Cyber Threat Analyst II

Our present and future success depends on the creative and dedicated people of our company who demonstrate the principles outlined in the APS Promise:
Design for Tomorrow, Empower Each Other and Succeed Together.

We are looking for a Cyber Threat Analyst II. This role is responsible for protecting the confidentiality, availability, and integrity of company data and ensuring the reliability of the Bulk Electric System by detecting, responding to, and containing cyber security threats. The Cyber Threat Analyst II helps safeguard the technology that keeps energy flowing to Arizona communities.

• Monitor security activity, follow established procedures, and respond to potential cyber threats.
• Escalate alerts to senior analysts to support coordinated incident response.
• Maintain run‑books, documentation, and procedures to keep information accurate and current.
• Review system logs and threat intelligence to identify indicators of compromise.
• Report vulnerabilities and contribute suggestions for improving protections.
• Participate in training, exercises, and lab research to strengthen tools and processes.
• Support data collection for reporting, metrics, and compliance activities.

• Foundational knowledge of cyber security principles and system monitoring.
• Strong analytical thinking, curiosity, and problem‑solving skills.
• Clear communication and a collaborative approach to working with partners.
• A growth mindset and commitment to continual learning.
• Alignment with the APS Promise—designing for tomorrow, empowering others, and succeeding together.
• Bachelor's degree in Information Technology or related field and two (2) years of prior relevant experience or equivalent combination of education and directly related experience.

• Demonstrated knowledge of enterprise networks, security architectures, and defensive strategies including security log configuration and monitoring; analysis of TCP/UDP traffic such as Netflow, DNS, and packet captures (PCAP); firewall, IDS, and proxy technologies; anti-malware prevention; analysis of current threats, vulnerabilities, and attack trends.
• Proficiency in Windows and Linux system administration, database technologies, network security, and digital forensic & incident response (DFIR) investigation techniques and tools.
• Experience deploying and configuring Security Information Event Management (SIEM) technology such as Splunk, Kibana, McAfee Nitro, IBM QRadar, Log Rhythm, or comparable.
• Experience deploying and configuring Endpoint Detection and Response (EDR) technology such as Carbon Black, Crowd Strike, Fire Eye, Cyber Reason, or comparable.
• Familiarity with endpoint telemetry technology such as Sysmon, OSSec, and OSQuery.
• Familiarity with cyber security operations within cloud environments such as Microsoft Azure or Amazon AWS.
• Skill in cyber security research, planning and implementation of technology and techniques to protect Company networks and data;
  Familiarity with Power Shell and Python scripting languages to assist in automating routine tasks and enrichment of threat intelligence data.
• Basic knowledge of electrical industrial control systems (ICS) and related IC S/SCADA communication protocols is desired.
• Preferred
  
  Certifications:
  
  COMPTIA (Security+, CySA+); EC-COUNCIL (CND, CEH, ECSA); SANS/GIAC (GSEC, GCIH, GPPA, GISF, GISP); CISCO (CCNA Cyber Ops).

1) Executes security controls, defenses, and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, and web-based systems.

2) Handles escalated alerts and/or successful compromises to support incident response investigations.

3) Assists in remediating cyber security incidents as assigned.

4) Identifies and corrects detected information system vulnerabilities.

5) Participates in cyber security incident response trainings and exercises.

6) Provides information to management regarding the negative impact on the business caused by data theft, destruction, alteration or denial of service to information and systems.

7) Assists leaders in processing and…