We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Bay Area Rapid Transit jobs

Principal Cyber Security Engineer

Bay Area Rapid Transit
$144,443.00 - $218,831.00 Annually
medical insurance, dental insurance, life insurance, vision insurance, vacation time, paid holidays, sick time, retirement plan, pension
United States, California, Oakland
300 Lakeside Drive (Show on map)
Dec 23, 2025


Marketing Statement

Ride BART to a satisfying career that lets you both: 1) make a difference to Bay Area residents, and 2) enjoy excellent pay, benefits, and employment stability. BART is looking for people who like to be challenged, work in a fast-paced environment, and have a passion for connecting riders to work, school and other places they need to go. BART offers a competitive salary, comprehensive health benefits, paid time off, and the CalPERS retirement program.






Job Summary

Pay Rate Non Rep Pay Grade E08
Annual Salary Rate: $144,443.00 annually (minimum) - $218,831.00 annually (maximum)
The negotiable starting salary will be between $144,443.00 annually - $186,505.31 annually, commensurate with education and experience.

Reports To
Manager of Cyber Security or designee

Current Assignment
San Francisco Bay Area Rapid Transit (BART) is seeking to fill a Principal Cyber Security Engineer position in the Office of the Chief Information Officer (OCIO).

The Principal Cyber Security Engineer will be responsible for developing and implementing comprehensive security strategies for Operational Technology (OT) infrastructure, including Enterprise Systems, SCADA systems, and custom internal applications.

Key responsibilities of this position would include, but not limited to:

  • Design and enforce security policies and protocols to protect OT infrastructure from cyber threats.
  • Conduct risk assessments and vulnerability analyses on Enterprise Systems and SCADA environments.
  • Collaborate with IT and OT teams to ensure seamless integration of security measures across all platforms.
  • Monitor and respond to security incidents, ensuring rapid resolution and compliance with industry standards.
  • Develop and deliver training programs to enhance security awareness among staff and stakeholders.
  • Stay updated on emerging threats and technologies, providing recommendations for continuous improvement of security posture.
The most qualified candidate for this position will have highly developed competencies beyond the minimum qualifications in the following areas, which will be reinforced with related work experience and will be clearly articulated during the selection process:

  • Cyber Security Certifications: Relevant certifications such as CISSP, CISM, or CEH.
  • Operational Technology Experience: Extensive knowledge of securing SCADA systems and Enterprise Networks.
  • Custom Application Security: Proficiency in assessing and securing custom internal applications against potential vulnerabilities.
  • Incident Response Expertise: Strong background in incident response planning and execution within OT environments.
  • Regulatory Compliance Knowledge: Familiarity with industry regulations and standards relevant to cyber security in operational technology.
Selection Process
Applications will be screened to assure that minimum qualifications are met. Those applicants who meet minimum qualifications will then be referred to the hiring department for the completion of further selection processes.

The selection process for this position may include a skills/performance demonstration, a written examination, and a panel and/or individual interview.

The successful candidate must have an employment history demonstrating reliability and dependability; provide copies of certificates, diplomas or other documents as required by law, including those establishing his/her right to work in the U.S. Pre-employment processing will also include a background check. (Does not apply to current full-time District employees unless specific job requires additional evaluations).

Application Process
External applicants may only apply online, at www.bart.gov/jobs. Applicants needing assistance with the online application process may receive additional information by calling (510) 464-6112.

Current employees must apply online at www.bart.gov/jobs.

All applicants are asked to complete the application in full, indicating dates of employment, all positions held, hours worked, and a full description of duties. Online applicants are invited to electronically attach a resume to the application form to provide supplemental information but should not consider the resume a substitute for the application form itself.

Applications must be complete by the closing date and time listed on the job announcement.

Examples of Duties

  1. Performs the most complex unified cyber security program work in the District; plans, reviews and approves cyber security project schedules; assists in strategic planning; prepares status reports; coordinates project resources; communicates with all project participants on relevant issues, identifies and resolves cyber security issues.

  2. Establishes schedules and methods for providing cyber security project services; identifies resource needs; reviews needs with appropriate management staff; allocates resources accordingly.

  3. Participates in the development of policies and procedures; monitors work activities to ensure compliance with established policies and procedures; makes recommendations for changes and improvements to existing standards and procedures.

  4. Recommends and assists in the implementation of goals and objectives; implements approved policies and procedures.

  5. Determines user requirements for assigned cyber security systems; determines hardware and software designs necessary to accomplish projects; evaluates resources; makes recommendations on systems hardware and software; coordinates procurement.

