Principal Cyber Security Engineer

Job Summary

Principal Cyber Security Engineer – responsible for developing and implementing comprehensive security strategies for Operational Technology (OT) infrastructure, including Enterprise Systems, SCADA systems, and custom internal applications.

Non Rep Pay Grade E08
Annual Salary Rate: $ annually (minimum) – $ annually (maximum).
The negotiable starting salary will be between $ annually – $ annually, commensurate with education and experience.

Manager of Cyber Security or designee

San Francisco Bay Area Rapid Transit (BART) is seeking to fill a Principal Cyber Security Engineer position in the Office of the Chief Information Officer (OCIO).

• Design and enforce security policies and protocols to protect OT infrastructure from cyber threats.
• Conduct risk assessments and vulnerability analyses on Enterprise Systems and SCADA environments.
• Collaborate with IT and OT teams to ensure seamless integration of security measures across all platforms.
• Monitor and respond to security incidents, ensuring rapid resolution and compliance with industry standards.
• Develop and deliver training programs to enhance security awareness among staff and stakeholders.
• Stay updated on emerging threats and technologies, providing recommendations for continuous improvement of security posture.

• Cyber Security
  
  Certifications:
  
  Relevant certifications such as CISSP, CISM, or CEH.
• Operational Technology
  
  Experience:
  
  Extensive knowledge of securing SCADA systems and Enterprise Networks.
• Custom Application Security:
  Proficiency in assessing and securing custom internal applications against potential vulnerabilities.
• Incident Response Expertise:
  Strong background in incident response planning and execution within OT environments.
• Regulatory Compliance Knowledge:
  Familiarity with industry regulations and standards relevant to cyber security in operational technology.

• Performs the most complex unified cyber security program work in the District; plans, reviews and approves cyber security project schedules; assists in strategic planning; prepares status reports; coordinates project resources; communicates with all project participants on relevant issues, identifies and resolves cyber security issues.
• Establishes schedules and methods for providing cyber security project services; identifies resource needs; reviews needs with appropriate management staff; allocates resources accordingly.
• Participates in the development of policies and procedures; monitors work activities to ensure compliance with established policies and procedures; makes recommendations for changes and improvements to existing standards and procedures.
• Recommends and assists in the implementation of goals and objectives; implements approved policies and procedures.
• Determines user requirements for assigned cyber security systems; determines hardware and software designs necessary to accomplish projects; evaluates resources; makes recommendations on systems hardware and software; coordinates procurement.
• Prepares analytical and statistical reports on cyber security operations, activities and projects.
• Represents the District in public meetings and hearings on proposed projects.
• Provides technical cyber security assistance to management, contractors, and other divisions and departments.
• Attends and participates in professional group meetings; stays abreast of new trends and innovations in the field of cyber security.
• May supervise, assign, review and participate in the work of staff responsible for cyber security projects including but not limited to firewall configuration, antivirus implementation, Multi-Factor Authentication (MFA), Network Access Control (NAC), Domain Security, Cloud Access Security Brokers (CASB), quality control, integration, and documentation; as assigned, may oversee the work of outside contractors and consultants.
• May participate in the selection of District or contracted cyber security staff; provides or coordinates staff training; may work with employees to correct deficiencies; may implement discipline procedures.

Applications will be screened to…