About the Department

Senior Cybersecurity Analyst
(Senior Information Technologist)
This recruitment will establish an open eligible list that will be used to fill current and future Senior Information Technologist positions. The eligible list established may also be used to fill positions in similar and/or lower classifications throughout the County of Orange.
This recruitment will be open for a minimum of five (5) business days and will close on Sunday, July 26, 2026 at 11:59pm (PST).
ORANGE COUNTY INFORMATION TECHNOLOGY
The mission of Orange County Information Technology (OCIT) is to provide innovative, reliable, and secure technology solutions that support County departments in the delivery of quality public services. OCIT provides IT solutions across County departments for voice communications, network services, application support, service desk, desktop support, as well as data center services.
Click here for more information on OCIT.
Click here for more information on the County of Orange.
THE OPPORTUNITY
The Orange County Information Technology (OCIT)–Enterprise Cybersecurity Operations Team is seeking an experienced and dynamic supervisor who will oversee and assist a team of cybersecurity analysts in the continuous monitoring of the County's enterprise environmental assets, analyzing threats, mitigating vulnerabilities, detecting compromises, and conducting incident response. The Senior Cybersecurity Analyst will be responsible for the design, configuration, implementation, and ongoing support of County Enterprise tools. This position requires strong analytical and comprehension skills with written and communication experience.
Responsibilities and duties for this position include, but are not limited to, the following:
- Overseeing daily operations of the SOC
- Ensuring the service ability and integrity of SOC equipment and tools
- Supporting SOC efforts in digital forensics and eDiscovery
- Serving as the subject matter expert on system security tools, including but not limited to SIEM, SOAR, EDR, IAM, PAM, IPS/IDS, Web Proxy Firewall, DLP, Email Security, and WAF, and providing technical leadership on toolset enhancements
- Leading and performing threat hunting activities such as analysis of threat intelligence, detection and evaluation of IOCs, and escalation of incidents
- Evaluating vendor solutions, making recommendations, and leading projects for deployment and/or enhancement of security systems
- Participating in the incident response team and executing the County Incident Response Plan and cyber incident playbooks
- Reviewing cybersecurity requests against normal operational security processes and providing approval or escalation
In addition to the minimum qualifications, the ideal candidate will possess an Associate's or higher in Information Computer Sciences, Information Computer Technology, Information Systems, or a related field with at least three (3) years of security-related work experience in a cybersecurity, enterprise IT, or multidisciplinary IT environment.
A certification in one of the following is preferred but not required:
- CompTIA Security+
- CompTIA CySA+
- (ISC))² CISSP- Certified Information Systems Security Professional
- (ISC)² CISM - Certified Information Security Manager
- GCIL- GIAC Certified Incident Leader
- GEIR - GIAC Enterprise Incident Response
- GSOM- GIAC Security Operations Manager
- GSOC- GIAC Security Operations Certified
Technical Knowledge | Technical Expertise
- Understanding of the NIST 800-53 framework and application of its controls in operational security
- Understanding network protocols, routing and switching, LAN/WAN, remote access, and encryption protocols
- Understanding and applying network security concepts and troubleshooting enterprise firewalls, IDS/IPS, DNS Security, and WAF (Web Application Firewall)
- Foundational knowledge of Microsoft Office365, Azure Cloud, and related security concepts
- Utilizing security tools such as SIEM, SOAR, EDR, DLP, and Web Filter/Proxy
- Proficiency in scripting languages and PowerShell
- Installing, configuring, and supporting all varieties of Microsoft Windows Services and platforms
- Implementing enterprise security best practices including encryption, implicit and explicit permissions, multi-factor authentication, auditing and digital forensics, and data retention
- Serving as a department liaison for operational security matters, requests, and issues
- Working collaboratively and establishing rapport with staff, managers, and people across County departments
- Leading and training cybersecurity analysts on best practices
- Building and maintaining positive forward focused customer-oriented work environments
- Responding quickly, courteously, and proficiently to customer service requests
- Soliciting feedback and adjusting customer service requests to fit into business improvement
- Clearly conveying information technology concepts and terminology with both technical and non-technical staff at all levels within and outside the agency
- Preparing and maintaining technical documentation of department processes and procedures
Please click here for details on this classification, including the physical, mental, environmental and working conditions.
NOTE: Foreign degrees require an evaluation of U.S. equivalency by an agency that is a member of the National Association of Credential Evaluation Services (N.A.C.E.S.).
SPECIAL REQUIREMENT | BACKGROUND INVESTIGATION
Part of the selection process for positions within Orange County Information Technology (OCIT) requires that all candidates undergo an extensive background investigation process, to the satisfaction of the Department. Candidates must successfully clear prior to the start of their employment. All employment offers are contingent upon successful completion of a background investigation.
Application Screening (Refer/Non-Refer)
Applications and supplemental responses will be screened for qualifications that are highly desirable and most needed to successfully perform the duties of this job. Only those applicants that meet the qualifications as listed in the job bulletin will be referred to the next step.
Structured Oral Interview | SOI (Weighted 100%)
The Structured Oral Interview is a timed assessment. Applicants will provide answers to job-related questions, which will be rated by a panel of subject matter experts using standardized evaluation criteria. Only the most qualified candidates will move advance to the next step in the recruitment process or will be placed on the eligible list.