  6. Prepares analytical and statistical reports on cyber security operations, activities and projects.

  7. Represents the District in public meetings and hearings on proposed projects.

  8. Provides technical cyber security assistance to management, contractors, and other divisions and departments.

  9. Attends and participates in professional group meetings; stays abreast of new trends and innovations in the field of cyber security.

  10. May supervise, assign, review and participate in the work of staff responsible for cyber security projects including but not limited to firewall configuration, antivirus implementation, Multi-Factor Authentication (MFA), Network Access Control (NAC), Domain Security, Cloud Access Security Brokers (CASB), quality control, integration, and documentation; as assigned, may oversee the work of outside contractors and consultants.

  11. May participate in the selection of District or contracted cyber security staff; provides or coordinates staff training; may work with employees to correct deficiencies; may implement discipline procedures.


Minimum Qualifications

Education:

Bachelor's degree in Computer Science, Information Security or a related field.

Experience:

Four (4) years of (full-time equivalent) verifiable professional experience in an Information Security Operations and/or design role, which must have included one or more of the following: Cyber Intelligence, Cyber Defense, Digital Surveillance, or related experience.

Substitution:

Additional professional experience as outlined above may be substituted for the education on a year-for- year basis.

Other Requirements:

May require overtime for after-hours support on some evenings and weekends.


Knowledge and Skills

Knowledge of:

  • Cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls).
  • Threat modeling and risk assessment methodologies.
  • Security technologies and tools, including firewalls, intrusion detection/prevention systems (IDPS), and antivirus solutions.
  • Network security protocols and encryption methods.
  • Incident response and disaster recovery planning.
  • Vulnerability assessment and penetration testing techniques.
  • Regulatory compliance requirements (e.g., GDPR, HIPAA, PCI-DSS).
  • Operations, services and activities of a comprehensive cyber security program.
  • Operational characteristics of cyber security systems including connectivity to multiple systems and locations.
  • Network security, operations and methodologies.
  • Control system security hardware and security software capabilities.
  • Contract preparation and administration.
  • Methods and techniques of estimating and scheduling network modifications.
  • Concepts of real-time systems analysis and programming.
  • Terminology, methods, practices, and techniques used in technical report preparation.
  • Modern office procedures, methods, and equipment including computers.
  • Specialized computer programs or systems utilized in project management and design.
  • Related procurement practices, procedures and requirements.
  • Related federal, state and local laws, codes and regulations.
  • Principles of supervision, training and performance evaluation.

Skill in:

  • Designing and implementing robust security architectures for enterprise environments.
  • Leading security assessments, audits, and compliance initiatives.
  • Developing and executing incident response plans and procedures.
  • Analyzing security incidents to identify root causes and remediate vulnerabilities.
  • Collaborating with cross-functional teams to enhance overall security posture.
  • Communicating complex security concepts to technical and non-technical stakeholders.
  • Staying current with emerging threats, vulnerabilities, and security technologies.
  • Performing the most complex cyber security analysis, design and project management duties.
  • Preparing cyber security design criteria, specifications and standards.
  • Performing and reviewing complex calculations.
  • Analyzing complex technical problems, evaluating alternatives and recommending solutions.
  • Interpreting and explaining District policies and procedures.
  • Preparing clear, concise and complete reports.
  • Communicating clearly and concisely, both orally and in writing.
  • Understanding and following oral and written instructions.
  • Establishing and maintaining effective working relationships with those contacted in the course of work.
  • Supervising, organizing and reviewing the work of lower-level staff.






Equal Employment OpportunityGroupBox1

The San Francisco Bay Area Rapid Transit District is an equal opportunity employer. Applicants shall not be discriminated against because of race, color, sex, sexual orientation, gender identity, gender expression, age (40 and above), religion, national origin (including language use restrictions), disability (mental and physical, including HIV and AIDS), ancestry, marital status, military status, veteran status, medical condition (cancer/genetic characteristics and information), or any protected category prohibited by local, state or federal laws.

The BART Human Resources Department will make reasonable efforts in the examination process to accommodate persons with disabilities or for religious reasons. Please advise the Human Resources Department of any special needs in advance of the examination by emailing at least 5 days before your examination date at employment@bart.gov.

Qualified veterans may be eligible to obtain additional veteran's credit in the selection process for this recruitment (effective Jan. 1, 2013). To obtain the credit, veterans must attach to the application a DD214 discharge document or proof of disability and complete/submit the Veteran's Preference Application no later than the closing date of the posting. For more information about this credit please go to the Veteran's Preference Policy and Application link at www.bart.gov/jobs.



Applied = 0
MORE JOBS LIKE THIS

(web-df9ddb7dc-zsbmm)