16232 North 28th Avenue

Phoenix Arizona 85053

Annual Salary Range: $75000 - $95000 Deepending on Experience

Grade: 24

This position will close Friday November28 2025

This position plays an essential role in protecting the confidentiality integrity and availability of State of Arizona information and systems. This position ensures that the appropriate security monitoring and analysis controls standards and procedures are properly configured and utilized to protect confidential information used by the State from known and unknown internal or external threats.

These threats include but are not limited to identity theft data loss data damage unauthorized access and cyber-attacks. This position defends the State against attacks which disrupt destroy or threaten the delivery of essential services for the State.

Conducts daily traffic analysis identifies and characterizes anomalous activity

Performs in-depth system and network forensics to identify and eradicate threats

T0023: Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources

Generates incident reports investigates suspicious network and system activity

T0164: Perform cyber defense trend analysis and reporting

T0290: Determine tactics techniques and procedures (TTPs) for intrusion sets

T0298: Reconstruct a malicious attack or activity based off network traffic

Proactively identifies threats to the enterprise initiates the distribution of enterprise wide alerts

T0043: Coordinate with enterprise-wide cyber defense staff to validate network alerts

T0258: Provide timely detection identification and alerting of possible attacks/intrusions anomalous activities and misuse activities and distinguish these incidents and events from benign activities

Monitors software patches security fixes and tests and validates modified systems

T0178: Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy

T0292: Recommend computing environment vulnerability corrections

Processes documents and coordinates resolution of cyber incidents with appropriate teams

T0332: Notify designated managers cyber incident responders and cybersecurity service provider team members of suspected cyber incidents and articulate the events history status and potential impact for further action in accordance with the organizations cyber incident response plan

Other duties as assigned as related to the position

Knowledge:

General working knowledge of information security technologies and best practices in the areas of risk assessment compliance and vulnerability management

K0001: Knowledge of computer networking concepts and protocols and network security methodologies

K0002: Knowledge of risk management processes

K0003: Knowledge of laws regulations policies and ethics as they relate to cybersecurity and privacy

K0005: Knowledge of cyber threats and vulnerabilities

K0006: Knowledge of specific operational impacts of cybersecurity lapses

K0013: Knowledge of cyber defense and vulnerability assessment tools and their capabilities

K0019: Knowledge of cryptography and cryptographic key management concepts

K0042: Knowledge of incident response and handling methodologies

K0046: Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions

K0049: Knowledge of information technology (IT) security principles and methods

K0058: Knowledge of network traffic analysis methods

K0059: Knowledge of new and emerging information technology (IT) and cybersecurity technologies

K0070: Knowledge of system and application security threats and vulnerabilities

K0106: Knowledge of what constitutes a network attack and a network attacks relationship to both threats and vulnerabilities

K0107: Knowledge of Insider Threat investigations reporting investigative tools and laws/regulations

K0110: Knowledge of adversarial tactics techniques and procedures

K0111: Knowledge of network tools

K0112: Knowledge of defense-in-depth principles and network security architecture

K0161: Knowledge of different classes of attack

K0162: Knowledge of cyber attackers

K0301: Knowledge of packet-level analysis using appropriate tools

K0324: Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications

K0342: Knowledge of penetration testing principles tools and techniques

K0177: Knowledge of cyber attack stages

Skills:

Excellent interpersonal written and oral communication skills

Collaboratively in teams and across organizations skills

Work balance prioritizing and multiple tasking skills

Develop and write technical documentation skills

Perform general security/audit functions skills

Troubleshooting and investigation skills

Strong customer service skills

Ability:

Responds promptly to customer needs; takes a customer-centric approach to problem solving; solicits customer feedback to improve service; responds to requests for service and assistance; meets commitments

Prioritizes and plans work activities; sets goals and objectives; uses time efficiently; communicates activities and results as appropriate

Focuses on solving conflict; maintains confidentiality; listens to others without interrupting; keeps emotions under control; remains open to others ideas and tries new things

A0010: Ability to analyze malware

A0015: Ability to conduct vulnerability scans and recognize vulnerabilities in security systems

A0066: Ability to accurately and completely source all data used in intelligence assessment and/or planning products

A0123: Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality integrity availability authentication non-repudiation)

A0128: Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies

A0159: Ability to interpret the information collected by network tools

Bachelors degree plus 3 or more years of experience in Information Security Analysis (or equivalent experience)

Experience working within a Information Security Operations Center Security Certification

Employees who drive on state business are subject to driver license record checks required to maintain acceptable driving records and complete any required driver training (see Arizona Administrative Code R.11)

Requires possession of and ability to retain a current valid state-issued driver license appropriate to the assignment

Proof of U.S. Citizenship Required

If this position requires driving or the use of a vehicle as an essential function of the job to conduct State business then the following requirements apply:Drivers License Requirements.

The State of Arizona offers a comprehensive benefits package to include:

Optional employee benefits include short-term disability insurance deferred compensation plans and supplemental life insurance

Life insurance and long-term disability insurance

Vacation with 10 paid holidays per year

Health and dental insurance

Retirement plan

Sick leave

Learn more about the Paid Parental Leave pilot programhere. For a complete list of benefits provided by The State of Arizona please visit our benefits page

Positions in this classification participate in the Arizona State Retirement System (ASRS)

Please note enrollment eligibility will become effective after 27 weeks of employment

If you have any questions please feel free to contact Alexis Pagel at for assistance