ARIZONA DEPARTMENT OF HOMELAND SECURITY

16232 North 28th Avenue

Phoenix, Arizona 85053

Annual Salary Range: $75,000 - $95,000 Deepending on Experience

Grade: 24

This position will close Friday November28, 2025  

This position plays an essential role in protecting the confidentiality, integrity and availability of State of Arizona information and systems. This position ensures that the appropriate security monitoring and analysis controls, standards and procedures are properly configured and utilized, to protect confidential information used by the State from known and unknown internal or external threats.

These threats include, but are not limited to, identity theft, data loss, data damage, unauthorized access and cyber-attacks. This position defends the State against attacks which disrupt, destroy, or threaten the delivery of essential services for the State.

• Conducts daily traffic analysis, identifies and characterizes anomalous activity

• Performs in-depth system and network forensics to identify and eradicate threats

• T0023: Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources

• Generates incident reports, investigates suspicious network and system activity

• T0164: Perform cyber defense trend analysis and reporting

• T0290: Determine tactics, techniques, and procedures (TTPs) for intrusion sets

• T0298: Reconstruct a malicious attack or activity based off network traffic

• Proactively identifies threats to the enterprise, initiates the distribution of enterprise wide alerts

• T0043: Coordinate with enterprise-wide cyber defense staff to validate network alerts

• T0258: Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities

• Monitors software patches, security fixes, and tests and validates modified systems

• T0178: Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy

• T0292: Recommend computing environment vulnerability corrections

• Processes, documents, and coordinates resolution of cyber incidents with appropriate teams

• T0332: Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan

• Other duties as assigned as related to the position

Knowledge:

• General working knowledge of information security technologies and best practices in the areas of risk assessment, compliance and vulnerability management

• K0001: Knowledge of computer networking concepts and protocols, and network security methodologies

• K0002: Knowledge of risk management processes

• K0003: Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy

• K0005: Knowledge of cyber threats and vulnerabilities

• K0006: Knowledge of specific operational impacts of cybersecurity lapses

• K0013: Knowledge of cyber defense and vulnerability assessment tools and their capabilities

• K0019: Knowledge of cryptography and cryptographic key management concepts

• K0042: Knowledge of incident response and handling methodologies

• K0046: Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions

• K0049: Knowledge of information technology (IT) security principles and methods

• K0058: Knowledge of network traffic analysis methods

• K0059: Knowledge of new and emerging information technology (IT) and cybersecurity technologies

• K0070: Knowledge of system and application security threats and vulnerabilities

• K0106: Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities

• K0107: Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations

• K0110: Knowledge of adversarial tactics, techniques, and procedures

• K0111: Knowledge of network tools

• K0112: Knowledge of defense-in-depth principles and network security architecture

• K0161: Knowledge of different classes of attack

• K0162: Knowledge of cyber attackers

• K0301: Knowledge of packet-level analysis using appropriate tools

• K0324: Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications

• K0342: Knowledge of penetration testing principles, tools, and techniques

• K0177: Knowledge of cyber attack stages

Skills:

• Excellent interpersonal, written and oral communication skills

• Collaboratively in teams and across organizations skills

• Work balance, prioritizing and multiple tasking skills

• Develop and write technical documentation skills

• Perform general security/audit functions skills

• Troubleshooting and investigation skills

• Strong customer service skills

Ability:

• Responds promptly to customer needs; takes a customer-centric approach to problem solving; solicits customer feedback to improve service; responds to requests for service and assistance; meets commitments 

• Prioritizes and plans work activities; sets goals and objectives; uses time efficiently; communicates activities and results as appropriate

• Focuses on solving conflict; maintains confidentiality; listens to others without interrupting; keeps emotions under control; remains open to others' ideas and tries new things

• A0010: Ability to analyze malware

• A0015: Ability to conduct vulnerability scans and recognize vulnerabilities in security systems

• A0066: Ability to accurately and completely source all data used in intelligence, assessment and/or planning products

• A0123: Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

• A0128: Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies

• A0159: Ability to interpret the information collected by network tools

• Bachelor’s degree plus 3 or more years of experience in Information Security Analysis (or equivalent experience)

• Experience working within a Information Security Operations Center Security+ Certification

• Employees who drive on state business are subject to driver license record checks, required to maintain acceptable driving records and complete any required driver training (see Arizona Administrative Code R2-10-207.11)

• Requires possession of and ability to retain a current, valid state-issued driver license appropriate to the assignment

• Proof of U.S. Citizenship Required

If this position requires driving or the use of a vehicle as an essential function of the job to conduct State business, then the following requirements apply: Driver’s License Requirements.

The State of Arizona offers a comprehensive benefits package to include:

• Optional employee benefits include short-term disability insurance, deferred compensation plans, and supplemental life insurance

• Life insurance and long-term disability insurance

• Vacation with 10 paid holidays per year

• Health and dental insurance

• Retirement plan

• Sick leave

Learn more about the Paid Parental Leave pilot program here. For a complete list of benefits provided by The State of Arizona, please visit our benefits page

• Positions in this classification participate in the Arizona State Retirement System (ASRS)

• Please note, enrollment eligibility will become effective after 27 weeks of employment

• If you have any questions please feel free to contact Alexis Pagel at apagel@azdohs.gov for assistance