Cyber Threat Analyst II (PHOENIX, AZ, US, 85004-3903)
Our present and future success depends on the creative and dedicated people of our company who demonstrate the principles outlined in the APS Promise: Design for Tomorrow, Empower Each Other and Succeed Together.
Summary
We are looking for a Cyber Threat Analyst II. This role is responsible for protecting the confidentiality, availability, and integrity of company data and ensuring the reliability of the Bulk Electric System by detecting, responding to, and containing cyber security threats. The Cyber Threat Analyst II helps safeguard the technology that keeps energy flowing to Arizona communities.
What your day would be like
• Monitor security activity, follow established procedures, and respond to potential cyber threats.
• Escalate alerts to senior analysts to support coordinated incident response.
• Maintain run‑books, documentation, and procedures to keep information accurate and current.
• Review system logs and threat intelligence to identify indicators of compromise.
• Report vulnerabilities and contribute suggestions for improving protections.
• Participate in training, exercises, and lab research to strengthen tools and processes.
• Support data collection for reporting, metrics, and compliance activities.
Who we’re looking for
• Foundational knowledge of cyber security principles and system monitoring.
• Strong analytical thinking, curiosity, and problem‑solving skills.
• Clear communication and a collaborative approach to working with partners.
• A growth mindset and commitment to continual learning.
• Alignment with the APS Promise—designing for tomorrow, empowering others, and succeeding together.
Minimum Requirements
• Bachelors degree in Information Technology or related field and two (2) years of prior relevant experience or equivalent combination of education and directly related experience.
Preferred Special Skills, Knowledge or Qualifications:
• Demonstrated knowledge of enterprise networks, security architectures, and defensive strategies including security log configuration and monitoring; analysis of TCP/UDP traffic such as Netflow, DNS, and packet captures (PCAP); firewall, IDS, and proxy technologies; anti-malware prevention; analysis of current threats, vulnerabilities, and attack trends.
• Proficiency in Windows and Linux system administration, database technologies, network security, and digital forensic & incident response (DFIR) investigation techniques and tools.
• Experience deploying and configuring Security Information Event Management (SIEM) technology such as Splunk, Kibana, McAfee Nitro, IBM QRadar, LogRhythm, or comparable.
• Experience deploying and configuring Endpoint Detection and Response (EDR) technology such as Carbon Black, CrowdStrike, FireEye, CyberReason, or comparable.
• Familiarity with endpoint telemetry technology such as Sysmon, OSSec, and OSQuery
• Familiarity with cyber security operations within cloud environments such as Microsoft Azure or Amazon AWS
• Skill in cyber security research, planning and implementation of technology and techniques to protect Company networks and data; Familiarity with PowerShell and Python scripting languages to assist in automating routine tasks and enrichment of threat intelligence data.
• Basic knowledge of electrical industrial control systems (ICS) and related ICS/SCADA communication protocols is desired.
• Preferred Certifications: COMPTIA (Security+, CySA+); EC-COUNCIL (CND, CEH, ECSA); SANS/GIAC (GSEC, GCIH, GPPA, GISF, GISP); CISCO (CCNA CyberOps).
Major Accountabilities
1) Executes security controls, defenses, and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, and web-based systems.
2) Handles escalated alerts and/or successful compromises to support incident response investigations.
3) Assists in remediating cyber security incidents as assigned.
4) Identifies and corrects detected information system vulnerabilities.
5) Participates in cyber security incident response trainings and exercises.
6) Provides information to management regarding the negative impact on the business caused by data theft, destruction, alteration or denial of service to information and systems.
7) Assists leaders in processing and disseminating information from threat intelligence sources.
8) Supports system processes to help identify and select cyber security tools and platforms.
9) Assists in documenting exception reports, audit/review reports, technical/process recommendations, reporting of security statistics/metrics, technical standards, procedures, and guidelines.
10) Develops and delivers trainings to support managed security service provider (MSSP) contractors.
11) May help train and assist entry level employees
Key Level Differentiators:
- Works to achieve operational targets which has some impact on the overall achievement of results for the department.
- Works to achieve operational targets within Cyber Security area with direct impact on department results
- Work is of limited scope, typically on smaller, less complex projects/ assignments.
- Analyzes standard to moderately complex technical problems and solves them using judgment and prior experience.
- Under limited supervision, implements or supports projects/assignments.
- Conducts research and analysis to solve cyber security moderately complex attacks and related problems.
- Decision making has limited impact on department.
CIP Requirement:
This position requires Critical Infrastructure Protection (CIP) access consistent with North American Electric Reliability Corporation (NERC) standards. The applicant considered for this role will be required to obtain and maintain CIP access for the duration of employment in this position. A full seven (7) year criminal history will be obtained through the pre-employment background check process (or, for current employees, through supplemental background check process) to fulfill the CIP access requirements. In addition, this position requires an additional background check every seven years to maintain access.
Home based: Home based employees primarily work from their home offices and come into an APS facility on an as-needed basis.
• Employees are expected to reside in Arizona (or New Mexico for Four Corners-based employees).
