meet the minimum qualifications are not guaranteed to advance through all of the steps in the selection process.
Additional Information

Eligible List: A confidential eligible list of applicant names that have passed the civil service examination process will be created and used for certification purposes only. An examination score report will be established, so applicants can view the ranks, final scores, and a number of eligible candidates. Applicant information, including names of applicants on the eligible list, shall not be made public unless required by law. However, an eligible list shall be made available for public inspection, upon request, once the eligible list is exhausted or expired and referrals resolved. The eligible list/score report resulting from this civil service examination process is subject to change after adoption (e.g., as a result of appeals), as directed by the Human Resources Director or the Civil Service Commission.

The duration of the eligible list resulting from this examination process will be six (6) months and may be extended with the approval of the Human Resources Director.

Certification Rule

The certification rule for the eligible list resulting from this examination will be Rule of 10 Scores. Additional selection processes may be conducted by the hiring department prior to making final hiring decisions.

Terms of Announcement and Appeal Rights:

Applicants must be guided solely by the provisions of this announcement, including requirements, time periods, and other particulars, except when superseded by federal, state or local laws, rules or regulations. [Note: The correction of clerical errors in an announcement may be posted on the Department of Human Resources website at The terms of this announcement may be appealed under Civil Service Rule 110.4. Such appeals must be submitted in writing to the Department of Human Resources, 1 S Van Ness Avenue, 4th Floor, San Francisco, CA 94103-5413 by close of business on the 5th business day following the issuance date of this examination announcement. Information concerning other Civil Service Commission Rules involving announcements, applications, and examination policies, including applicant appeal rights, can be found on the Civil Service Commission website at https://sfgov.org/civilservice/rules.

Transportation Security Administration (TSA) Security Clearance

Candidates for employment with the San Francisco Airport Commission are required to undergo a criminal history record check, including FBI fingerprints, and Security Threat Assessment in order to determine eligibility for security clearance and may be required to undergo drug/alcohol screening. Per Civil Service Commission Rule Section 110.9.1, every applicant for an examination must possess and maintain the qualifications required by law and by the examination announcement for the examination. Failure to obtain and maintain security clearance may be basis for termination from employment with the Airport Commission.

Customs Clearance

This position requires that the incumbent be qualified for unescorted access to the San Francisco International Airport U.S. Customs Security Area. An application for a U.S. Custom Access Seal may be submitted to Customs ONLY after employment has commenced. Employment in this position requires that the incumbent submit an application for, successfully acquire and maintain a Customs Access Seal. Per Civil Service Commission Rule 110.9.1, every applicant must possess and maintain the qualifications required by law and by the examination announcement for this examination. Failure to acquire or maintain customs access, a requirement for this position, may be basis for termination from employment with the Airport Commission. Customs Access Seal requirements and procedures are located in the Code of Federal Regulations, Title 19, Part 122, Sections 181 or 189.

Medical Examination

Prior to appointment, candidates must successfully pass a medical examination to determine his/her ability to perform the essential functions of the job and/or the ability to meet the physical minimum requirements.

Additional Background Check

As part of the selection process for this position in Aviation Security, an image of your fingerprints will be captured and sent to the San Francisco Police Department (SFPD). The resulting report of your conviction history (if any) will be used to determine whether the nature of your conviction (or arrest, in limited circumstances) conflicts with the specific duties and responsibilities of the position to which you are applying. If a conflict exists, you will be asked to present any evidence of rehabilitation that may mitigate the conflict, except when federal or state regulations bar employment in specific circumstances. Having a conviction history does not automatically preclude you from a job with the City.

