Outdoors, Mountain, Nature, Person, Painting, Valley, Landscape, Scenery, Panoramic, Canyon

Apply Now

Not You?

Thank you


  • 511628
  • Full-time


The Arizona Department of Homeland Security was established in 2006 by the Arizona State Legislature to support the mission of providing strategic direction and access to federal homeland security grant program resources that will further enable the stakeholders' collective goals to prevent, protect, mitigate, respond to and recover from terrorist attacks and other critical hazards that affect the safety, well-being and economic security of Arizona.


Job Location:

1700 West Washington Suite 210

Phoenix, Arizona 85007  

Posting Details:

Annual Salary Range: $80,000 - $89,000

Grade: 24

This position will remain open until filled

Job Summary:

The Senior Information Security Analyst plays an essential role in protecting the confidentiality, integrity and availability of State of Arizona information and systems.

This position ensures that the appropriate security monitoring and analysis controls, standards and procedures are properly configured and utilized, to protect confidential information used by the State from known and unknown internal or external threats.

This position defends the State against attacks which disrupt, destroy, or threaten the delivery of essential services for the State.

These threats include, but are not limited to, identity theft, data loss, data damage, unauthorized access and cyber-attacks.

Job Duties:

• Conducts daily traffic analysis, identifies and characterizes anomalous activity and performs in-depth system and network forensics to identify and eradicate threats - 

T0023: Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
T0166: Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
T0198: Provide daily summary reports of network events and activity relevant to cyber defense practices.
T0214: Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
T0259: Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
T0260: Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
T0293: Identify and analyze anomalies in network traffic using metadata.

• Generates incident reports, investigates suspicious network and system activity -
T0164: Perform cyber defense trend analysis and reporting.
T0290: Determine tactics, techniques, and procedures (TTPs) for intrusion sets.
T0298: Reconstruct a malicious attack or activity based off network traffic.

• Proactively identifies threats to the enterprise, initiates the distribution of enterprise wide alerts -
T0043: Coordinate with enterprise-wide cyber defense staff to validate network alerts.
T0258: Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
T0310: Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
T0503: Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.

• Monitors software patches, security fixes, and tests and validates modified systems -
T0178: Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
T0292: Recommend computing environment vulnerability corrections.
T0469: Analyze and report organizational security posture trends.
T0470: Analyze and report system security posture trends.

• Processes, documents, and coordinates resolution of cyber incidents with appropriate teams -
T0332: Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.
T0504: Assess and monitor cybersecurity related to system implementation and testing practices.
T0545: Work with stakeholders to resolve computer security incidents and vulnerability compliance.

• Other duties as assigned as related to the position.

Knowledge, Skills & Abilities (KSAs):


• General working knowledge of information security technologies and best practices in the areas of risk assessment, compliance and vulnerability management

• K0001: Knowledge of computer networking concepts and protocols, and network security methodologies

• K0002: Knowledge of risk management processes

• K0003: Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy

• K0005: Knowledge of cyber threats and vulnerabilities

• K0006: Knowledge of specific operational impacts of cybersecurity lapses

• K0013: Knowledge of cyber defense and vulnerability assessment tools and their capabilities

• K0019: Knowledge of cryptography and cryptographic key management concepts

• K0042: Knowledge of incident response and handling methodologies

• K0046: Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions

• K0049: Knowledge of information technology (IT) security principles and methods

• K0058: Knowledge of network traffic analysis methods

• K0059: Knowledge of new and emerging information technology (IT) and cybersecurity technologies

• K0070: Knowledge of system and application security threats and vulnerabilities

• K0106: Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities

• K0107: Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations

• K0110: Knowledge of adversarial tactics, techniques, and procedures

• K0111: Knowledge of network tools

• K0112: Knowledge of defense-in-depth principles and network security architecture

• K0161: Knowledge of different classes of attacks

• K0162: Knowledge of cyber attackers

• K0301: Knowledge of packet-level analysis using appropriate tools

• K0324: Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications

• K0342: Knowledge of penetration testing principles, tools, and techniques

• K0177: Knowledge of cyber attack stages


• Excellent interpersonal, written and oral communication skills

• Collaboratively in teams and across organizations skills

• Work balance, prioritizing and multiple tasking skills

• Develop and write technical documentation skills

• Perform general security/audit functions skills


• Responds promptly to customer needs; takes a customer-centric approach to problem solving; solicits customer feedback to improve service; responds to requests for service and assistance; meets commitments

• Focuses on solving conflict; maintains confidentiality; listens to others without interrupting; keeps emotions under control; remains open to others' ideas and tries new things

• Prioritizes and plans work activities; sets goals and objectives; uses time efficiently; communicates activities and results as appropriate

• A0010: Ability to analyze malware

• A0015: Ability to conduct vulnerability scans and recognize vulnerabilities in security systems

• A0066: Ability to accurately and completely source all data used in intelligence, assessment and/or planning products

• A0123: Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

• A0128: Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies

• A0159: Ability to interpret the information collected by network tools

Selective Preference(s):

• Bachelor’s degree plus 3 or more years of experience in Information Security Analysis (or equivalent experience)

• Experience working within an Information Security Operations Center

• Security+ Certification

Pre-Employment Requirements:

• Required to drive on State business; must possess a valid Arizona driver's license


The State of Arizona offers a comprehensive benefits package to include:

• Optional employee benefits include short-term disability insurance, deferred compensation plans, and supplemental life insurance

• Life insurance and long-term disability insurance

• Vacation with 10 paid holidays per year

• Health and dental insurance

• Retirement plan

• Sick leave

For a complete list of benefits provided by The State of Arizona, please visit our benefits page


• Positions in this classification participate in the Arizona State Retirement System (ASRS)

• Please note that enrollment eligibility will become effective after 27 weeks of employment

Contact Us:

• If you have any questions please feel free to contact Ariel Gonzalez at agonzalez@az.gov for assistance


All Arizona state employees operate within the Arizona Management System (AMS), an intentional, results-driven approach for doing the work of state government whereby every employee reflects on performance, reduces waste, and commits to continuous improvement with sustainable progress.  Through AMS, every state employee seeks to understand customer needs, identify problems, improve processes, and measure results.  
State employees are highly engaged, collaborative and embrace a culture of public service.

The State of Arizona is an Equal Employment Opportunity Employer.