Senior Cybersecurity & Fraud Engineer

Job Description and Duties

THIS IS A RE-ADVERTISEMENT, IF YOU PREVIOUSLY APPLIED, YOU DO NOT HAVE TO RE-APPLY.

THIS POSITION MAY BE ELIGIBLE FOR A HYBRID WORK SCHEDULE. THE AMOUNT OF TELEWORK IS AT THE DISCRETION OF THE DEPARTMENT AND IS SUBJECT TO CHANGE AS BUSINESS NEEDS ARISE.

The Employment Development Department (EDD) Information Technology Cybersecurity Division is seeking technical Senior Cybersecurity and Fraud Engineers to support the Cybersecurity Operations and Fraud Group. This senior technical role focuses on advanced cybersecurity engineering to protect enterprise systems and networks, detect fraud, and strengthen EDD's security posture. Responsibilities include designing and implementing cybersecurity architecture across Linux infrastructure and enterprise networks, administering Linux based cybersecurity systems, and deploying enterprise security platforms such as Security Information and Event Management (SIEM) and related monitoring technologies. The role includes implementing security controls and building detection, threat hunting, prevention, and response capabilities to support threat monitoring, fraud detection, and security operations. Additional duties include performing security risk assessments, vulnerability analysis, and technical audits, supporting incident response, cybersecurity investigations, forensic analysis, threat hunting, and developing technical architecture and operational documentation. The position also provides technical leadership and mentoring to engineering staff and serves as a technical lead on cybersecurity and fraud related initiatives. Candidates must demonstrate strong technical expertise in enterprise Linux environments, enterprise network infrastructure, cybersecurity engineering, security operations technologies, and threat detection, along with the ability to guide technical teams and communicate complex technical concepts effectively.

Senior Cybersecurity and Fraud Engineer Responsibilities:

• Architect, design, engineer, deploy, administer, and maintain secure Linux based cybersecurity infrastructure across enterprise networks supporting the Cybersecurity Operations and Fraud Group.
• Engineer and maintain enterprise security telemetry pipelines, including SIEM log source integration and ingestion from critical Linux, Windows, and network systems to ensure enterprise wide security visibility.
• Develop and implement monitoring, alerting, detection engineering, and threat hunting capabilities across Linux systems and enterprise networks.
• Perform advanced security engineering, including encryption implementation, authentication systems, certificate lifecycle management, and access control architecture.
• Conduct ongoing security assessments of Linux infrastructure and enterprise network systems, including system hardening, vulnerability remediation, and patch management.
• Develop automation and scripting solutions to support security operations, infrastructure management, and log ingestion pipelines.
• Collaborate with technical enterprise engineering teams to ensure Linux systems, enterprise networks, and security platforms align with organizational cybersecurity and fraud detection objectives.
• Ensure cybersecurity systems and controls comply with federal, state, and industry cybersecurity and fraud prevention requirements.

This position may be eligible for a hybrid work schedule. The amount of telework is at the discretion of the Department and is subject to change as business needs arise. Employees are required to report to their headquarters office on their assigned in-office days. Travel expenses to and from the assigned headquarters are the responsibility of the employee.

Position is located at EDD's new headquarters office at 1416 9th Street, Sacramento, California.

Benefits of working at this location include:

• Close to major freeways, light rail, and transit stops
• Enclosed bicycle parking
• Close to downtown shopping and restaurants
• Close to the Golden 1 Center and Sutter Health Park

Effective July 1, 2025, specific Bargaining Units and associated Excluded State employees are subject to a salary reduction between 2% - 4.62% in exchange for hours in the Personal Leave Program 2025 (PLP 2025) per month. For more details, please click  here to visit the California Department of Human Resources (CalHR) website.

You will find additional information about the job in the .

Working Conditions

Visa Sponsorship
This position is not eligible for visa sponsorship. Applicants must be authorized to work in the US without the need for visa sponsorship by the start date of employment.

This position is headquartered at the New Labor Agency Building (NLAB), a newly remodeled high-rise building. Located in the heart of Downtown Sacramento and in close proximity of the State Capitol and the Golden1 Center, this beautiful and modern building provides the following amenities: Break areas, wellness/lactation rooms, coffee points, a fitness center with private showers, a Career Center for EDD Employees, a micro market, building-wide WiFi, an outdoor terrace, bike storage, nearby public transit options, and much more.

Apply today for the opportunity to work in this state-of-the-art building!

Typical Office Environment

Special Requirements

It is strongly encouraged to apply through your CalCareer Account at .

Please only submit ONE application.  Electronic applications submitted through your CalCareer Account are highly recommended and will be received/processed faster than other methods of filing.

If you are unable to apply electronically through your CalCareer account, please mail a completed and signed State Examination/Employment Application STD Form 678 and application package to the mailing address provided in the “Application Instructions’ section below and ensure the following:

• Clearly indicate the Job Code #, Position Number and the Classification Title of this position in the “Examination or Job Title(s) For Which You Are Applying” section located on Page 3 of your State Examination/Employment STD Form 678.
• Clearly indicate the basis of your eligibility (list, transfer, reinstatement, etc.) in the “Explanations” section located on Page 3 of your State Examination/Employment Application STD Form 678.
• Remove and do not submit the “Equal Employment Opportunity” questionnaire (Page 10) with your completed State Examination/Employment Application STD Form 678.  This page is for examination use only.
• Do not include your full Social Security Number on your documents and/or do not provide any LEAP information.

