SECURITY ADMINISTRATOR - Information Technology Department

Recruitment #2303-0771-001


The Information Technology Department is seeking an experienced Security Administrator 

with proven success in the realm of Cyber and Information Systems Security to join our Cyber Security Team. 

The Information Technology Department is in the midst of transformational change and is working to reinforce the cyber security posture of the City by bringing on additional talent. The ideal candidate will have strong technical, analytical, and communication skills and a high degree of initiative.  The diversity of business functions within the City makes for a dynamic work environment that is both challenging and rewarding.  Security Administrators will interact regularly with co-workers in other Divisions of the IT Department, customer departments, external agencies, contractors, and citizens in conveying technical information. Therefore, a person in this position must be able to communicate courteously and effectively with both technical and non-technical individuals.

General Description

The City of Tucson Information Technology Department (ITD) is looking for an experienced Security Administrator to join our team.  This position will help protect and defend against cybersecurity threats through the implementation, administration and enhancement of the City’s information security program and systems.  The diversity of business functions makes for a dynamic work environment that is both challenging and rewarding.  The Security Administrator’s role will include:

  • Recommending security architecture enhancements,
  • Identifying host and network-based vulnerabilities,
  • Creating department and city-wide security policies and procedures,
  • Conducting intrusion and security event investigations,
  • Remediating security incidents,
  • Educating users on best security practices,
  • Reviewing and recommending compliance requirements, and
  • Conducting security audits on critical infrastructure to ensure technology risks are identified and managed according to organizational and industry risk policies and guidelines.

The Security Administrator will work as a member of the ITD Security Team and interact closely with a variety of external agencies, City of Tucson departments, and other ITD teams in conveying technical information. Therefore, a person in this position must be able to communicate courteously and effectively with both technical and non-technical individuals.

**The Information Technology Department is a 24/7 operation. The incumbent will be required to serve in an on-call status to respond to requests and emergencies occurring after normal business hours. **

Primary Responsibilities

  • Administer security systems and appliances to defend against unauthorized access, modification and/or destruction of City data, hardware, or infrastructure.
  • Monitor, investigate, and remediate security alerts, notifications, and alarms.
  • Conduct and report on the findings of security and compliance audits.
  • Contribute to information system, networks, and application hardening configurations in accordance with best cybersecurity practices and standards.
  • Run vulnerability scans on network endpoints, analyze and interpret the results, communicate the vulnerability findings with the appropriate departments or ITD teams, and provide remediation steps for the vulnerabilities or policy violations.
  • Monitor network traffic for anomalies against normal baseline behavior, review and interpret network, user, and system logs, complete comprehensive investigations, conduct and oversee the remediation of computer security incidents.
  • Coordinate and manage the implementation, configuration, and upgrade of security systems, appliances, and software with vendors and ITD teams, as needed.
  • Provide cybersecurity governance and oversight for the City of Tucson and its partner agency’s project supply chain and vendor access management.
  • Administer the cybersecurity awareness and phishing training campaigns for the City of Tucson.

Distinguishing Characteristics

The Security Administrator’s work is widely varied, involving analyzing and evaluating many complex and unique systems. This position will participate in the development, implementation, maintenance and/or recommendation of ITD and city-wide security policies and procedures.

The Security Administrator must always remain calm and professional during stressful situations and must be able to analyze, organize and prioritize tasks and request all while meeting multiple deadlines

Essential Functions

  • Monitor the City of Tucson’s infrastructure to detect, respond to, and remediate security alerts and incidents.
  • Receive alerts and updates from agencies and respond with the appropriate action.
  • Assess the City of Tucson’s infrastructure for known and potential vulnerabilities using commercial vulnerability scanners and risk intelligence platforms.
  • Provide security recommendations based on regulatory compliance for projects regarding life-cycle upgrades, new system or application implementations, or other proposed department improvements.
  • Meet with the ITD security team and other appropriate staff to share security information and communicate remediation plans based on the impact to the affected ITD assets or information system. 