Additional Information Regarding Employment with the City and County of San Francisco:

Information About the Hiring Process

Conviction History

Benefits Overview

Equal Employment Opportunity

Disaster Service Workers

Reasonable Accommodation Request

Veteran Preference

Seniority Credit in Promotional Exams

Right to Work

Copies of Application Documents

Diversity Statement

Clerical errors

Copies of Application Documents

HOW TO APPLY

Applications for City and County of San Francisco jobs are only accepted through an online process. Visit and begin the application process.
• Select the “I’m Interested” button and follow instructions on the screen

Applicants may be contacted by email about this recruitment and, therefore, it is their responsibility to ensure that their registered email address is accurate and kept up-to-date. Also, applicants must ensure that email from CCSF is not blocked on their computer by a spam filter. To prevent blocking, applicants should set up their email to accept CCSF mail from the following addresses (@sfgov.org, @sfdpw.org, @sfport.com, @flysfo.com, @sfwater.org, @sfdph.org, @asianart.org, @sfmta.com, @sfpl.org, @dcyf.org, @first5sf.org, @famsf.org, @ccsf.edu, @smartalerts.info, and @smartrecruiters.com).

Applicants will receive a confirmation email that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received.

Exam Analyst Information: If you have any questions regarding this recruitment or application process, please contact the exam analyst, Tamara Ranney, by telephone at 650-821-2024, or by email at tamara.ranney@flysfo.com.

CONDITION OF EMPLOYMENT: All City and County of San Francisco employees are required to be fully vaccinated against COVID-19 as a condition of employment. Someone is fully vaccinated when 14 days have passed since they received the final dose of a two-shot vaccine or a dose of a one-shot vaccine. Any new hire must present proof of full vaccination status to be appointed. Any new hire who will be routinely assigned or occasionally enter High-Risk Settings, must provide proof of having received a COVID-19 booster vaccine by March 1, 2022, or once eligible.

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.
Apply Here
For Remote Aviation Security Analyst – SFO – (9212) – (125721) roles, visit Remote Aviation Security Analyst – SFO – (9212) – (125721) Roles

********

Cyber Risk Experienced Associate at PwC

Location: San Jose

A career in our Cybersecurity, Privacy, & Forensics will provide you the opportunity to solve our clients most critical business and data protection related challenges. You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resilency, response, and technical implementation activities. You will have access to not only the top Cybersecurity, Privacy, and Forensics professionals at PwC, but at our clients and industry analysts across the globe.

Our Regulatory Compliance team focuses on helping our clients understand their regulatory landscape on a domestic and global scale. You’ll work with our clients aligning a number of different cyber, privacy and industry frameworks and requirements to their business. This includes, but is not limited to: NIST CSF, ITIL, HIPAA, PCI, FDA, FERC/NERC, OCC, FFIEC, ABAC, Cyber Executive Orders, etc. Our team designs, implements, and maintains an effective compliance program that helps our clients manage the risks against regulatory compliance obligations, as well as control framework commitments to their Board/stakeholders.

Our team also works with regulatory examiners, investigators, and industry leaders to continue to stay ahead of upcoming regulatory changes or enforcements. We help inform our clients on controls or requirements that require enhancements, and help with the compliance change management components driving new technical and business requirements out to their end users. You will be part of a team that not only assesses organizational compliance, but helps clients to strategically think through the best way to manage in a cost-effective, yet defensible manner.

To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.

As an Associate, you’ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:
• Invite and provide evidence-based feedback in a timely and constructive manner.
• Share and collaborate effectively with others.
• Work with existing processes/systems whilst making constructive suggestions for improvements.
• Validate data and analysis for accuracy and relevance.
• Follow risk management and compliance procedures.
• Keep up-to-date with technical developments for business area.
• Communicate confidently in a clear, concise and articulate manner – verbally and in written form.
• Seek opportunities to learn about other cultures and other parts of the business across the Network of PwC firms.
• Uphold the firm’s code of ethics and business conduct

Basic Qualifications:

Minimum Degree Required: Bachelor Degree

Minimum Years of Experience: 1 year(s)

Preferred Qualifications:

Preferred Fields of Study:

Information CyberSecurity, Information Technology, Management Information Systems, Computer and Information Science

Preferred Knowledge/Skills:

Demonstrates some knowledge and/or a proven record of success in:
• Supporting large projects involving cybersecurity, cyber risk management, or technology risk management
• Having familiarity with common regulatory requirements such as OCC HS, FFIEC, GLBA, NY DFS etc. as well as industry frameworks such as NIST CSF, COBIT, COSO and PCI
• Designing and developing cybersecurity and technology risk programs using industry frameworks and methodologies
• Assessing enterprise-wide cyber risks and threats
• Designing and implementing risk management controls
• Using tools and technology to provide data analytics and business intelligence on threats, risks and vulnerabilities

