Job description

Posting Close Date: Applicants must submit their completed application by 11-03-2025 at 11:59 p.m. MST Application and Special Instructions As part of the online application process, all applicants are required to submit both an updated resume and cover letter at the time of application. Resumes and cover letters received after the application closing date will not be considered. Applications received that do not contain a resume and a cover letter with responses to the required questions listed below will be considered incomplete and will not be considered further in this recruitment process. In your cover letter, please ensure to include responses to the following: 1. Describe a time you engineered or significantly enhanced detections in a SIEM (e.g., Splunk, Falcon LogScale) to align with an evolving threat landscape. Explain how you identified the detection gap, designed the rule or correlation logic, and validated its performance. Include any data sources, frameworks (e.g., MITRE ATT&CK), or tuning techniques involved. 2. Walk us through a situation where you applied a security framework (e.g., CIS Benchmarks, NIST CSF, or Zero Trust principles) to harden a complex environment such as hybrid cloud, OT/ICS, or segmented networks. What constraints did you face (e.g., uptime, vendor lock-in, legacy systems), and how did you measure control effectiveness? 3. Detail an automation you developed or integrated to enhance security operations (e.g., threat detection, incident response, or vulnerability management). Describe the full workflow—including logic, language/tooling, triggers, and outcome—and how it improved scalability or reduced analyst workload. The City of Tucson does not provide VISA sponsorship. Candidates must be legally authorized to work in the United States at the time of application and throughout the duration of employment. Relocation expenses will not be provided for this position. Candidates are responsible for all costs associated with relocating to the Tucson area, if applicable. This position is on-site. Remote or hybrid work options are not available at this time, as regular in-person collaboration and presence are essential to support departmental operations and team needs. **Save the date: Interviews will be conducted virtually on November 13th, 2025 and November 14th, 2025 (if needed). Recruiter contact information: If you have any questions, please contact Liliana Almeraz at (520 )837-4303 or Liliana.Almeraz@tucsonaz.gov. ABOUT THIS JOB The Cybersecurity Administrator position at the City of Tucson’s Information Technology Department is responsible for implementing, and optimizing cybersecurity solutions to protect the City’s infrastructure- including cyber-physical systems and operational environments. This role supports strategic initiatives by deploying and tuning tools and developing automation to enhance detection and response. Worked is performed under the supervision of the Information Technology Manager. This position does not supervise. Implements cybersecurity solutions that protect enterprise Information Technology (IT) and Operational Technology (OT) environments, including Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS). Implements and maintains tools such as Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), vulnerability management platforms, email security, and cloud-native solutions. Collaborates with cross-functional teams to embed security into technology projects and deployments. Supports cloud migrations by reviewing architecture and offering secure configuration guidance. Develops threat detection capabilities by creating custom correlation rules, dashboards, and alerts. Optimizes incident response by identifying patterns and gaps. Automates security workflows to streamline operations and reduce response times. Conducts technical investigations using log correlation, forensic analysis, and root cause identification. Responds to cybersecurity incidents in real time. Coordinates remediation efforts with IT and operations teams to restore services and prevent recurrence. Monitors systems continuously using security tools and telemetry data. Identifies misconfigurations, vulnerabilities, and signs of malicious activity. Prioritizes risks based on severity and impact. Recommends remediation actions using current threat intelligence. Provides education and technical advice for securing systems and field devices, including servers, workstations, mobile devices, and OT assets. Aligns system settings with Center for Internet Security (CIS) Benchmarks, National Institute of Standards and Technology (NIST) guidelines, and City policy. Implements technical controls based on Zero Trust architecture and the NIST Cybersecurity Framework (CSF). Maintains secure access, data protection, segmentation, and endpoint visibility to enhance resilience and meet regulatory requirements. Develops security documentation such as configuration guides, standard procedures, and internal knowledge base articles. Maintains documentation to support consistent operations, training, and audit readiness. Performs all other duties and tasks as assigned. All duties and responsibilities listed are subject to change. MINIMUM QUALIFICATIONS Education: Bachelor’s Degree Experience: Three (3) years of directly related experience Any combination of relevant education and experience may be substituted on a year-for-year basis. Preferred Qualifications: Degree in Cybersecurity, Information Technology, Computer Science, or a related field. GIAC certifications, such as: GCIH – GIAC Certified Incident Handler GSEC – GIAC Security Essentials Certification GSTRT – GIAC Security Threat Intelligence (ISC)² certifications, such as: CISSP – Certified Information Systems Security Professional SSCP – Systems Security Certified Practitioner CompTIA certifications, such as: Security+ CySA+ – Cybersecurity Analyst Equivalent certifications from other recognized industry organizations Experience in Endpoint detection and response (EDR) platforms such as CrowdStrike Falcon, Carbon Black, and Microsoft Defender XDR, including investigation and response workflows. SIEM administration and detection engineering using tools such as Splunk and Falcon LogScale, including use of regex, dashboard development, and alert tuning. Security automation and scripting, including PowerShell, Python, Bash, and regex, for threat detection, remediation workflows, and data parsing. Network and forensic analysis tools, such as Wireshark, NetScout, and capabilities in network, memory, and endpoint forensics. Cloud administration and security across platforms such as Google Cloud Platform (GCP), Google Workspace, and Azure, including IAM integration and security control implementation. Firewall administration (e.g., Palo Alto), Cisco CLI, and virtualization technologies. Various operating systems including Windows Server 2016/2019, Windows 7–11, macOS, and Linux distributions using CIS benchmarks and secure baselines. Email and threat protection systems such as Proofpoint TAP/TRAP and cloud-native defense Collaboration, problem-solving, and continuous learning mindset with ability to work across teams and adapt to evolving threats. If you possess any of the preferred qualifications listed above, and wish to receive consideration for the experience the information must be verifiable in your resume and cover letter. POSITION DETAILS Job Profile J0771 - Security Administrator To view the full job profile including classification specifications and physical demands click https://www.tucsonaz.gov/Departments/Human-Resources/Tucson-Talent. Compensation Grade G110 Hourly Range $35.37 - 53.05 USD The City of Tucson considers several factors when extending an offer, including but not limited to, the role and associated responsibilities, a candidate's work experience, education/training, key skills, and internal equity. FLSA Exempt Position Type Regular Time Type Full time Department Information Technology Department Link No Website Background Check: This position has been designated to require a criminal background check. The City of Tucson is a Second Chance Employer. ABOUT US Benefits: The City of Tucson offers a generous benefits package for benefit-eligible positions. The comprehensive, flexible, and affordable coverage is designed to optimize health and well-being, security and future, and peace of mind. Benefits begin with medical, dental, vision, life, disability, and FSA coverage, surpassing your standard 401(k) program by offering a rich pension plan plus optional Roth and pretax deferred compensation savings. With your well-being in mind, our paid time off program provides new hires with 38 paid days off in the first year of employment, with time off increasing steadily in subsequent years. We offer twelve weeks of paid parental leave, paid tuition reimbursement, student loan repayment, off- and on-the-job training, and opportunities to forge connections with peers and the community through employee resource groups and paid volunteer hours. You can learn more about our benefits at https://www.tucsonaz.gov/Departments/Human-Resources/Employee-Benefit-Snapshot. Citizenship: The City of Tucson employs only U.S. Citizens and lawfully authorized non-U.S. Citizens. All new employees must show employment eligibility verification as required by the U.S. Citizenship and Immigration Status. The City of Tucson does not offer visa sponsorship. City of Tucson is an Equal Opportunity/Affirmative Action/Veterans/Disability Employer and does not discriminate based on race, color, religion, sex (including sexual orientation, gender identity, and pregnancy), national origin, veteran status, age, disability, genetic testing, or any other protected status. If you believe you have been a victim of discrimination, you may file a complaint with the City of Tucson's Office of Equal Opportunity Programs, U.S. Equal Employment Opportunity Commission (EEOC) or Arizona Attorney General's Office of the Civil Rights Division (ACRD). Click for more information from ACRD about employment discrimination and how to file a complaint with ACRD The City of Tucson is committed to providing access and reasonable accommodation for individuals with disabilities or who require religious accommodation; please contact Human Resources at EmployeeLeaves@tucsonaz.gov or 520-791-2619. Recruiter Name Liliana Almeraz (99363) Recruiter Email ccs_hr@tucsonaz.gov For Human Resources general questions please contact 520-791-4241. City Organization The City of Tucson, founded in 1775 and incorporated in 1877, is a City Manager-led Mayor and Council government organization comprised of over 5,000 dedicated employees. Tucson Community The City of Tucson is recognized as a Top 20 “Best City in America” by Resonance Consultancy. Tucson, Arizona, is a thriving center for bioscience, aerospace/defense, optics, mining, and logistics. With a city population of more than 540,000 and a regional population of more than 1 million, Tucson has 330-plus days of sunshine a year and is surrounded by majestic mountain ranges. A small-town feel with big-city amenities complements its natural beauty. You can learn more about Tucson, Arizona, at Visit Tucson, Arizona. For system related questions please contact recruitment@tucsonaz.gov. For general Human Resources questions please contact 520-791-4241.

Requirements