Remote Vulnerability Analyst Jobs in Arizona (NOW HIRING)

ABOUT THIS POSITION
The City of Phoenix, Information Technology Services Department (ITS) provides enterprise-wide IT and supports departments' business solutions. Our business is in the City of Phoenix, which means the work our IT professionals do helps to improve lives of residents, businesses, and visitors to Phoenix!
The ITS department is seeking Vulnerability Analysts level II (ITSS) to join the Vulnerability Management Team within the Information Security Operations and Intelligence Division. Vulnerability Analysts level II (ITSS) serve as a proactive defense strategists safeguarding the City's digital infrastructure
The Vulnerability Analyst role is responsible for identifying, analyzing, and helping to remediate vulnerabilities in the organization's systems, networks, and applications. This role involves proactive scanning, threat assessments, risk prioritization, and collaboration with IT and development teams to ensure a strong security posture.
Key duties and responsibilities include, but are not limited to:

• Perform regular vulnerability assessments using tools such as Tenable Nessus, Qualys, Rapid7, or similar.
• Analyze scan results, validate findings, and determine risk levels.
• Track and report vulnerabilities, recommending remediation steps based on risk severity.
• Collaborate with IT, DevOps, and system owners to remediate vulnerabilities.
• Maintain and update vulnerability scanning tools and systems.
• Monitor threat intelligence feeds to stay ahead of emerging vulnerabilities and exploits.
• Develop metrics and dashboards to communicate vulnerability trends and compliance status.
• Ensure all vulnerability management processes align with compliance requirements (e.g., ISO 27001, NIST, PCI-DSS).
• Document processes, findings, and remediation efforts in a clear and auditable manner.
• Participate in incident response activities if a vulnerability is exploited.

Please note: This is a remote position which is eligible to telework up to five days a week, at department discretion and requires the ability to attend meetings and trainings in-person at a designated City work location when required, based on operational needs. This position requires participation in cyber emergency incidents.
This position will be funded through June 2027 with a possibility to be made regular in a future budget cycle. The temporary position will have benefits but will not earn city retirement credits or participate financially into the city's retirement program. If the successful candidate is a current City employee, all benefits will still be applicable, and the employee will still contribute to their pension. Temporary positions are not covered under civil service rules, and thus employment is considered "at-will", and employees may be separated at any time.
IDEAL CANDIDATE

• Detail-oriented with a strong sense of accountability.
• Comfortable working in a fast-paced, high-security environment.
• Excellent written and verbal communication and presentation skills.
• Knowledge of:
  • Cloud environments (AWS, Azure, GCP) and related vulnerabilities.
  • Threat intelligence concepts and emerging vulnerability trends.
• Ability to:
  • Communicate tactfully, verbally and in writing, with department heads, managers, coworkers and vendors to resolve problems, and negotiate resolutions.
  • Work independently and as part of a team.

SALARY
Pay Range: $84,468.80 to $118,872.00 annually.
Hiring Range: $84,468.80 to $107,806.40 annually.
Pay Range Explanation:

• Pay range is the entire compensation range for the position classification.
• Hiring range is an estimate of where you can receive an offer. The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience, education, licenses, training, and internal equity.

Internal Only: Please understand that this is pay grade 063. If selected, your salary offer will be based on the applicable promotion or demotion worksheet in accordance with the City Pay Ordinance.

• Promotions occur when the last two digits of the pay grade increase.
• Demotions occur when the last two digits of the pay grade decrease.
• Lateral transfers occur when there is no change to the last two digits of the pay grade.
• When there is a change in the first digit of the pay grade, there may also be a change to your classification or unit.

