State of Maryland
DOIT NETWORK OPERATIONS SPECIALIST I (#004737)
- Hourly / - BiWeekly /
- Monthly / $89,913.00-$145,151.00 Yearly
Notify Me when a Job Opens for the above position(s)GRADE
STD 0022
CLASS ATTRIBUTES
SKILLED
SERVICE BARGAINING UNIT:
G NCP
NATURE OF WORK
A Department of Information Technology (DoIT) Network
Operations Specialist I is the intermediate level of work in the Office of
Security Management (OSM) and is tasked with day-to-day management of the
firewalls and other network-based components that support security operations.
Employees in this classification receive moderate
supervision from the Director of Security Operations or another designated
administrator. Positions in this
classification do not supervise.
Positions in this classification are evaluated using the
Classification job evaluation methodology.
The use of this method involves comparing the assigned duties and
responsibilities of a position to the job criteria found in the Nature of Work
and Examples of Work sections of a class specification.
This position may require work outside of regular
business hours, and work in an on-call capacity.
The DoIT Network Operations Specialist I and
the DoIT Network Operations Specialist II are differentiated on the basis of
supervisory control exercised by the supervisor over these employees. The DoIT Network Operations Specialist I
performs a limited range of duties under moderate supervision and the DoIT -
Network Operations Specialist II performs the full range of duties under general
supervision. The DoIT Network Operations
Specialist II differs from the DoIT Network Operations Specialist Lead/Advanced
in that the DoIT Network Operations Specialist Ld/Adv
serves as a project lead or addresses the most complex
tasks and handles escalated issues prior to engaging a higher-level IT director
or they may lead lower-level DoIT Network
Operations Specialists.
EXAMPLES OF WORK
Configures and optimizes network hubs, routers,
and switches (e.g., higher-level protocols, tunneling);
Develops and implements network backup and
recovery procedures;
Diagnoses network connectivity problems;
Implements new system design procedures, test
procedures, and quality standards;
Installs and maintains network infrastructure
device operating system software (e.g., IOS, firmware);
Installs or replaces network hubs, routers, and
switches;
Integrates new systems into existing network
architecture;
Monitors network capacity and performance;
Patches network vulnerabilities to ensure that
information is safeguarded against outside parties;
Provides feedback on network requirements,
including network architecture and infrastructure;
Tests and maintains network infrastructure
including software and hardware devices;
Performs other related duties.
KNOWLEDGE, SKILLS AND ABILITIES
Knowledge of computer networking concepts and
protocols, and network security methodologies;
Knowledge of risk management
processes (e.g., methods for assessing and mitigating risk);
Knowledge of laws,
regulations, policies, and ethics as they relate to cybersecurity and privacy;
Knowledge of cybersecurity and privacy principles; Knowledge of cyber threats
and vulnerabilities;
Knowledge of specific operational impacts of cybersecurity
lapses;
Knowledge of communication methods, principles, and concepts that
support the network infrastructure;
Knowledge of capabilities and applications
of network equipment including routers, switches, bridges, servers,
transmission media, and related hardware;
Knowledge of organization's Local and
Wide Area Network connections;
Knowledge of cybersecurity and privacy
principles used to manage risks related to the use, processing, storage, and
transmission of information or data;
Knowledge of information technology (IT)
security principles and methods (e.g., firewalls, demilitarized zones,
encryption);
Knowledge of local area and wide area networking principles and
concepts including bandwidth management;
Knowledge of measures or indicators of
system performance and availability;
Knowledge of how traffic flows across the
network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP],
Open System Interconnection Model [OSI], Information Technology Infrastructure
Library, current version [ITIL]);
Knowledge of remote access technology
concepts;
Knowledge of server administration and systems engineering theories,
concepts, and methods; Knowledge of telecommunications concepts (e.g.,
Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing);
Knowledge of Virtual Private Network (VPN) security;
Knowledge of concepts,
terminology, and operations of a wide range of communications media (computer
and telephone networks, satellite, fiber, wireless);
Knowledge of network tools
(e.g., ping, traceroute, nslookup);
Knowledge of different types of network
communication (e.g., LAN, WAN, MAN, WLAN, WWAN);
Knowledge of web filtering
technologies;
Knowledge of the capabilities of different electronic
communication systems and methods (e.g., e-mail, VOIP, IM, web forums, Direct
Video Broadcasts);
Knowledge of the range of existing networks (e.g., PBX,
LANs, WANs, WIFI, SCADA);
Knowledge of Wi-Fi;
Knowledge of Voice over IP
(VoIP);
Knowledge of the common attack vectors on the network layer;
Knowledge
of network security architecture concepts including topology, protocols,
components, and principles (e.g., application of defense-in-depth);
Knowledge
of network systems management principles, models, methods (e.g., end-to-end
systems performance monitoring), and tools;
Knowledge of service management
concepts for networks and related standards (e.g., Information Technology
Infrastructure Library, current version [ITIL]);
Knowledge of symmetric key
rotation techniques and concepts;
Knowledge of security models (e.g.,
Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model);
Knowledge of Personally Identifiable Information (PII) data security standards;
Knowledge of Payment Card Industry (PCI) data security standards;
Knowledge of
Personal Health Information (PHI) data security standards;
Knowledge of
transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID),
Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular,
satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques
that enable transmission of undesirable information, or prevent installed
systems from operating correctly;
Knowledge of an organization's information
classification program and procedures for information compromise;
Knowledge of
network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name
System (DNS), and directory services;
Knowledge of controls related to the use,
processing, storage, and transmission of data.