Examination/Assessment

To apply for this position, you must obtain list eligibility by taking and passing the examination. If you already have list eligibility for this classification, you do not need to retake the examination unless your list eligibility has expired.

Click the examination link below for more information and to take the exam:

Information Technology Specialist II Bulletin

For more information about the State hiring process,  click here . To watch tutorials on how to apply for a State job,  click here .

Desirable Qualifications

In addition to evaluating each candidate's relative ability, as demonstrated by quality and breadth of experience, the following factors will provide the basis for competitively evaluating each candidate:

• Strong technical experience administering and securing enterprise Linux and Windows Server environments, with emphasis on Linux based cybersecurity systems
• Strong technical knowledge of enterprise network architecture and security technologies, including firewalls, proxies, authentication systems, and secure network protocols
• Experience deploying and administering Security Information and Event Management (SIEM) or enterprise logging platforms, including developing technical queries, dashboards, alerts, and reports
• Experience designing or operating distributed event streaming or message queue pipelines to ingest, buffer, and stream high volume security audit logs into cloud based analytics, monitoring, or SIEM platforms
• Experience supporting complex enterprise cybersecurity or infrastructure engineering projects, including systems operating in Linux based enterprise environments
• Strong technical experience with enterprise IT infrastructure, including Linux servers, virtualization platforms, enterprise networks, and cloud environments (SaaS, PaaS, or IaaS)
• Experience implementing and operating technical security platforms on Linux systems, such as EDR/XDR, IDS/IPS, vulnerability management, or enterprise monitoring solutions
• Experience performing technical incident response, threat hunting, cybersecurity investigations, or forensic analysis, including analysis of Linux system and network telemetry
• Experience implementing technical security controls aligned with recognized frameworks such as NIST Cybersecurity Framework, NIST 800-53, or CIS Critical Security Controls
• Experience developing automation, scripting, or coding solutions in Linux environments to support infrastructure management and security operations
• Experience producing technical documentation, including architecture diagrams, system designs, and operational procedures
• Strong analytical ability to analyze complex Linux systems, enterprise networks, and security events and develop effective technical solutions
• Ability to work independently and collaboratively in technical engineering environments and communicate complex technical concepts clearly
• Bachelor's or Master's degree in Cybersecurity, Computer Science, Computer Engineering, Software Engineering, Information Security, Information Systems, Digital Forensics, Network Engineering, Systems Engineering, or Data Science, or equivalent technical experience
• Relevant technical or cybersecurity certifications, particularly those related to Linux systems, enterprise networking, cloud platforms, cybersecurity engineering, threat detection, or security operations

Benefits

Benefit information can be found on the CalHR website,  , and the CalPERS website,  .

Statement of Qualifications Requirements

A Statement of Qualifications (SOQ) is Required.  The SOQ will be considered the first phase of the hiring process for this position. If your qualifications are competitive, you may be invited to an interview. The SOQ should be typed and not more than one page in length for each question, not less than 12 point font, single-spaced, with margins not less than one inch, including your first and last name at the top of the page.

Please restate the questions with your response.

We ask that you not use Artificial Intelligence assistance when composing your written response. Written responses are an attempt to assess and gain an understanding of your personal writing and communication skills and abilities.”

1. Describe a recent enterprise cybersecurity engineering project where you designed, implemented, or administered Linux based cybersecurity systems and enterprise network security controls. Identify the environment, Linux platforms, network technologies, and security tools involved. Explain the security controls implemented, key technical decisions made, and the measurable security outcomes. Clearly describe your personal engineering responsibilities.
2. Describe your experience administering and securing enterprise Linux systems used for cybersecurity operations. Include specific examples of system hardening, configuration or patch management, logging and telemetry collection, and cybersecurity tools deployed on Linux. Explain the technical configurations implemented and how they improved system security or visibility.
3. Describe a cybersecurity incident response or threat hunting investigation you personally worked on in an enterprise environment. Identify the security platforms used, system or network telemetry analyzed, investigation steps performed, and detections or controls developed. Explain your technical role and the outcome of the investigation.

Résumés and/or cover letters DO NOT take the place of the SOQ. Applications received without a SOQ or SOQs that do not include a response to the statement above may not receive further consideration and may be excluded from the hiring process.

Required Application Package Documents

The following items are required to be submitted with your application. Applicants who do not submit the required items timely may not be considered for this job:

• Current version of the State Examination/Employment Application STD Form 678 (when not applying electronically), or the Electronic State Employment Application through your Applicant Account at All Experience and Education relating to the Minimum Qualifications listed on the Classification Specification should be included to demonstrate how you meet the Minimum Qualifications for the position.
• Resume is required and must be included.
• School Transcripts
• Statement of Qualifications -
  A Statement of Qualifications (SOQ) is Required.  Please see “Statement of Qualifications Requirements” section for more information about the SOQ.