Demonstrates some abilities and/or a proven record of success in the following areas:
• Supporting client engagements that identify and address client needs
• Participating in client discussions and meetings
• Supporting multiple project workstreams
• Assisting with engagement management activities
• Preparing concise and accurate documents, leveraging and utilizing MS Office, Google Suite and Power BI to complete related project deliverables
• Assisting with the creation and maintenance of project deliverables as needed
• Providing candid, meaningful feedback in a timely manner to team members where necessary
• Keeping managers and engagement leadership informed of progress and issues
• Designing KRIs and metrics to build risk reports for management

For positions in Colorado, visit the following link for information related to Colorado’s Equal Pay for Equal Work Act:

All qualified applicants will receive consideration for employment at PwC without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law. PwC is proud to be an affirmative action and equal opportunity employer.

PwC does not intend to hire experienced or entry level job seekers who will need, now or in the future, PwC sponsorship through the H-1B lottery, except as set forth within the following policy:

For positions based in San Francisco, consideration of qualified candidates with arrest and conviction records will be in a manner consistent with the San Francisco Fair Chance Ordinance.

234470

Please note that, at this time, to be in-person at a PwC office, client location or PwC-sponsored events, you must be fully vaccinated against COVID-19.

#LI-Remote
Apply Here
For Remote Cyber Risk Experienced Associate roles, visit Remote Cyber Risk Experienced Associate Roles

********

Senior Security Risk and Compliance Analyst at Asana

Location: San Francisco

Senior Security Risk and Compliance Analyst

We are looking for an experienced Security Compliance professional to join Asana’s Security Compliance program. You will be a key member of the security team that is part of Asana’s world-class engineering organization and will be responsible for protecting Asana and its users. You will collaborate closely with Legal, Finance, Business, and Engineering teams to implement security safeguards, manage security risk, and build and maintain trust with our customers and users.

What you’ll achieve
• Collaborate with stakeholders across security, engineering, and legal to monitor and drive improvements to our security controls
• Facilitate internal and external compliance assessments of our security program and partner with external auditors and internal stakeholders
• Manage and maintain the common controls framework and ensure that controls are aligned with applicable security standards and regulations
• Contribute to building and improving team processes as it relates to monitoring controls, collecting evidence, and executing audits
• Act as a subject matter expert for applicable compliance standards and be a valued partner to the business and engineering teams in the implementation of the standards

About you
• 4+ years in security compliance, IT audit, or information security assurance
• Experience leading internal or external security audits and assessments
• Experience implementing key security standards like SOC 2, ISO 27001, HIPAA, CIS Controls, NIST CSF, or PCI DSS standards
• Excellent leadership, interpersonal, verbal and written communication, presentation, and problem solving skills
• Strong cross-functional team program management abilities, including managing multiple assessments concurrently with different stakeholders and timelines
• Track record of taking initiative, having the ability to work independently, and be comfortable thriving in ambiguity

About us

Asana helps teams orchestrate their work, from small projects to strategic initiatives. More than 75,000 organizations and millions of users rely on Asana, including AirAsia, AllBirds, Grab, KLM Air France, Kohl’s, Sephora, Traveloka, and Viessmann. Asana has been named a Top 5 Best Workplace and the #1 Best Workplace in the Bay Area by Fortune three years in a row, and one of Glassdoor’s and Inc.’s Best Places to Work. With nine global offices, including a San Francisco headquarters and flagship offices in Dublin, New York, Sydney, and Tokyo, Asana is always looking for curious, collaborative, and mission-driven people to help us enable the world’s teams to work together effortlessly.

Our goal is to ensure that Asana upholds an inclusive environment where all people feel that they are equally respected and valued, whether they are applying for an open position or working at the company. We welcome applicants of any educational background, gender identity and expression, sexual orientation, religion, ethnicity, age, citizenship, socioeconomic status, disability, and veteran status, and we’d love to learn about what you can add to our team.