• Working from a home office requires adequate technology and an appropriate ergonomic set up.
• Role types are subject to change based on business need.
Apply Now
Apply Now
Summary
We are looking for a Cyber Threat Analyst II. This role is responsible for protecting the confidentiality, availability, and integrity of company data and ensuring the reliability of the Bulk Electric System by detecting, responding to, and containing cyber security threats. The Cyber Threat Analyst II helps safeguard the technology that keeps energy flowing to Arizona communities.
What your day would be like
• Monitor security activity, follow established procedures, and respond to potential cyber threats.
• Escalate alerts to senior analysts to support coordinated incident response.
• Maintain run‑books, documentation, and procedures to keep information accurate and current.
• Review system logs and threat intelligence to identify indicators of compromise.
• Report vulnerabilities and contribute suggestions for improving protections.
• Participate in training, exercises, and lab research to strengthen tools and processes.
• Support data collection for reporting, metrics, and compliance activities.
Who we’re looking for
• Foundational knowledge of cyber security principles and system monitoring.
• Strong analytical thinking, curiosity, and problem‑solving skills.
• Clear communication and a collaborative approach to working with partners.
• A growth mindset and commitment to continual learning.
• Alignment with the APS Promise—designing for tomorrow, empowering others, and succeeding together.
Minimum Requirements
• Bachelors degree in Information Technology or related field and two (2) years of prior relevant experience or equivalent combination of education and directly related experience.
Preferred Special Skills, Knowledge or Qualifications:
• Demonstrated knowledge of enterprise networks, security architectures, and defensive strategies including security log configuration and monitoring; analysis of TCP/UDP traffic such as Netflow, DNS, and packet captures (PCAP); firewall, IDS, and proxy technologies; anti-malware prevention; analysis of current threats, vulnerabilities, and attack trends.
• Proficiency in Windows and Linux system administration, database technologies, network security, and digital forensic & incident response (DFIR) investigation techniques and tools.
• Experience deploying and configuring Security Information Event Management (SIEM) technology such as Splunk, Kibana, McAfee Nitro, IBM QRadar, LogRhythm, or comparable.
• Experience deploying and configuring Endpoint Detection and Response (EDR) technology such as Carbon Black, CrowdStrike, FireEye, CyberReason, or comparable.
• Familiarity with endpoint telemetry technology such as Sysmon, OSSec, and OSQuery
• Familiarity with cyber security operations within cloud environments such as Microsoft Azure or Amazon AWS
• Skill in cyber security research, planning and implementation of technology and techniques to protect Company networks and data; Familiarity with PowerShell and Python scripting languages to assist in automating routine tasks and enrichment of threat intelligence data.
• Basic knowledge of electrical industrial control systems (ICS) and related ICS/SCADA communication protocols is desired.
• Preferred Certifications: COMPTIA (Security+, CySA+); EC-COUNCIL (CND, CEH, ECSA); SANS/GIAC (GSEC, GCIH, GPPA, GISF, GISP); CISCO (CCNA CyberOps).
Major Accountabilities
1) Executes security controls, defenses, and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, and web-based systems.
2) Handles escalated alerts and/or successful compromises to support incident response investigations.
3) Assists in remediating cyber security incidents as assigned.
4) Identifies and corrects detected information system vulnerabilities.
5) Participates in cyber security incident response trainings and exercises.
6) Provides information to management regarding the negative impact on the business caused by data theft, destruction, alteration or denial of service to information and systems.
7) Assists leaders in processing and disseminating information from threat intelligence sources.
8) Supports system processes to help identify and select cyber security tools and platforms.
9) Assists in documenting exception reports, audit/review reports, technical/process recommendations, reporting of security statistics/metrics, technical standards, procedures, and guidelines.
10) Develops and delivers trainings to support managed security service provider (MSSP) contractors.
11) May help train and assist entry level employees
Key Level Differentiators:
- Works to achieve operational targets which has some impact on the overall achievement of results for the department.
- Works to achieve operational targets within Cyber Security area with direct impact on department results
- Work is of limited scope, typically on smaller, less complex projects/ assignments.
- Analyzes standard to moderately complex technical problems and solves them using judgment and prior experience.
- Under limited supervision, implements or supports projects/assignments.
- Conducts research and analysis to solve cyber security moderately complex attacks and related problems.
- Decision making has limited impact on department.
CIP Requirement:
This position requires Critical Infrastructure Protection (CIP) access consistent with North American Electric Reliability Corporation (NERC) standards. The applicant considered for this role will be required to obtain and maintain CIP access for the duration of employment in this position. A full seven (7) year criminal history will be obtained through the pre-employment background check process (or, for current employees, through supplemental background check process) to fulfill the CIP access requirements. In addition, this position requires an additional background check every seven years to maintain access.
Home based: Home based employees primarily work from their home offices and come into an APS facility on an as-needed basis.
• Employees are expected to reside in Arizona (or New Mexico for Four Corners-based employees).
• Working from a home office requires adequate technology and an appropriate ergonomic set up.
• Role types are subject to change based on business need.
Apply Now
Apply Now