Cybersecurity Engineer

To apply please visit the San Diego Housing Commission Careers Page

Department: Information Technology

Location: San Diego, CA

Job Type: Full-Time

Work Model: Hybrid (2 days in office per week)

The San Diego Housing Commission (SDHC) is an award-winning public agency that provides housing assistance and homelessness solutions for low-income households. SDHC supports more than 17,000 households annually and helps create and preserve over 23,000 affordable rental units citywide. Technology plays a critical role in ensuring these programs operate efficiently and effectively.

SDHC offers a competitive salary and an exceptional benefits package, including:

• 9/80 compressed work schedule (office closed every other Friday)
• 14 paid holidays
• Employer-paid pension contribution
• Sharp or Kaiser medical plans, dental, vision
• Tuition reimbursement
• Wellness programs and rewards
• Additional benefits as detailed on SDHC’s employee benefits page.

This role directly supports SDHC’s mission to improve housing outcomes for thousands of San Diego residents. You’ll have the opportunity to:

• Make meaningful community impact through technology
• Work with multiple departments on varied, high-visibility projects
• Grow your skills with enterprise systems and modern AI tools
• Develop your career in a collaborative, mission-driven environment.

We’re seeking a Cybersecurity Engineer to enhance and evolve our established security program. In this role, you’ll build on existing security capabilities to ensure we stay ahead of emerging threats while designing, implementing, and maintaining security architectures across our systems, networks, and cloud platforms.

Working closely with IT leadership, system administrators, and application developers, you’ll shape improvements in vulnerability management, threat detection, incident response, automation, and compliance. This is a high-impact, hands-on technical role where your expertise will directly strengthen the resilience and future-readiness of our technology environment.

• Research, Design, implement, and maintain security architectures, systems (firewalls, intrusion detection/prevention systems, endpoint protection, VPNs, encryption, secure access solutions), and tools.
• Develop and deploy network security measures.
• Conduct regular vulnerability assessments, penetration testing, security scans, risk assessments, and monitoring.
• Develop and implement strategies to mitigate identified vulnerabilities and ensure timely patch management.
• Monitor security systems and logs for threats and anomalies, respond to security incidents, and provide forensic investigations.
• Configure, manage, and utilize security tools and technologies, including security and compliance scanners and monitors.
• Automate security processes, workflows, and scanning.
• Analyze threat intelligence reports and adjust security measures accordingly.
• Stay current with emerging threats, vulnerabilities, and attack vectors.
• Ensure compliance with regulatory standards, and guides.
• Develop and maintain security documentation.
• Collaborate closely with System Administrators, Help Desk, and application development teams to ensure organizational compliance across the network infrastructure.
• Maintain incident response and disaster recovery (DR) plans and coordinate annual tests on both
• Provide senior leaders and executives with concise and relevant information to support informed risk management decisions regarding technology and information processing.
• Possess excellent analytical, verbal and written communication skills to accurately document, report, and present findings to a variety of audiences including senior management.
• Excellent interpersonal skills to influence and guide all levels of employees, including senior managers.
• Performs other duties as assigned.

Knowledge of:

• Operational characteristics, services, and activities of iinformation technology.
• Proficiency in network security concepts and protocols.
• Experience with cloud security platforms (AWS, Azure).
• Knowledge of operating systems (Windows, Mac, Linux, Android, Apple) and their security configurations.
• Design, operations, properties, and capabilities of networks and network cabling.
• Familiarity with threat intelligence platforms and tools.
• Experience with incident response and forensic investigations.
• Applicable Federal, State, and local laws, regulatory codes, ordinances, and procedures relevant to assigned area of responsibility.
• Techniques for providing a high level of customer service by effectively dealing with the public, vendors, contractors, and Commission staff.
• Deep understanding of security architectures, systems, and tools (firewalls, IDS/IPS, endpoint protection, VPNs, encryption, SIEM, vulnerability scanners, penetration testing tools, etc.)
• English usage, grammar, spelling, vocabulary, and punctuation.

• Conduct complex research projects on a wide variety of cybersecurity issues, evaluate alternatives, make sound recommendations, and prepare effective technical reports. This includes analyzing threat intelligence, vulnerability assessments, and security incident data.
• Coordinate and plan security-focused projects, including application security enhancements, vulnerability remediation efforts, and security tool deployments.
• Research, develop, and recommend cost-effective technical security system improvements, including new tools, technologies, and processes.
• Prepare clear and concise security documentation, including incident response plans, security procedures, vulnerability reports, and presentations.
• Assist in the development and delivery of security awareness training programs for staff.
• Analyze and troubleshoot security incidents, using logic and expertise to solve problems and contain threats. Participate in forensic investigations as needed.
• Contribute to the establishment and maintenance of a security patching and vulnerability management schedule. Collaborate with the infrastructure team on system patching and updates as needed.
• Interpret, explain, and ensure compliance with relevant cybersecurity policies, procedures, laws, codes, regulations, and industry standards.
• Maintain accurate records of security incidents, vulnerability assessments, and other relevant security data.
• Organize and prioritize a variety of security projects and tasks effectively and meet deadlines.
• Use English effectively to communicate in person, over the telephone, and in writing, including explaining complex technical issues to non-technical audiences.
• Use tact, initiative, prudence, and independent judgment within established policy, procedural, and legal guidelines.
• Establish, maintain, and foster positive working relationships with those contacted in the course of work, including systems administrators, application developers, and other stakeholders.
• Maintain strict confidentiality and adhere to Commission policies, procedures, and administrative regulations.
• Develop, document, and maintain security policies, procedures, and associated training plans.
• Provide support to the infrastructure team for system administration tasks, including software and hardware improvements, upgrades, patches, reconfigurations, backups, and restores, as needed to ensure security coverage. This is a secondary responsibility.
• Represent the Commission as a technical expert on external projects related to cybersecurity.
• Identify security issues, analyze and interpret data, and develop innovative solutions to complex matters. Contribute to the development of new security processes or systems and resolve complex technical problems.
• Serve as a leader on security projects and be a technical expert in one or more cybersecurity areas.

Equivalent to graduation from an accredited four-year college or university with major coursework in Computer Science, Cybersecurity, Information Systems, or a related field.

Physical Demands:

Must possess mobility to work in a standard office setting and use standard office equipment, including a computer; to operate a motor vehicle and to visit various Commission sites; vision to read printed materials and a computer screen; and hearing and speech to communicate in person and over the telephone. This is primarily a sedentary office classification although standing in work areas and walking between work areas may be required. Finger dexterity is needed to access, enter, and retrieve data using a computer keyboard or calculator and to operate standard office equipment. Positions in this classification occasionally bend, stoop, kneel, reach, push, and pull drawers open and closed to retrieve and file information. Employees must possess the ability to lift, carry, push ,and pull materials and objects weighing up to 50 pounds.

Employees work in an office environment with moderate noise levels, controlled temperature conditions, and no direct exposure to hazardous physical substances.  Employees may interact with upset staff and/or public and private representatives in interpreting and enforcing departmental policies and procedures.