More information:
• Rethinking the org chart: Areas of Responsibility (AoRs)
• Distributed responsibility: An engineering manager’s perspective
• The Pyramid of Clarity

About us

At Asana, you’ll do meaningful, purpose-driven work. We’re not just building a product that helps people be more productive—we’re helping teams and organizations reach their goals together. For the past six years, we’ve been recognized as an award-winning workplace by Fortune and Great Place to Work, Fast Company, Glassdoor, and Inc. Magazine. Our inclusive culture is intentionally built to enable our teams to be creative and make an impact. With offices all over the world, we’re excited to get back to in-person collaboration along with a hybrid schedule for balance and flexibility in life and work. We’re looking for passionate individuals to join us on our journey. Come do great things with us.
Apply Here
For Remote Senior Security Risk and Compliance Analyst roles, visit Remote Senior Security Risk and Compliance Analyst Roles

********

Security GRC, Senior Analyst at Salesforce

Location: San Francisco

Job Category Products and TechnologyJob Details Salesforce’s Security, Governance, Risk, and Compliance (GRC) Team is responsible for enterprise wide GRC processes, ensuring Salesforce leadership has the information needed to make strategic risk-based decisions enabling the achievement of Salesforce business objectives. Our team builds and deploys common governance, risk, and compliance processes and this position will be accountable for governance processes and supporting content and tools. In this role, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC Governance team. You have knowledge of commonly used policy, standards, controls, risk and compliance concepts, practices, and procedures for security. You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas or projects with guidance and support from senior team members. You are expected to work independently while still asking for help in some areas. You are a bridge builder helping to coordinate and bring together various parts of the organization around a common process.
Responsibilities:
Create and maintain security governance content and the document lifecycle management process for the enterprise information security policy, standards, and implementation solutions Analyze the impact of changes to our information security requirements and manage the change and any issues that may arise with the business units Consult with business or security stakeholders on information security requirements and applicability to their business processes, products, or services Review external certification requirements and compare with internal security requirements to determine if existing controls are sufficient Develop expertise with eGRC tools to create and update security content to be used across the enterprise Identify and create metrics and dashboards to quantify and measure the impact of information security governance processes, including user activity, business unit feedback and usability, and information security issues Execute security governance awareness operations and help develop and maintain awareness materials such as Trailheads, Concierge articles, Confluence pages, etc. and regularly post content in various communications channels Required Skills &
Experience:
Minimum three years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of five years of total work experience Experience in security related analysis, creating metrics and dashboards and summarizing large data sets Ability to work with both business and technical areas and translate between the two areas Excellent verbal and written communication skills and ability to communicate results to multiple levels of management Operational process design, improvement, and implementation experience Demonstrated desire to learn new skills and innovate Agile, proactive, comfortable working with ambiguous specifications and can prioritize quickly and effectively Excellent interpersonal and relationship skills Excellent analytical and process development skills Detail oriented with an eye for quality Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc. Preferred
Qualifications:
Experience building productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance, Engineering, and other stakeholders. Familiarity with security frameworks such as FedRAMP, ISO 27001, SOC1/2, PCI, etc. Knowledge of, or experience working with, Cloud technologies/environments is a plus Experience working with Information Security, GRC, ERM, Technology, Business, and Legal/Privacy functions CISSP, CISA, CISM or similar certifications a plus Posting Statement At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits. Salesforce welcomes all. Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.
Salary Range:
$80K — $100K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
Apply Here
For Remote Security GRC, Senior Analyst roles, visit Remote Security GRC, Senior Analyst Roles

