Cybersecurity Security Administrator

Cyber Security Administrator

The Cyber Security Administrator position at the City of Tucson's Information Technology Department is responsible for designing, implementing, and optimizing cybersecurity solutions to protect the City's infrastructure- including cyber-physical systems and operational environments. This role supports strategic initiatives by deploying and tuning tools and developing automation to enhance detection and response.

Work is performed under the supervision of the Information Technology Manager. This position does not supervise.

Duties and Responsibilities

• Designs cybersecurity solutions that protect enterprise Information Technology (IT) and Operational Technology (OT) environments, including Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS). Implements and maintains tools such as Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), vulnerability management platforms, email security, and cloud-native solutions. Collaborates with cross-functional teams to embed security into technology projects and deployments. Supports cloud migrations by reviewing architecture and offering secure configuration guidance.
• Develops threat detection capabilities by creating custom correlation rules, dashboards, and alerts. Optimizes incident response by identifying patterns and gaps. Automates security workflows to streamline operations and reduce response times.
• Conducts technical investigations using log correlation, forensic analysis, and root cause identification. Responds to cybersecurity incidents in real time. Coordinates remediation efforts with IT and operations teams to restore services and prevent recurrence.
• Monitors systems continuously using security tools and telemetry data. Identifies misconfigurations, vulnerabilities, and signs of malicious activity. Prioritizes risks based on severity and impact. Recommends remediation actions using current threat intelligence.
• Provides education and technical advice for securing systems and field devices, including servers, workstations, mobile devices, and OT assets. Aligns system settings with Center for Internet Security (CIS) Benchmarks, National Institute of Standards and Technology (NIST) guidelines, and City policy.
• Implements technical controls based on Zero Trust architecture and the NIST Cybersecurity Framework (CSF). Maintains secure access, data protection, segmentation, and endpoint visibility to enhance resilience and meet regulatory requirements.
• Develops security documentation such as configuration guides, standard procedures, and internal knowledge base articles. Maintains documentation to support consistent operations, training, and audit readiness.
• Performs all other duties and tasks as assigned.

Working Conditions

Mostly office environment. On-call rotations and perform off-hours work as necessary.

All duties and responsibilities listed are subject to change.

Minimum Qualifications

Education: Bachelor's Degree

Experience: three (3) years of relevant experience

Any combination of relevant education and experience may be substituted on a year-for-year basis.

A valid and unrestricted driver's license with two (2) years of licensed driving is required.

Preferred Qualifications

Degree in Cybersecurity, Information Technology, Computer Science, or a related field.

GIAC certifications, such as:

GCIH – GIAC Certified Incident Handler

GSEC – GIAC Security Essentials Certification

GSTRT – GIAC Security Threat Intelligence

(ISC)² certifications, such as:

CISSP – Certified Information Systems Security Professional

SSCP – Systems Security Certified Practitioner

CompTIA certifications, such as:

Security+

CySA+ – Cybersecurity Analyst

Equivalent certifications from other recognized industry organizations

Experience in:

Endpoint detection and response (EDR) platforms such as CrowdStrike Falcon, Carbon Black, and Microsoft Defender XDR, including investigation and response workflows.

SIEM administration and detection engineering using tools such as Splunk and Falcon LogScale, including use of regex, dashboard development, and alert tuning.

Security automation and scripting, including PowerShell, Python, Bash, and regex, for threat detection, remediation workflows, and data parsing.

Network and forensic analysis tools, such as Wireshark, NetScout, and capabilities in network, memory, and endpoint forensics.

Cloud administration and security across platforms such as Google Cloud Platform (GCP), Google Workspace, and Azure, including IAM integration and security control implementation.

Firewall administration (e.g., Palo Alto), Cisco CLI, and virtualization technologies.

Various operating systems including Windows Server 2016/2019, Windows 7–11, macOS, and Linux distributions using CIS benchmarks and secure baselines.

Email and threat protection systems such as Proofpoint TAP/TRAP and cloud-native defense.

Collaboration, problem-solving, and continuous learning mindset with ability to work across teams and adapt to evolving threats.