- Hourly / - BiWeekly /
- Monthly / $95,991.00-$154,928.00 Yearly
SKILLED
SERVICE BARGAINING UNIT:
G NCP
Knowledge of computer networking
concepts and protocols, and network security methodologies;
Knowledge of risk
management processes (e.g., methods for assessing and mitigating risk);
Knowledge of laws,
regulations, policies, and ethics as they relate to cybersecurity and privacy;
Knowledge of cybersecurity
and privacy principles;
Knowledge of cyber threats
and vulnerabilities;
Knowledge of specific
operational impacts of cybersecurity lapses;
Knowledge of data backup
and recovery;
Knowledge of business
continuity and disaster recovery continuity of operations plans;
Knowledge of host/network
access control mechanisms (e.g., access control list, capabilities);
Knowledge of network
services and protocols interactions that provide network communications;
Knowledge of incident categories,
incident responses, and timelines for responses;
Knowledge of incident
response and handling methodologies;
Knowledge of intrusion
detection methodologies and techniques for detecting host and network-based
intrusions;
Knowledge of network
traffic analysis methods;
Knowledge of packet-level
analysis;
Knowledge of system and
application security threats and vulnerabilities (e.g., buffer overflow, mobile
code, cross-site scripting, Procedural Language/Structured Query Language
[PL/SQL] and injections, race conditions, covert channel, replay,
return-oriented attacks, malicious code);
Knowledge of what
constitutes a network attack and a network attack’s relationship to both
threats and vulnerabilities;
Knowledge of cyber defense
and information security policies, procedures, and regulations;
Knowledge of different
classes of attacks (e.g., passive, active, insider, close-in, distribution
attacks);
Knowledge of cyber
attackers (e.g., script kiddies, insider threat, non-nation state sponsored,
and nation sponsored);
Knowledge of system
administration, network, and operating system hardening techniques;
Knowledge of cyber-attack
stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation
of privileges, maintaining access, network exploitation, covering tracks);
Knowledge of network
security architecture concepts including topology, protocols, components, and
principles (e.g., application of defense-in-depth);
Knowledge of OSI model and
underlying network protocols (e.g., TCP/IP);
Knowledge of cloud service
models and how those models can limit incident response;
Knowledge of malware
analysis concepts and methodologies;
Knowledge of an
organization's information classification program and procedures for
information compromise;
Knowledge of network
protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS),
and directory services. K0565 Knowledge of the common networking and routing
protocols (e.g. TCP/IP), services (e.g., web, mail, Domain Name System (DNS),
and how they interact to provide network communications;
Knowledge of Application
Security Risks (e.g. Open Web Application Security Project Top 10 list);
Skill in identifying,
capturing, containing, and reporting malware;
Skill in preserving
evidence integrity according to standard operating procedures or national
standards;
Skill in securing network
communications;
Skill in recognizing and
categorizing types of vulnerabilities and associated attacks;
Skill in protecting a
network against malware. (e.g., NIPS, anti-malware, restrict/prevent external
devices, spam filters);
Skill in performing damage
assessments;
Skill in using security
event correlation tools;
Skill in designing incident
response for cloud service models;
Ability to design incident
response for cloud service models;
Ability to apply techniques
for detecting host and network-based intrusions using intrusion detection
technologies.
Education: A bachelor’s degree in
computer science, cybersecurity, information technology, software engineering,
information systems, computer engineering or related field.
Experience: Five years of
experience in malware analysis,
digital forensics, data/network analysis, information assurance technician, and
incident handling.
Notes:
1. Candidates may substitute
the “Education” requirement listed above, for a High School Diploma or
possession of a High School Equivalency certificate and two additional years of
experience as described above.
2. Candidates may substitute up to two
years of the “Experience” requirement listed above for a graduate level degree in
computer science, cybersecurity, information technology, software engineering,
information systems, computer engineering or related field from an accredited
college or university.
Must have a Cyber Security Service Provider (CSSP) Incident
Responder certification, as described on the Maryland Department of Information
Technology website.
1. Employees in this classification may be subject to call-in 24
hours a day and, therefore, may be required to provide the employing agency
with a telephone number where the employee can be reached. Employees may be
furnished with a pager or cell phone.
2. Applicants for this classification may handle
sensitive data. This will require a full
scope background investigation prior to appointment. A criminal conviction may be grounds for
rejection of the applicant.
3. Employees
may occasionally be required to travel to field locations and must have access
to an automobile in the event a state vehicle cannot be provided. Standard
mileage allowance will be paid for use of a privately owned vehicle.
July 1, 2021
Director, Division of
Classification and Salary