********

Senior Application Security Engineer – #2487 at GRAIL

Location: Menlo Park

GRAIL is a healthcare company whose mission is to detect cancer early, when it can be cured. GRAIL is focused on alleviating the global burden of cancer by developing pioneering technology to detect and identify multiple deadly cancer types early. The company is using the power of next-generation sequencing, population-scale clinical studies, and state-of-the-art computer science and data science to enhance the scientific understanding of cancer biology, and to develop its multi-cancer early detection blood test. GRAIL is headquartered in Menlo Park, CA with locations in Washington, D.C., North Carolina, and the United Kingdom. GRAIL, LLC is a wholly-owned subsidiary of Illumina, Inc. (NASDAQ:ILMN). For more information, please visit www.grail.com.We are hiring an Application Security Engineer for the newly formed Appsec team. In this role, you will work closely with engineering teams that build software to support all Grail’s Commercial Cloud software applications, tools and critical Appsec services (IAM & AWS services). We are looking for folks who are excited about pragmatic risk, continuous operational improvement and customer-centric security experiences. This is an excellent opportunity to join a fast paced, high growth, high impact group and apply new technologies and approaches to define, identify, evaluate, and maintain security for software solutions. You Will: Work within a team of engineers to deliver new features and toolsWork closely with product owners to transform roadmap items into functional softwareDevelop, implement, and maintain identity and access management solutions and AWS cloud platform.Improve identity and access management solutions and systems for protection against evolving threats and efficiency.Coach other members of the organization on the best practices that should be followed in identity and access managementStay up-to-date on current IAM threats and industry solutionsResponsible for upholding code reviews across all code platformsTake charge of bug intake and remediation process for the organizationDevelop, configure and implement tooling to support DevSecOps processes including SAST, DAST, IAST, and SCA, in partnership with DevOps.Discover security exposures and develop mitigation plans, and also report and fix the technical debt Your Background Includes: Strong AWS Security experience (AWS Certification is a huge plus) and Application Security StandardsProgramming Skills – Java, Go Languages Deep understanding of security principles including encryption, OAuth, etc.Extensive knowledge and experience with identity and access management technology, such as single sign-on (SSO), two-factor authentication, privileged access management, etcComprehensive knowledge and experience with authentication standards and technologies such as multi factor authentication, JSON Web Token (JWT), etc.Experience in Okta, Auth0 would be a plusExperience with SAST, DAST toolsThe ability to collaborate and communicate effectively in all areas of the organizationWorking closely with cross-functional teams (Engineering, DevOps, Product) while carrying out daily tasksBachelor’s or Master’s degree in Computer Science, Electrical Engineering, Bioinformatics, or similar technical fieldExperience building and deploying applications to AWS or any cloud service provider would be a plusGRAIL is an Equal Employment Office and Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status. We will reasonably accommodate all individuals with disabilities so that they can participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Following extensive monitoring, consideration of business implications, and advice from internal and external experts, GRAIL US has made the decision to require that all U.S. employees be “Fully Vaccinated” with the COVID-19 vaccine and “Up to Date” with any recommended booster. “Fully Vaccinated” is defined as two weeks after both doses of a two-dose vaccine (e.g. Pfizer or Moderna) or two weeks since a single-dose vaccine (e.g. Johnson & Johnson) has been administered; “Up to Date” means having timely received any COVID-19 vaccine booster(s) in accordance with CDC guidelines. Absent a qualifying exemption, all GRAIL US employees are to comply with this requirement, including providing documentation of such vaccination status, as a condition of employment. Anyone unable to be vaccinated, either because of a sincerely held religious belief or a medical condition or disability that prevents them from being vaccinated, can request a reasonable accommodation for consideration by GRAIL.
Apply Here
For Remote Senior Application Security Engineer – #2487 roles, visit Remote Senior Application Security Engineer – #2487 Roles

********

Cyber Security Engineer at Bay Area Rapid Transit

Location: Oakland

Marketing Statement

Ride BART to a satisfying career that lets you both: 1) make a difference to Bay Area residents, and 2) enjoy excellent pay, benefits and employment stability. BART is looking for people who like to be challenged, work in a fast paced environment, and have a passion for connecting riders to work, school and other places they need to go. BART offers a competitive salary, comprehensive health benefits, paid time off, and the CalPERS retirement program.

