Cyber Threat Analyst

Arizona Public Service generates reliable, affordable and clean energy for 2.7 million Arizonans. Our service territory stretches across the state, from the border town of Douglas to the vistas of the Grand Canyon, from the solar fields of Gila Bend to the ponderosa pines of Payson. As the state’s largest and longest-serving energy provider, our more than 6,000 dedicated employees power our vision of creating a sustainable energy future for Arizona.

Since our founding in 1886, APS has demonstrated a strong commitment to our customers in one of the country’s fastest growing states, earning a reputation for customer satisfaction, shareholder value, operational excellence and business integrity.

Our present and future success depends on the creative and dedicated people of our company who demonstrate the principles outlined in the APS Promise:
Design for Tomorrow, Empower Each Other and Succeed Together.

We are looking for a Cyber Threat Analyst I. This role is responsible for protecting the confidentiality, availability, and integrity of company data and ensuring the reliability of the Bulk Electric System by detecting, responding to, and containing cyber security threats. The Cyber Threat Analyst I helps safeguard the technology that keeps energy flowing to Arizona communities.

• Monitor security activity, follow established procedures, and respond to potential cyber threats.
• Escalate alerts to senior analysts to support coordinated incident response.
• Maintain run‑books, documentation, and procedures to keep information accurate and current.
• Review system logs and threat intelligence to identify indicators of compromise.
• Report vulnerabilities and contribute suggestions for improving protections.
• Participate in training, exercises, and lab research to strengthen tools and processes.
• Support data collection for reporting, metrics, and compliance activities.

• Foundational knowledge of cyber security principles and system monitoring.
• Strong analytical thinking, curiosity, and problem‑solving skills.
• Clear communication and a collaborative approach to working with partners.
• A growth mindset and commitment to continual learning.
• Alignment with the APS Promise—designing for tomorrow, empowering others, and succeeding together.
• Bachelors degree in Information Technology or related field and one (1) year of prior relevant experience or equivalent combination of education and directly related experience.

• General knowledge of enterprise networks, security architectures, and defensive strategies including security log configuration and monitoring; analysis of TCP/UDP traffic such as Netflow, DNS, and packet captures (PCAP); firewall, IDS, and proxy technologies; anti-malware prevention; analysis of current threats, vulnerabilities, and attack trends.
• Working knowledge of Windows and Linux system administration, database technologies, network security, and digital forensic & incident response (DFIR) investigation techniques and tools.
• Familiarity with Endpoint Detection and Response (EDR) technology such as Carbon Black, Crowd Strike, Fire Eye, Cyber Reason, or comparable.
• Familiarity with Security Information Event Management (SIEM) technology such as Splunk, Kibana, McAfee Nitro, IBM QRadar, Log Rhythm, or comparable.
• Familiarity with endpoint telemetry technology such as Sysmon, OSSec, and OSQuery is desired.
• Familiarity with cloud environments such as Microsoft Azure or Amazon AWS.
• Familiarity with Power Shell and Python scripting languages to assist in automating routine tasks and enrichment of threat intelligence data.

COMPTIA (Security+, CySA+); EC-COUNCIL (CND, CEH, ECSA); SANS/GIAC (GSEC, GCIH, GPPA, GISF, GISP); CISCO (CCNA Cyber Ops).