Job Description

The Cyber Architecture and Assurance team is one of four teams in the Office of Cybersecurity, focused on developing cybersecurity policies and standards, ensuring application and platform architectures meet OCS (Office of Cybersecurity) cybersecurity standards. We are active in empowering IT groups throughout the City and County in their risk mitigation practices, providing real-time assurance data and toolsets to IT professionals and management throughout the City and County enterprise. We are a service-oriented, dynamic and diverse group, who are firmly committed to our mission. The Office of Cybersecurity is helmed by the City Chief Information Officer (CCISO).

The Cyber Assurance Program project is moving into its compliance phase. As we continue to enhance the program, expand our visibility, gaining critical security intelligence, we are seeking to align and empower City IT stakeholders with cybersecurity best practices, actively remediating risk in accordance with established policies, automating many of the operational security practices needed to ensure the protection of City and County department and constituent data. One of the primary assurance tools our team utilizes is the Tanium platform. This position will work closely with our current principal engineer in maintaining and leveraging all aspects of the platform to realize OCS assurance program and project objectives.

We are seeking a highly motivated and technically experienced contributor to serve as a Tanium administrator, engineer, and thought leader to serve as partner to our lead Tanium engineer, and to assist in our mission of reducing cyber risk throughout the City and County. This position reports to the Office of Cybersecurity’s **** Cyber Defense Supervisor, who currently supervises the Office of Cybersecurity Cyber Defense and Cyber Architecture and Assurance teams. As a Principal Assurance Engineer, you will be responsible for maintaining, promoting, training and leveraging our Tanium platform in service to Assurance program objectives and cybersecurity IT stakeholders throughout the City and County, among other duties described pertaining to our general mission.

Position Responsibilities

• Deploy, configure, maintain, secure, assess, troubleshoot and optimize cyber assurance platforms, interfacing with vendor support and or Technical Account Managers as needed.
• Onboard, train and support cyber assurance platform users, supporting departments in assessing and remediating risk throughout the City enterprise.
• Develop Tanium based content and deploy solutions addressing a range of use cases for use by City and County Information Technology and Cybersecurity staff for Windows, macOS, and Linux.
• Recommend, assess, and assist departments in their compliance, security, and risk reduction efforts pertaining to all elements of Information Technology including operating systems, networks, and data storage.
• Develop and maintain documentation, policies, trainings and FAQs as needed.
• Assess and report on department or agency compliance with Office of Cybersecurity policies, department/ group security posture, and related challenges.
• Provide data and or Information Technology security guidance as a consultant for enterprise, department, and internal Department of Technology projects, requests, procurements, and change controls.
• Assist in developing cyber assurance related objectives and projects to meet those objectives. Work with departments and or internal teams to meet project objectives.
• Conduct department and agency outreach, surveys and program development.

Qualifications

Desirable Qualifications

1. 3 years’ experience of Linux and Microsoft Windows server administration and support.

2. 3 years’ experience diagnosing and resolving IP network issues.

3. 3 years’ experience using and supporting Tanium operational modules and on-prem appliances in a large, federated company, enterprise, or government agency comprising multiple agencies or businesses.

4. Comprehensive Tanium experience - Tanium Certified Operator (TCO) or Tanium Certified Administrator (TCA) preferred

5. CompTIA Security + , Certified Information Systems Security Professional (CISSP) or similar security related certification.

6. VMware virtualization or Amazon WEB Services (AWS) or Microsoft Azure Cloud Services experience

7. Microsoft Server Operating System certification

8. Intermediate Linux administration and BASH script development

9. PowerShell, Python or VBScript script development

10. macOS desktop management and support experience

11. Windows desktop management and support experience

12. Self-starter, strong detail and service orientation, with excellent follow through are attributes needed for this position

Minimum Qualifications

Education:

An associate degree in computer science, computer engineering, information systems, or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in one of the fields above or a closely-related field].

Experience:

Five (5) years of experience analyzing, installing, configuring, enhancing, and/or maintaining the components of an enterprise network.

License and Certification:

Substitution:

Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units/ forty-five (45) quarter units with a minimum of 10 semester / 15 quarter units in one of the fields above or a closely related field.

Completion of the 1010 Information Systems Trainee Program may be substituted for the required degree.

Additional Information

Job Type:

The Permanent Exempt - Full Time position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the appointment officer. The anticipated duration of this project position is thirty-six (36) months and will not result in an eligible list or permanent civil service hiring.

Work Location

Incumbent will conduct the majority of work at the Department of Technology, (1 S Van Ness, Ave San Francisco, CA 94103). However, there may be situations where the incumbent will be required to work at other sites throughout the City of San Francisco as necessary

Nature of Work

The incumbent must be willing to work on-site at our San Francisco office in person four (4) days a week and one day remote as determined by the department. Travel within San Francisco may be required.

Compensation: $77.9250 - $98.0125 (hourly)/$162,084 - $203,866 (annually)

How to Apply:

• Application Deadline: Applicants are encouraged to apply immediately as this recruitment may close at any time, but not before Friday, May 2, 2025, at 11:59PM.
  • Applicants must complete the supplemental questionnaire ;[https://forms.office.com/g/8EfjaqZmQN](http://Applicants must complete the supplemental questionnaire prior to starting the online application process. The application will not be reviewed without a completed supplemental questionnaire;  https://forms.office.com/g/8EfjaqZmQN)
  • Your application MUST include a resume. To upload, please attach using the "additional attachments" function.
• You may contact Lawlun Leung via email at lawlun.leung@sfgov.org with questions regarding this opportunity.
• Late or incomplete submissions will not be considered. Mailed, hand delivered or faxed documents/applications will not be accepted.

Right to Work:

All persons entering the City and County of San Francisco workforce are required to provide verification of authorization to work in the United States.

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.