Conditions of Employment

All San Francisco Bay Area Rapid Transit District (BART) employees are required to be fully vaccinated against COVID-19 as a condition of employment. You will be required to show proof of your completed COVID-19 vaccination prior to receiving a final offer, unless you receive a COVID-19 Vaccination reasonable accommodation due to a medical condition or a religious exemption due to an approved sincerely held religious belief that prohibits you from receiving a vaccine. BART will review requests for a reasonable accommodation or religious exemption on a case-by-case basis. Documentation may be required. For questions, please contact BART Human Resources, Leave Management at .

Department

Desktop and Network Services

Pay and Benefits

BART offers comprehensive compensation and benefits programs. Benefits include CalPERS pension; excellent medical (effective January 1, 2022 current employee cost $157.35 monthly for most plans), vision, and dental coverage; supplemental insurances; paid holidays and vacation; as well as two investment programs, one of which is entirely funded by BART. BART does not participate in Social Security. Complimentary BART passes for employee and qualifying dependents.

Pay Rate

$105,333.00 – $159,580.00 (Non-Rep Pay Band-7)

Initial salary offer will be between $129,221.79/annually – $144,394.94/annually (commensurate with experience and education)

Posted Date

June 20, 2022

Closing Date

Open Until Filled

First round of application reviews will be targeted for the week of July 11, 2022
• This posting is to fill two (2) vacant positions

Reports To

Manager of Cyber Security

Days Off

Saturday and Sunday

Who May Apply

All current BART employees and qualified individuals who are not yet BART employees.

Current Assignment

This announcement will recruit two (2) positions within the BART Office of the Chief Information Officer (OCIO). The BART Cybersecurity Division, within the OCIO, offers an exciting and challenging role administering some of the latest security tools in a highly virtualized environment. As a Regional Government office, BART is responsible for networks in 5 Bay Area Counties and the safety of more than 450,000 average weekday riders. BART’s Cybersecurity Division has a wide variety of security responsibilities that include Business Networks, SCADA Networks, Police Networks, and Anti-Terrorism security measures. BART is looking for highly motivated, intelligent specialists that are excited to contribute, learn and grow in our organization. In the Cybersecurity Division, you’ll get hands on experience with the latest in Software Defined Networking, Virtualization, Hyperconvergance, Intrusion Detection/Prevention, Network Access Control, Vulnerability Scanning, Data Loss Prevention, Cloud Fencing, End Point Security, Forensics and much more.

BART is looking for highly experienced desktop, application, database, network and security professionals that want to focus their careers on working with cutting edge security tools. The Cybersecurity Division offers a collaborative environment with a major emphasis on ensuring that our Cybersecurity Engineers get the training, support and certifications they need to better combat the evolving threat landscape.

Essential Job Functions
• Under general supervision develops and implements the design of a complex unified cyber security program.
• Monitors and Tunes the District’s Unified Cyber Security Program.
• Provides highly technical security expertise and support related to alarms and monitoring devices that participate in District Security Objectives (DSO’s); Oversees and resolves business and support issues related to RAILS.
• Manages the various security projects including performing impact diagnostics on existing technology projects.
• Evaluates business and technical security requirements; driving the selection, prototyping and implementation of applications and technical solutions; and effectively communicating inherent security risks to non-technical users and administrators
• Implements and tunes algorithms used to monitor both machine and human behavior.
• Develops and maintains inventory lists generated from advanced forensic investigation.
• Coordinates and implements enterprise design and remediation solutions based on gathered statistics.
• Collects automated progress metrics for all technology projects.
• Coordinates with law enforcement to maintain District security.
• Responsible for analyzing and testing attack and penetration of Internet infrastructure and Web-based applications utilizing manual and automated tools.
• Performs other duties as assigned within the scope of the qualifications.

Minimum Qualifications

Education:

A Bachelor’s Degree in Computer Science, Information Security or related field.

Experience:

Three (3) years of (full-time equivalent) verifiable professional experience in an Information Security Operations and/or design role, which must have included Cyber Intelligence, Cyber Defense, Digital Surveillance, or related experience.

Substitution:

Additional professional experience as outlined above may be substituted for the education on a year-foryear basis. A college degree and information security related certification (s) and detailed hands-on network experience developing enterprise cyber security programs is highly preferred.