Skill in analyzing network traffic capacity and
performance characteristics;
Skill in establishing a routing schema;
Skill in
implementing, maintaining, and improving established network security
practices;
Skill in installing, configuring, and troubleshooting LAN and WAN
components such as routers, hubs, and switches;
Skill in using network
management tools to analyze network traffic patterns (e.g., simple network
management protocol); Skill in securing network communications;
Skill in
protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent
external devices, spam filters);
Skill in configuring and utilizing network
protection components (e.g., Firewalls, VPNs, network intrusion detection
systems);
Skill in implementing and testing network infrastructure contingency
and recovery plans;
Skill in sub-netting;
Skill in configuring and utilizing
computer protection components (e.g., hardware firewalls, servers, routers, as
appropriate).
Ability to operate network equipment including
hubs, routers, switches, bridges, servers, transmission media, and related
hardware;
Ability to operate common network tools (e.g., ping, traceroute,
nslookup);
Ability to execute OS command line (e.g., ipconfig, netstat, dir,
nbtstat);
Ability to operate the organization's LAN/WAN pathways;
Ability to
monitor measures or indicators of system performance and availability;
Ability
to operate different electronic communication systems and methods (e.g.,
e-mail, VOIP, IM, web forums, Direct Video Broadcasts);
Ability to monitor
traffic flows across the network;
Ability to interpret the information
collected by network tools (e.g. Nslookup, Ping, and Traceroute).
MINIMUM QUALIFICATIONS
Experience: Four years of experience in information security and/or automated digital network systems (ADNS), which includes network management, server management, or security operations.
Notes:
1. Candidates may substitute the possession of a Bachelor's degree in computer science, cybersecurity, information technology, software engineering, information systems, and computer engineering or related field and two years of experience in information security and/or automated digital network systems (ADNS), which includes network management, server management, or security operations for the required experience.
2. Candidates may substitute the possession of a graduate level degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field from an accredited college or university for the required experience.
LICENSES, REGISTRATIONS AND CERTIFICATIONS
Must have an Information
Assurance Technical (IAT) level 2 or higher certification and a certification
associated with the methodologies and processes as described on the Maryland Department
of Information Technology website.
SPECIAL REQUIREMENTS
Employees in this classification may be subject to
call-in 24 hours a day and, therefore, may be required to provide the employing
agency with a telephone number where the employee can be reached. Employees may
be furnished with a pager or cell phone.
Applicants for this classification may handle sensitive
data. This will require a full scope background investigation prior to
appointment. A criminal conviction may be grounds for rejection of the
applicant.
Employees may occasionally be required to travel to field
locations and must have access to an automobile in the event a state vehicle
cannot be provided. Standard mileage allowance will be paid for use of a
privately owned vehicle.
ACKNOWLEDGEMENTS
Class
Descriptions are broad descriptions covering groups of positions used by
various State departments and agencies. Position descriptions maintained
by the using department or agency specifically address the essential job
functions of each position.
This is a Skilled Service
classification in the State Personnel Management System. All positions in this
classification are Skilled Service positions. Some positions in Skilled Service
classifications may be designated Special Appointment in accordance with the
State Personnel and Pensions Article, Section 6-405, Annotated Code of
Maryland.
This classification is assigned to Bargaining Unit G, Engineering, Scientific
and Administrative Professionals classes. As provided by the State Personnel
and Pensions Article, Section 3-102, special appointment, temporary,
contractual, supervisory, managerial and confidential employees are excluded
from collective bargaining. Additionally, certain executive branch agencies are
exempt from collective bargaining and all positions in those agencies are
excluded from collective bargaining.
This classification is one
level in a Non-Competitive Promotion (NCP) series. NCP promotions are
promotions by which employees may advance in grade and class level from trainee
to full performance level in a classification series. In order to be
non-competitively promoted to the next level in a NCP series, an employee must:
1) perform the main purpose of the class, as defined by the Nature of Work
section of the class specification; 2) receive the type of supervision defined
in the class specification and 3) meet the minimum qualifications of the
classification.
Date Established
July 1, 2021
Date Revised
July 1, 2024
January 6, 2022
Approved By
Director, Division of
Classification and Salary
CLASS: 004737; EST: 7/1/2021; REV: 1/6/2022;
