Cyber Threat Analyst I

APS (Arizona Public Service)
United States, Arizona, Phoenix
Feb 18, 2026
Arizona Public Service generates reliable, affordable and clean energy for 2.7 million Arizonans. Our service territory stretches across the state, from the border town of Douglas to the vistas of the Grand Canyon, from the solar fields of Gila Bend to the ponderosa pines of Payson. As the state's largest and longest-serving energy provider, our more than 6,000 dedicated employees power our vision of creating a sustainable energy future for Arizona. Since our founding in 1886, APS has demonstrated a strong commitment to our customers in one of the country's fastest growing states, earning a reputation for customer satisfaction, shareholder value, operational excellence and business integrity. Our present and future success depends on the creative and dedicated people of our company who demonstrate the principles outlined in the APS Promise: Design for Tomorrow, Empower Each Other and Succeed Together. Summary We are looking for a Cyber Threat Analyst I. This role is responsible for protecting the confidentiality, availability, and integrity of company data and ensuring the reliability of the Bulk Electric System by detecting, responding to, and containing cyber security threats. The Cyber Threat Analyst I helps safeguard the technology that keeps energy flowing to Arizona communities. What your day would be like Monitor security activity, follow established procedures, and respond to potential cyber threats. Escalate alerts to senior analysts to support coordinated incident response. Maintain runbooks, documentation, and procedures to keep information accurate and current. Review system logs and threat intelligence to identify indicators of compromise. Report vulnerabilities and contribute suggestions for improving protections. Participate in training, exercises, and lab research to strengthen tools and processes. Support data collection for reporting, metrics, and compliance activities. Who we're looking for Foundational knowledge of cyber security principles and system monitoring. Strong analytical thinking, curiosity, and problemsolving skills. Clear communication and a collaborative approach to working with partners. A growth mindset and commitment to continual learning. Alignment with the APS Promise-designing for tomorrow, empowering others, and succeeding together. Minimum Requirements Bachelors degree in Information Technology or related field and one (1) year of prior relevant experience or equivalent combination of education and directly related experience. Preferred Special Skills, Knowledge or Qualifications: General knowledge of enterprise networks, security architectures, and defensive strategies including security log configuration and monitoring; analysis of TCP/UDP traffic such as Netflow, DNS, and packet captures (PCAP); firewall, IDS, and proxy technologies; anti-malware prevention; analysis of current threats, vulnerabilities, and attack trends. Working knowledge of Windows and Linux system administration, database technologies, network security, and digital forensic & incident response (DFIR) investigation techniques and tools. Familiarity with Endpoint Detection and Response (EDR) technology such as Carbon Black, CrowdStrike, FireEye, CyberReason, or comparable. Familiarity with Security Information Event Management (SIEM) technology such as Splunk, Kibana, McAfee Nitro, IBM QRadar, LogRhythm, or comparable. Familiarity with endpoint telemetry technology such as Sysmon, OSSec, and OSQuery is desired. Familiarity with cloud environments such as Microsoft Azure or Amazon AWS. Familiarity with PowerShell and Python scripting languages to assist in automating routine tasks and enrichment of threat intelligence data. Preferred certifications: COMPTIA (Security+, CySA+); EC-COUNCIL (CND, CEH, ECSA); SANS/GIAC (GSEC, GCIH, GPPA, GISF, GISP); CISCO (CCNA CyberOps). Major Accountabilities 1) Executes procedures for security monitoring, protections, and countermeasures to detect and respond to internal or external cyber attacks 2) Escalates alerts and/or successful compromises to more senior threat analysts to support incident response. 3) Maintains incident response run-books, department wiki pages, and procedures to evergreen state. 4) Reviews Security Event and Information Management (SIEM) logs for indicators of compromise received from threat intelligence sources. 5) Reports detected system vulnerabilities and may recommend improvements. 6) Participates in cyber security incident response trainings and exercises. 7) Performs lab research to improve and expand upon existing or emerging tools. 8) Assists in performing duties to support successful metrics reporting and compliance audits Export Compliance / EEO Statement This position may require access to and/or use of information subject to control under the Department of Energy's Part 810 Regulations (10 CFR Part 810), the Export Administration Regulations (EAR) (15 CFR Parts 730 through 774), or the International Traffic in Arms Regulations (ITAR) (22 CFR Chapter I, Subchapter M Part 120) (collectively, 'U.S. Export Control Laws'). Therefore, some positions may require applicants to be a U.S. person, which is defined as a U.S. Citizen, a U.S. Lawful Permanent Resident (i.e. 'Green Card Holder'), a Political Asylee, or a Refugee under the U.S. Export Control Laws. All applicants will be required to confirm their U.S. person or non-US person status. All information collected in this regard will only be used to ensure compliance with U.S. Export Control Laws, and will be used in full compliance with all applicable laws prohibiting discrimination on the basis of national origin and other factors. For positions at Palo Verde Nuclear Generating Stations (PVNGS) all openings will require applicants to be a U.S. person. Pinnacle West Capital Corporation and its subsidiaries and affiliates ('Pinnacle West') maintain a continuing policy of nondiscrimination in employment. It is our policy to provide equal opportunity in all phases of the employment process and in compliance with applicable federal, state, and local laws and regulations. This policy of nondiscrimination shall include, but not be limited to, recruiting, hiring, promoting, compensating, reassigning, demoting, transferring, laying off, recalling, terminating employment, and training for all positions without regard to race, color, religion, disability, age, national origin, gender, gender identity, sexual orientation, marital status, protected veteran status, or any other classification or characteristic protected by law. For more information on applicable equal employment regulations, please refer to EEO is the Law poster. Federal law requires all employers to verify the identity and employment eligibility of every person hired to work in the United States, refer to E-Verify poster. View the employee rights and responsibilities under the Family and Medical Leave Act (FMLA). Arizona Public Service is a smoke free workplace. CIP Requirement: This position requires Critical Infrastructure Protection (CIP) access consistent with North American Electric Reliability Corporation (NERC) standards. The applicant considered for this role will be required to obtain and maintain CIP access for the duration of employment in this position. A full seven (7) year criminal history will be obtained through the pre-employment background check process (or, for current employees, through supplemental background check process) to fulfill the CIP access requirements. In addition, this position requires an additional background check every seven years to maintain access. Home based: Home based employees primarily work from their home offices and come into an APS facility on an as-needed basis. Employees are expected to reside in Arizona (or New Mexico for Four Corners-based employees). Working from a home office requires adequate technology and an appropriate ergonomic set up. Role types are subject to change based on business need.