Other Requirements:

Professional Certification such as CISSP, CISM, GSEC, GIAC, CEH, CPT are strongly preferred.

WORKING CONDITIONS

Environmental Conditions:

Office environment; exposure to computer screens.

Selection Process

Applications will be screened to assure that minimum qualifications are met. Those applicants who meet minimum qualifications will then be referred to the hiring department for the completion of further selection processes.

The selection process for this position may include a skills/performance demonstration, a written examination, and a panel and/or individual interview.

The successful candidate must have an employment history demonstrating reliability and dependability; provide copies of certificates, diplomas or other documents as required by law, including those establishing his/her right to work in the U. S; pass a pre-employment medical examination which may include a drug and alcohol screen, and which is specific to the essential job functions and requirements. Pre-employment processing will also include a background check. (Does not apply to current full-time District employees unless specific job requires additional evaluations).

Application Process

External applicants may only apply online, at Applicants needing assistance with the online application process may receive additional information by calling (510) 464-6112.

Current employees are strongly encouraged to apply online, either at , or on WebBART. Current employees may also apply using a BART paper application by delivering the completed form to the Human Resources Department, or by mailing it to P. O. Box 12688, Oakland, CA 94604-2688.

All applicants are asked to complete the application in full, indicating dates of employment, all positions held, hours worked, and a full description of duties. On line applicants are invited to electronically attach a resume to the application form to provide supplemental information, but should not consider the resume a substitute for the application form itself.

Applications must be complete by the closing date and time listed on the job announcement.

Equal Employment Opportunity

The San Francisco Bay Area Rapid Transit District is an equal opportunity employer. Applicants shall not be discriminated against because of race, color, sex, sexual orientation, gender identity, gender expression, age (40 and above), religion, national origin (including language use restrictions), disability (mental and physical, including HIV and AIDS), ancestry, marital status, military status, veteran status, medical condition (cancer/genetic characteristics and information), or any protected category prohibited by local, state or federal laws.

The BART Human Resources Department will make reasonable efforts in the examination process to accommodate persons with disabilities or for religious reasons. Please advise the Human Resources Department of any special needs in advance of the examination by emailing at least 5 days before your examination date at .

Qualified veterans may be eligible to obtain additional veteran’s credit in the selection process for this recruitment (effective Jan. 1, 2013). To obtain the credit, veterans must attach to the application a DD214 discharge document or proof of disability and complete/submit the Veteran’s Preference Application no later than the closing date of the posting. For more information about this credit please go to the Veteran’s Preference Policy and Application link at

Other Information

Please be prepared to present documentation in support of any required licenses, degrees, or certifications upon request.

Please note that any job announcement may be canceled at any time.

Note

When you have successfully applied for this position you will receive an auto reply e-mail acknowledging that your application was received for this position. Please retain a copy of the e-mail for your records. If you receive an auto reply that does not specifically reference this position, please email Employment Help at for assistance.

To verify submission of your application, click on the ‘My Career Tools’ link at the top of the ‘Careers Home Page’ after submitting your application to view the list of applications you have submitted (including application date and status). If you have further questions, please email the Employment Help at , between the hours of 8:15am – 5:00pm, Monday- Friday.

The San Francisco Bay Area Rapid Transit District is an equal opportunity employer. Applicants shall not be discriminated against because of race, color, sex, sexual orientation, gender identity, gender expression, age (40 and above), religion, national origin (including language use restrictions), disability (mental and physical, including HIV and AIDS), ancestry, marital status, military status, veteran status, medical condition (cancer/genetic characteristics and information), or any protected category prohibited by local, state or federal laws.

The BART Human Resources Department will make reasonable efforts in the examination process to accommodate persons with disabilities or for religious reasons. Please advise the Human Resources Department of any special needs in advance of the examination by emailing at least 5 days before your examination date at
Apply Here
For Remote Cyber Security Engineer roles, visit Remote Cyber Security Engineer Roles

********

The Tech Career Guru
We will be happy to hear your thoughts

Leave a reply

Tech Jobs Here
Logo