Your job classification can be found in eCHRIS > Personal Details under your name, located in the top left section of the page.
The pay grade and classification/unit of your current position may be found by looking up your job title on the job description page .
BENEFITS
A comprehensive benefits package is offered which includes:

• Traditional pension with employer and employee contributions, click here for more details: Pension Information
• 401(a) and 457 plans with employer contributions
• Choice of generous medical HMO, PPO, or HSA/HDHP plans
• Medical enrollment includes a monthly $150 City contribution to a Post-Employment Health Plan
• Wellness incentive of up to $720 annually
• Dental, vision, and life insurance options
• Employer paid long-term disability
• Free Bus/light rail pass
• Tuition reimbursement program up to $6,500 per year
• Paid time off includes 13.5 paid holidays, 12 vacation days, and 15 sick days and personal leave days
• Paid Parental Leave for eligible employees up to 480 hours (12 weeks) of paid leave for the birth, adoption, or foster care placement of a child during a 12-month period
• Federal Student Loan Forgiveness offered through Savi

For more details, visit: Unit 007 Benefits
MINIMUM QUALIFICATIONS

• Three years of responsible experience in cybersecurity, information technology security, or vulnerability management.
• Other combinations of experience and education that meet the minimum requirements may be substituted.
• This position is subject to Criminal Justice Information Systems (CJIS) background standards. Candidates who receive a conditional offer of employment must be fingerprinted and will have their fingerprints used to check the Criminal History Records of the State of Arizona Department of Public Safety and the Federal Bureau of Investigation. Any records returned will be reviewed to determine the candidate's suitability for the job.
• All finalists for positions are subject to a criminal background check applicable to the department or position.
• Some positions require the use of personal or City vehicles on City business. Individuals must be physically capable of operating the vehicles safely, possess a valid driver's license and have an acceptable driving record. Use of a personal vehicle for City business will be prohibited if the employee is not authorized to drive a City vehicle or if the employee does not have personal insurance coverage.
• For information regarding pre-screening and driving positions, click here .
• The City job description can be found here .

PREFERRED QUALIFICATIONS
The minimum qualifications listed above, plus:

• Two years of experience performing vulnerability assessments and using tools such as Tenable Nessus, Qualys, or Rapid7.
• Experience with/in:
  • Analyzing risk, validate findings, and document remediation efforts clearly.
  • Cloud environments (AWS, Azure, GCP) and related vulnerabilities.
  • Common vulnerabilities (OWASP Top 10, CVEs) and related remediation techniques.
  • Security frameworks such as NIST, and CIS Controls.
• Professional certifications supporting cybersecurity or vulnerability management, such as CompTIA Security+, CTIA, GCTI, CISSP, CEH, Cisco CyberOps Associate, or OSCP.

RECRUITMENT DATES
Recruitment closes June 11, 2026. All materials must be received by 11:59 p.m. on this date.
This is a position-based recruitment and will not result in any ongoing eligibility list. This recruitment and any selection processes resulting from this recruitment may be used to fill other related vacancies within the organization now or in the near future.
HOW TO APPLY
Apply online by completing the required information and attaching, as one document, your cover letter and resume. Please include your experience as it relates to the qualifications stated above. Only the highest qualified may be posted to the eligible to hire list. The results of the resume screening process will be sent to your primary email address.
During the online application process, you will provide responses to questions regarding your experience and qualifications (the system allows copy/pasting into the answer fields). Information you provide in these questions should align to the information in your resume. Information not consistent with your resume may not be considered when determining your education and/or experience level.
Question: Describe your experience pertaining to cybersecurity and risk assessments. Include your years of experience.
WE ARE HERE TO HELP

• Job interviews may be held by video or audio conference.
• If you are in need of computer resources, click here for free options.
• Arizona at Work has frequent classes to help with resume writing, interviewing skills, and general career guidance. Click here for more information.
• Explore other Employment Opportunities with the City of Phoenix .
• Subscribe to receive e-mail notifications about new employment opportunities.
• If you require assistance at any stage of the application process due to an accessibility issue, please contact the Human Resources Department by phone at (602) 495-5700 or by text at (800) 367-8939 . You may also fill out and submit a Reasonable Accommodation Request Form .

REFERENCE
Information Tech Systems Spec, JC:09560, ID# 61857 , 06/07/26, USM, VM, Benefits:007
Building the Phoenix of tomorrow.
#DoWorkThatMakesPhoenixWork
City of Phoenix is an equal opportunity employer. AmeriCorps, Peace Corps, and other national service alumni who meet the required qualifications are encouraged to apply.