Technology Engineer – Principal (1044) – Security Specialty - Citywide (C00100)

City and County of San Francisco•San Francisco, CA

14h•$171,158 - $243,646•Onsite

About The Position

Under general direction, provides direct ongoing supervision to other Technology Engineers and/or provides technical leadership and direction and assumes technical responsibility for completion of major projects, or serves as the top technical authority for one or more related specialties. Performs and reviews complex work involving analysis, planning, designing, implementation, maintenance, troubleshooting and enhancement of systems or platforms. Serves as the lead technical architect for systems or platforms. The 1044 Principal Technology Engineer is the highest level in the Engineer series and may be assigned to function as a supervisor, expert or project leader. When assigned as a supervisor, develops, coordinates and executes policies, methods and procedures, and supervises personal; when assigned as an expert, performs work requiring a very high level of technical knowledge of a specific area or ability to integrate at a high level the knowledge of several areas (this is not considered to be a part of the normal career path for employees in this series; rather it is reserved for those employees with a mastery of specific technologies or a particular expertise); when assigned as a project leader, manages and provides technical leadership of projects involving large-scale, complex and highly analytical tasks. Work is performed within a broad framework of general policy and requires creativity and resourcefulness to accomplish goals and objectives, and in applying concepts, plans and strategies which may deviate from traditional methods and practices. The Technology Engineer series is distinguished from the Technology Analyst/Designer series as the Technology Engineers build, implement, and maintain core technology infrastructure, whereas the Technology Analyst/Designers analyze business needs, designs systems and services, and oversee implementation and ongoing improvement.

Requirements

An associate degree in computer science, computer engineering, information systems, or a closely-related field from an accredited college or university OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in one of the fields above or a closely-related field].
Five (5) years of experience analyzing, installing, configuring, enhancing, and/or maintaining the components of a system or platform.

Nice To Haves

One year of additional experience as described above may be substituted for the required degree.
Completion of the 1010 Information Systems Trainee Program may be substituted for the required degree.

Responsibilities

Architects, designs, implements, maintains and operates information system security and privacy controls and countermeasures; supervises and trains operators in the administration of these systems; documents the operation, use and expected outputs of these systems.
Analyzes and recommends security and privacy controls and procedures in acquisition, development and change management lifecycle of information systems, and provides oversight to ensure compliance.
Analyzes and recommends security and privacy controls and procedures in business processes related to use of information systems and assets, and provides oversight to ensure compliance.
Monitors information systems for security incidents, vulnerabilities and privacy risks; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities and trends to IT or executive management.
Oversees the response to information system security and privacy incidents, including investigation of, countermeasures to and recovery from computer-based attacks, unauthorized access and policy breaches; engages, interacts and coordinates with third-party incident responders, including law enforcement.
Oversees the administration of authentication and access controls, including provisioning, changes and deprovisioning of user and system accounts, security/access roles and access permissions to information assets.
Analyzes trends, news and changes in threat, compliance, and privacy regulatory environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; oversees risk and compliance self-assessments and engages and coordinates third-party risk and compliance assessments.
Analyzes and oversees the development of information security and privacy governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security, privacy, and use and operation of information systems.
Oversees the development and administration of information security and privacy training and awareness programs.