  • Strong understanding of physical and virtual IT infrastructure, including servers, network devices, desktops, applications, and mobile devices.
  • Good understanding of various network and endpoint security technologies. 
  • Skilled with using Mac, Windows, and Linux operating systems. 
  • Skilled administering security applications, appliances, and systems.
  • Understand how to audit a Windows AD Domain and Microsoft O365 environments.
  • Knowledgeable of the different classes of cyberattacks.
  • Familiar with penetration principals, tactics, tools, techniques, and attack stages that threat actors use.
  • Knowledgeable in different network topologies, protocols, and components to apply the principles of a defense-in-depth approach to security and recommend secure network architecture design. 
  • Understand how to interpret CVE data for system and application security vulnerabilities. 
  • Capable of performing network packet-level analysis and damage assessment.
  • Knowledgeable in the use of social engineering techniques to train users how to identify and avoid them.

Minimum Qualifications

EDUCATION LEVEL & TYPE: Bachelor’s degree from an accredited college or university with major course work in computer information systems, business administration, public administration or a degree related to the core functions of this position

EXPERIENCE: Five (5) to Seven (7) years of professional-level experience in computer network and IT systems security associated with a large organization. One year of experience administering security-specific hardware required.

Preferred Qualifications

Bachelor’s degree from an accredited college or university in Computer Information Systems (CIS), Cybersecurity, Information Technology (IT), Management Information Systems (MIS), or a degree closely related to the core functions of this position.

Certification in one or more of the following: Certified Ethical Hacker (CEH), CISA, CISM, CISSP, GIAC, Security Essentials Certification (GSEC), Security+

Experience in the following Cybersecurity Domains:
  • Security Operations - Investigations and Response, Vulnerability Management, Threat Hunting and Sterilization.
  • Security Architecture - Network Design, DDoS Protection, Access Control, Data Protection, Cryptography and Encryption Standards, Cloud Security, Endpoint Security, and Patch Management.
  • Threat Intelligence - Provide Internal and External Context on Indicators of Compromise (IOC), Emerging and Persistent Threats, and Threat Actor’s Tactics Techniques and Procedures (TTPs).
  • Governance - 1). Policies and Procedures, Laws and Regulations, Frameworks, Standards, and Compliance Enforcement.  2). Payment Card Industry (PCI), Criminal Justice Information Services (CJIS), Health Information Portability and Accountability Act (HIPAA), International Organization for Standards (ISO), Federal Information Security Modernization Act (FISMA), Open Web Application Security Project (OWASP), Center for Internet Security (CIS), National Institute for Standards and Technology (NIST).
  • Enterprise Risk Management - Risk Appetite and Acceptance, Crisis Management, Audits, and Risk Registers
  • Risk Assessments - Vulnerability Scans, Asset Inventory and Classification, Penetration and Vulnerability Testing, Social Engineering, and Risk Monitoring
  • Application Security - Software Development Life Cycle, Security UX, API Security, Source Code and Open-Source Scans

Selection Plan

Applicants who meet the minimum qualifications will be evaluated on the education and work experience in their employment profile and the responses to their supplemental questions. The highest scoring applicants will then be invited to participate in an oral board interview. 

  • Virtual Oral Board interviews will be held April 5, 2023 
Upon completion of all examination processes, the highest scoring applicants will be placed on the Civil Service Employment List.

An applicant's ranking on the Civil Service list will be based on their final score which will be calculated as:
  •  20% of your rating for education and work experience 
  •  80% of your rating for panel board interview      

  • This recruitment will establish a civil service list that will be utilized to fill vacancies occurring within the next 6 months.

    Veterans, Native American, or Disability preference points will be added to the final score for those that are placed on the Civil Service Employment List.  If you qualify for preference points as outlined in the Employment Profile, you must present your documentation prior to your oral board interview. The DD 214 must be a copy that indicates characterization of service.  

    If you are in need of Americans with Disabilities Act-related accommodation during the testing process, please email at least 48 hours prior to the evaluation.


    You are highly encouraged to print this bulletin because it contains important testing dates and information that you will need to refer to later, as it will not be available after the closing date.

    Communication throughout this process will be sent via email exclusively so please ensure your browser accepts emails from and check your email account regularly.  Failure to respond or follow instructions will result in disqualification.  All email inquiries should be directed to

    Driving Requirements

    License Type: Valid and Unrestricted Class D – Driver