State of Maryland

MANAGEMENT SERVICE          BARGAINING UNIT: M

A Department of Information Technology (DoIT) Cyber Defense Incident Responder Manager is the managerial level of work in the Office of Security Management (OSM) and is tasked with daily management of the Security Operations center, which includes providing tasking a direct oversight of multiple groups within the unit. Additional responsibilities include handling escalated security incidents and supporting the investigation and remediation of these events, proactive threat hunting, capability development, and operational continuous improvement. Positions in this classification supervise lower-level DoIT Cyber Defense Incident Responders.

Employees in this classification receive managerial supervision from an Executive Cyber Leadership Director. 

Position placement in this classification is determined by the Classification Job Evaluation Methodology. The use of this method involves comparing the assigned duties and responsibilities of a position to the job criteria found in the Nature of Work and Examples of Work sections of a classification specification.

The DoIT Cyber Defense Incident Responder Manager differs from the DoIT Cyber Defense Incident Responder Ld/Adv in that the DoIT Cyber Defense Incident Responder Ld/Adv handles cases of a more complex nature or leads lower-level DoIT Cyber Defense Incident Responders while the DoIT Cyber Defense Incident Responder Manager has supervisory responsibility for lower-level DoIT Cyber Defense Incident Responders and is responsible for the daily management of the Security Operations center.

Plans, coordinates, supervises, and evaluates the work of DoIT Cyber Defense Incident Responders and related support staff;

Supervises subordinate staff involved with the management of the Security Operations center, including handling escalated security incidents and supporting investigation and remediation of these events, proactive threat hunting, capability development, and operational continuous improvement;

Assigns and reviews work for completeness, accuracy, the application of and compliance with State and federal policy, procedures, laws, rules and regulations;

Plans and controls workload to assure accuracy and compliance;

Analyzes work to determine causes of errors, and recommends and implements corrective actions, and policy and procedural changes when necessary;

Trains staff in work management and technical areas of the work;

Coordinates and provides expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents;

Correlates incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation;

Performs analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security;

Performs cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation;

Performs cyber defense trend analysis and reporting;

Performs initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems;

Performs real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs);

Receives and analyzes network alerts from various sources within the enterprise and determine possible causes of such alerts;

Tracks and documents cyber defense incidents from initial detection through final resolution;

Writes and publishes cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies;

Employs approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness);

Collects intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise;

Serves as technical expert and liaison to law enforcement personnel and explain incident details as required;

Coordinates with intelligence analysts to correlate threat assessment data;

Writes and publishes after action reviews;

Monitors external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise;

Coordinates incident response functions;

Performs other related duties.

Specific educational and experience requirements are set by the agency based on the essential job functions assigned to the position.

Class Descriptions are broad descriptions covering groups of positions used by various State departments and agencies.  Position descriptions maintained by the using department or agency specifically address the essential job functions of each position. 

Class Descriptions provide information about the Nature of Work, Examples of Work, General Requirements and Acknowledgements.  The Required Knowledge, Skills, and Abilities; Minimum Education and Experience Requirements; Special Requirements; and recruitment and testing procedures are set by the using agency.

This is a Management Service classification in the State Personnel Management System.  All positions in this classification are Management Service positions. 

This classification is not assigned to a bargaining unit, as indicated by the designation of S (Supervisor), M (Manager), T (Agency Head), U (Board or Commission Member), W (Student), X (Used by Agency or Excluded by Executive Order), or Z (Confidential).  As provided by State Personnel and Pensions Article, Section 3-102, special appointment, temporary, contractual, supervisory, managerial and confidential employees are excluded collective bargaining.  Additionally, certain executive branch agencies are exempt from collective bargaining and all positions in those agencies are excluded from collective bargaining.