Cybersecurity Engineer

About The Position

Requirements

• Education: Bachelor's Degree
• Experience: Three (3) years of relevant experience
• A valid and unrestricted driver’s license with two (2) years of licensed driving is required.

Nice To Haves

• Degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• GIAC certifications, such as: GCIH – GIAC Certified Incident Handler GSEC – GIAC Security Essentials Certification GSTRT – GIAC Security Threat Intelligence
• (ISC)² certifications, such as: CISSP – Certified Information Systems Security Professional SSCP – Systems Security Certified Practitioner
• CompTIA certifications, such as: Security+ CySA+ – Cybersecurity Analyst
• Equivalent certifications from other recognized industry organizations
• Experience in Endpoint detection and response (EDR) platforms such as CrowdStrike Falcon, Carbon Black, and Microsoft Defender XDR, including investigation and response workflows.
• SIEM administration and detection engineering using tools such as Splunk and Falcon LogScale, including use of regex, dashboard development, and alert tuning.
• Security automation and scripting, including PowerShell, Python, Bash, and regex, for threat detection, remediation workflows, and data parsing.
• Network and forensic analysis tools, such as Wireshark, NetScout, and capabilities in network, memory, and endpoint forensics.
• Cloud administration and security across platforms such as Google Cloud Platform (GCP), Google Workspace, and Azure, including IAM integration and security control implementation.
• Firewall administration (e.g., Palo Alto), Cisco CLI, and virtualization technologies.
• Various operating systems including Windows Server 2016/2019, Windows 7–11, macOS, and Linux distributions using CIS benchmarks and secure baselines.
• Email and threat protection systems such as Proofpoint TAP/TRAP and cloud-native defense
• Collaboration, problem-solving, and continuous learning mindset with ability to work across teams and adapt to evolving threats.
• Any combination of relevant education and experience may be substituted on a year-for-year basis.

Responsibilities

• Implements cybersecurity solutions that protect enterprise Information Technology (IT) and Operational Technology (OT) environments, including Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS).
• Implements and maintains tools such as Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), vulnerability management platforms, email security, and cloud-native solutions.
• Collaborates with cross-functional teams to embed security into technology projects and deployments.
• Supports cloud migrations by reviewing architecture and offering secure configuration guidance.
• Develops threat detection capabilities by creating custom correlation rules, dashboards, and alerts.
• Optimizes incident response by identifying patterns and gaps.
• Automates security workflows to streamline operations and reduce response times.
• Conducts technical investigations using log correlation, forensic analysis, and root cause identification.
• Responds to cybersecurity incidents in real time.
• Coordinates remediation efforts with IT and operations teams to restore services and prevent recurrence.
• Monitors systems continuously using security tools and telemetry data.
• Identifies misconfigurations, vulnerabilities, and signs of malicious activity.
• Prioritizes risks based on severity and impact.
• Recommends remediation actions using current threat intelligence.
• Provides education and technical advice for securing systems and field devices, including servers, workstations, mobile devices, and OT assets.
• Aligns system settings with Center for Internet Security (CIS) Benchmarks, National Institute of Standards and Technology (NIST) guidelines, and City policy.
• Implements technical controls based on Zero Trust architecture and the NIST Cybersecurity Framework (CSF).
• Maintains secure access, data protection, segmentation, and endpoint visibility to enhance resilience and meet regulatory requirements.
• Develops security documentation such as configuration guides, standard procedures, and internal knowledge base articles.
• Maintains documentation to support consistent operations, training, and audit readiness.
• Performs all other duties and tasks as assigned.
• All duties and responsibilities listed are subject to change.

Benefits

• The City of Tucson offers a generous benefits package for benefit-eligible positions. The comprehensive, flexible, and affordable coverage is designed to optimize health and well-being, security and future, and peace of mind.
• Benefits begin with medical, dental, vision, life, disability, and FSA coverage, surpassing your standard 401(k) program by offering a rich pension plan plus optional Roth and pretax deferred compensation savings.
• With your well-being in mind, our paid time off program provides new hires with 38 paid days off in the first year of employment, with time off increasing steadily in subsequent years.
• We offer twelve weeks of paid parental leave, paid tuition reimbursement, student loan repayment, off- and on-the-job training, and opportunities to forge connections with peers and the community through employee resource groups and paid volunteer hours.
• You can learn more about our benefits at https://www.tucsonaz.gov/Departments/Human-Resources/Employee-Benefit-Snapshot.