Eligible List
Once the assessment has been completed, HRS will establish an eligible list of candidates. Candidates placed on the eligible list may be referred to a selection interview to be considered for present and future vacancies.
Based on the County's needs, the selection procedure listed above may be modified. All candidates will be notified of any changes in the selection procedure.
Veterans Employment Preference
The County is committed to providing a mechanism to give preferential consideration in the employment process to veterans and their eligible spouses and will provide eligible participants the opportunity to receive interviews in the selection process for employment and paid internship openings. Please click here to review the policy.
Position Duties
REASONABLE ACCOMMODATION
The County of Orange is committed to providing reasonable accommodations to qualified individuals with disabilities. Individuals who require a reasonable accommodation during the application or selection process should notify the recruiter listed on the job posting as soon as possible. Documentation supporting the accommodation request may be required.
EMAIL NOTIFICATION
Email is the primary form of notification during the recruitment process. Please ensure your correct email address is included in our application and use only one email account.
FREQUENTLY ASKED QUESTIONS
Click here for additional Frequently Asked Questions.
For specific information pertaining to this recruitment, contact Joanna Xue at [email protected] or (714)-834-7338.
Minimum Qualifications

encourages applicants from diverse backgrounds to apply.
Benefits
Non-Management Benefits
In addition to the County's standard suite of benefits, such as a variety of health plan options, annual leave and paid holidays--we also offer an excellent array of benefits such as a Health Care Reimbursement Account, 457 Defined Contribution Plan and Annual Education and Professional Reimbursement. Employees are provided a Retirement Plan through the Orange County Employees Retirement System (OCERS).
Please go to the following link to find out more about Defined Benefit Pensions and OCERS Plan Types/Benefits.
http://www.ocers.org/active-member-information
Click here for information about benefits offered to County of Orange employees.
Supplemental Questions
-
01INSTRUCTIONS: The information you provide on this questionnaire will be evaluated and used to determine your level of expertise during the recruitment process. Be as specific as possible and include all information requested. If you do not have experience in an area, please answer "N/A". Statements such as "see application" or "see resume", will not be accepted in lieu of a response. All employers referenced on this questionnaire must be listed on your application. Do you understand these instructions?
- Yes
02I understand that as part of the selection process for positions within OCIT, I will be required to undergo an extensive background investigation including but not limited to contacting my current and/or previous employers, reference checks, criminal searches, verification of credentials, review of credit history. Any falsification of information or failure to meet the standards listed above will result in my disqualification.
- I acknowledge that I have read and understand the information listed above
03Please select the option that is most applicable to your experience as defined in the Senior Information Technologist minimum qualifications.
- Three (3) or more years as an Information Technologist II or its equivalent with the County of Orange
- Three (3) or more years of experience performing advanced level systems analysis and administration duties
- Two (2) years of experience performing advanced level systems analysis and administration duties AND possess college level education or training directly related to the competencies and attributes required of the position. Experience may be substituted for up to one year of the required experience at the rate of three semester units or the equivalent, equaling one month of experience and one hour of training equaling one hour of experience
- One (1) year of experience performing advanced level systems analysis and administration duties AND possess a Master's degree directly related to the competencies and attributes required of the position. Experience may be substituted for up to two years of the required experience at the rate of three semester units or the equivalent, equaling one month of experience and one hour of training equaling one hour of experience
- None of the above
04Based on your response to question #3, if you are substituting relevant education for the required experience as defined in the Senior Information Technologist minimum qualifications, you are acknowledging that you attached a copy of your unofficial transcripts to your application. Foreign degrees require an evaluation of U.S. equivalency by an agency that is a member of the National Association of Credential Services (N.A.C.E.S).
- Yes, I have attached a copy of my unofficial transcripts as I will substituting experience with relevant education and, if applicable, I have attached the N.A.C.E.S. equivalency evaluation for my degree
- Not applicable; I will not be substituting relevant education with experience
05Please select the certifications you possess.
- CompTIA Security+
- CySA+
- (ISC))² CISSP
- CISM
- GIAC
- GCIL
- GEIR
- GSOM
- GSOC
06If you selected "Other" in question #5 please specify the certification you possess.
07Please select from the following options which best describes your experience.
- Three (3) or more years of security-related work experience in a cybersecurity, enterprise IT, or multidisciplinary IT environment
- Less than three (3) years of security-related work experience in a cybersecurity, enterprise IT, or multidisciplinary IT environment
- No experience
08Based on your answer to question #7, please elaborate on security-related work experience in a cybersecurity, enterprise IT, or multidisciplinary IT environment. Please include in your response, your years of experience, the scope of your responsibilities, and the organization you obtained this experience from. If none, please type "N/A".
09Please describe your lead/supervisory experience related to this assignment. Please include in your response, your years of experience, the scope of your responsibilities, and the organization you obtained this experience from. If none, please type "N/A".
Required Question
Agency Information
- Employer
- County of Orange
- Address
-
400 W CIVIC CENTER DRIVE
Santa Ana, California, 92701
- Phone
- 714-834-2555
- Website
-
https://hrs.oc.gov