Marketing Statement

Ride BART to a satisfying career that lets you both: 1) make a difference to Bay Area residents, and 2) enjoy excellent pay, benefits, and employment stability. BART is looking for people who like to be challenged, work in a fast-paced environment, and have a passion for connecting riders to work, school and other places they need to go. BART offers a competitive salary, comprehensive health benefits, paid time off, and the CalPERS retirement program.

Pay Rate

Non-Represented Pay Band E07

Annual Salary: $113,621.00 (Minimum) - $172,136.00 (Maximum)

The negotiable starting salary offer will be between $113,621.00/annually - $164,346.25/annually, commensurate with education and experience.

Manager of Cyber Security

Current Assignment

This job announcement will be used to establish a pool of eligible candidates for vacancies that may occur within the next twelve (12) months.

BART is looking for a highly experienced Cyber Security Engineer that wants to focus their career on working with cutting edge network security tools. An ideal candidate is a former or current enterprise network security professional with a deep understanding of routing, switching and next generation firewalls.

The Cybersecurity Division in the Office of the Chief Information Officer (OCIO) offers a collaborative environment with a major emphasis on ensuring that our Cyber Security Engineers get the training, support, and certifications they need to better combat the evolving threat landscape.

Initial screening of resumes received will begin on May 8, 2024.

Applications will be screened to assure that minimum qualifications are met. Those applicants who meet minimum qualifications will then be referred to the hiring department for the completion of further selection processes.

Qualified applications received up to the initial screening date may be enrolled into the selection process. If no successful candidate(s) are identified, applications received past the initial screening date will then be reviewed for consideration.

The selection process for this position may include a skills/performance demonstration, a written examination, and a panel and/or individual interview.

The successful candidate must have an employment history demonstrating reliability and dependability; provide copies of certificates, diplomas or other documents as required by law, including those establishing his/her right to work in the U. S; pass a pre-employment medical examination which may include a drug and alcohol screen, and which is specific to the essential job functions and requirements. Pre-employment processing will also include a background check. (Does not apply to current full-time District employees unless specific job requires additional evaluations).

Under general supervision develops and implements the network design of a complex unified cyber security infrastructure.

Monitors and Tunes the District's Unified Cyber network infrastructure.

Provides highly technical security expertise and support related to alarms and monitoring devices that participate in District Security Objectives (DSO's); Oversees and resolves business and network support issues related to Regional Anti-Terrorism Integrated Law Enforcement System (RAILS).

Manages the various network security projects including performing impact diagnostics on existing technology projects.

Evaluates business and technical security requirements; driving the selection, prototyping and implementation of applications and technical solutions; and effectively communicating inherent security risks to non-technical users and administrators.

Participates as a member of the Computer Security Incident Response Team (CSIRT).

Coordinates and implements enterprise network design and remediation solutions based on gathered statistics.

Collects automated progress metrics for all technology projects.

Coordinates with law enforcement, as necessary, to maintain District security.

Responsible for analyzing and testing attack and penetration of Internet infrastructure and Web-based applications utilizing manual and automated tools.

Performs other duties as assigned within the scope of the qualifications.

Education:
A Bachelor's Degree in Computer Science, Information Security or related field.

Experience:
Three (3) years of (full-time equivalent) verifiable professional experience in an Information Security Operations and/or design role, which must have included Cyber Intelligence, Cyber Defense, Digital Surveillance, or related experience.

Substitution:
Additional professional experience as outlined above may be substituted for the education on a year-for- year basis. A college degree and information security related certification (s) and detailed hands-on network experience developing enterprise cyber security programs is highly preferred.

Other Requirements:
Professional Certification such as CISSP, CISM, GSEC, GIAC, CEH, CPT are strongly preferred.

Knowledge of:

• Network security management, design, and deployment.
• Datacenter operations in Co-Located datacenters and on-premises datacenters.
• Transportation and Rail-specific security concerns. (SCADA, CBTC).
• Next Generation Firewalls (NGFW), Software Defined Wide-Area Networking (SDWaN).
• Advanced Threat Protection and Sandboxing solutions.
• Intrusion Detection/Prevention Systems: Anomaly-based, signature-based, and host-based.
• Cybersecurity Standards, Practices & Solutions.
• Cloud services and platforms such as Azure, AWS, GCP.
• Virtual computing infrastructure platforms such as Nutanix, VMware, Azure.
• Related federal, state, and local laws, codes and regulations.
• Information security tools such as Nessus, Elastic, F5/BigIP, NMAP, Vectra, Tines, WebInspect, Nikto or similar.
• Enterprise Information Systems and Information Security which address system development and maintenance procedures, system software and hardware controls, security and access controls, computer operations, environmental protection and detection, and backup and recovery procedures.
• Enterprise system architecture and security controls, such as firewall and border router configurations, operating systems configurations, wireless architectures, databases, specialized appliances and information security policies and procedures.
• Relational Database Administration (DBA) in Oracle, SQL, or similar data systems.
• Technical knowledge of Unix, Linux and Windows operating systems.
• Technical knowledge of remote access methodologies, log management tools, firewalls, cryptography and digital certificates.
• Surveillance, Access Control and related Alarm Systems.
• Methods and techniques of networking protocols and remote access.
• Experience with Unix shell, scripting languages, regular expressions.
• Programming languages such as Java, C, C++, C#, and .NET.
• Industry Standards, eg, ISO 17799/27001, NIST Publications and other Industry Related Security Standards.

• Performing manual techniques to exploit vulnerabilities in the OWASP top 10 including but not limited to cross-site Scripting, SQL injections, session hi-jacking and buffer overflows to obtain controlled access to target systems.
• Performing network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols.
• TCP/IP and application layer troubleshooting.
• Managing interfaces between disparate alarm systems.
• Preparing clear and concise reports and documentation.
• Advanced troubleshooting.Software Application source code security review.
• Communicating clearly and concisely, both orally and in writing.
• Establishing and maintaining effective working relationships with those contacted in the course of work.
• Creating training materials.
• Training employees to maintain situational awareness.

Equal Employment OpportunityGroupBox1

The San Francisco Bay Area Rapid Transit District is an equal opportunity employer. Applicants shall not be discriminated against because of race, color, sex, sexual orientation, gender identity, gender expression, age (40 and above), religion, national origin (including language use restrictions), disability (mental and physical, including HIV and AIDS), ancestry, marital status, military status, veteran status, medical condition (cancer/genetic characteristics and information), or any protected category prohibited by local, state or federal laws.

The BART Human Resources Department will make reasonable efforts in the examination process to accommodate persons with disabilities or for religious reasons. Please advise the Human Resources Department of any special needs in advance of the examination by emailing at least 5 days before your examination date at .

Qualified veterans may be eligible to obtain additional veteran's credit in the selection process for this recruitment (effective Jan. 1, 2013). To obtain the credit, veterans must attach to the application a DD214 discharge document or proof of disability and complete/submit the Veteran's Preference Application no later than the closing date of the posting. For more information about this credit please go to the Veteran's Preference Policy and Application link at .