State of Maryland

SKILLED SERVICE     BARGAINING UNIT: G    

A Department of Information Technology (DoIT) Cybersecurity Systems Administrator, Lead/Advanced is the lead or advanced level of work performing the day-to-day management of the tools and systems that support security operations in the Office of Security Management (OSM). At the Lead level, employees in this classification assign, review and approve the work of and train lower-level DoIT – Cybersecurity Systems Administrators. At the Advanced level, employees in this classification serve as a project lead or address the most complex tasks and escalated issues prior to engaging a higher-level IT manager or director. Employees in this classification do not supervise.

Employees in this classification receive general supervision from the Director of Security Operations or another designated administrator.

Positions in this classification are evaluated using the Classification Job Evaluation Methodology. The use of this method involves comparing the assigned duties and responsibilities of a position to the job criteria found in the Nature of Work and Examples of Work sections of a class specification.

This position may require work outside of regular business hours, and work in an on-call capacity.

The DoIT Cybersecurity Systems Administrator I and DoIT Cybersecurity Systems Administrator II are differentiated on the basis of supervisory control by the supervisor over these employees. The DoIT Cybersecurity Systems Administrator I performs duties under close supervision at times and under general supervision at other times depending on the complexity of the specific duty being performed, and the Doit Cybersecurity Systems Administrator II performs the full range of duties under general supervision. The DoIT Cybersecurity Systems Administrator II is differentiated from the DoIT Cybersecurity Systems Administrator, Lead/Advanced in that the DoIT Cybersecurity Systems Administrator, Lead/Advanced assigns, reviews and approves the work of and trains lower-level DoIT Cybersecurity Systems Administrators or serves as a project lead or addresses the most complex tasks and escalated issues prior to engaging a higher-level IT manager or director. 

When functioning at the Lead level:

Assigns, reviews, and approves the work of lower-level DoIT Cybersecurity System Administrators. 

Trains lower-level DoIT Cybersecurity System Administrators;

When Functioning at the Advanced Level:

Serves as project lead or technical expert in one or more areas of design, installing, maintaining/repair, monitoring and problem solving of network functions and compatibility.

When Functioning at Both Levels:

Conducts functional and connectivity testing to ensure continuing operability.

Designs group policies and access control lists to ensure compatibility with organizational standards, business rules, and needs;

Develops and documents systems administration standard operating procedures;

Maintains baseline system security according to organizational policies;

Manages accounts, network rights, and access to systems and equipment;

Plans, executes, and verifies data redundancy and system recovery procedures;

Provides ongoing optimization and problem-solving support;

Installs, updates, and troubleshoots systems/servers;

Checks system hardware availability, functionality, integrity, and efficiency;

Conducts periodic system maintenance including cleaning (both physically and electronically), disk checks, routine reboots, data dumps, and testing;

Complies with organization systems administration standard operating procedures;

Implements and enforces local network usage policies and procedures;

Manages system/server resources including performance, capacity, availability, serviceability, and recoverability;

Monitors and maintains system/server configuration;

Oversees installation, implementation, configuration, and support of system components;

Diagnoses faulty system/server hardware;

Performs repairs on faulty system/server hardware;

Troubleshoots hardware/software interface and interoperability problems;

Performs other related duties.

Knowledge of computer networking concepts and protocols, and network security methodologies; Knowledge of risk management processes (e.g., methods for assessing and mitigating risk); Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy; Knowledge of cybersecurity and privacy principles; Knowledge of cyber threats and vulnerabilities; Knowledge of specific operational impacts of cybersecurity lapses; Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption); Knowledge of local area and wide area networking principles and concepts including bandwidth management; Knowledge of measures or indicators of system performance and availability; Knowledge of performance tuning tools and techniques; Knowledge of server and client operating systems; Knowledge of systems administration concepts; Knowledge of the enterprise information technology (IT) architecture; Knowledge of the type and frequency of routine hardware maintenance; Knowledge of Virtual Private Network (VPN) security; Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]); Knowledge of virtualization technologies and virtual machine development and maintenance; Knowledge of organizational information technology (IT) user security policies (e.g., account creation, password rules, access control); Knowledge of system administration, network, and operating system hardening techniques; Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth); Knowledge of Personally Identifiable Information (PII) data security standards; Knowledge of Payment Card Industry (PCI) data security standards; Knowledge of Personal Health Information (PHI) data security standards; Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly; Knowledge of systems engineering theories, concepts, and methods; Knowledge of system/server diagnostic tools and fault identification techniques; Knowledge of operating system command-line tools; Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services; Knowledge of principles and methods for integrating system components.

Skill in configuring and optimizing software; Skill in diagnosing connectivity problems; Skill in maintaining directory services. (e.g., Microsoft Active Directory, LDAP, etc.); Skill in using virtual machines. (e.g., Microsoft Hyper-V, VMWare vSphere, Citrix XenDesktop/Server, Amazon Elastic Compute Cloud, etc.); Skill in configuring and utilizing software-based computer protection tools (e.g., software firewalls, antivirus software, anti-spyware); Skill in interfacing with customers; Skill in conducting system/server planning, management, and maintenance; Skill in correcting physical and technical problems that impact system/server performance; Skill in troubleshooting failed system components (i.e., servers); Skill in identifying and anticipating system/server performance, availability, capacity, or configuration problems; Skill in installing system and component upgrades. (i.e., servers, appliances, network devices); Skill in monitoring and optimizing system/server performance; Skill in recovering failed systems/servers. (e.g., recovery software, failover clusters, replication, etc.); Skill in operating system administration. (e.g., account maintenance, data backups, maintain system performance, install and configure new hardware/software).

Ability to conduct a comprehensive assessment of the management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine the effectiveness of the controls (i.e., the extent to which the security controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system); Ability to ensure that functional and security requirements are appropriately addressed in a contract and that the contractor meets the functional and security requirements as stated in the contract.

Experience: Fourteen years of experience in an IT position with primary responsibility that includes network management, server management, or security operations.  At least one year of specialized experience managing specific security tools and systems.

Notes:

1. Candidates may substitute a bachelor’s degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field for up to four years of the required experience.

2. Candidates may substitute the “Education” requirement listed above, for a High School Diploma or possession of a High School Equivalency certificate and two additional years of experience as described above.

3. Candidates may substitute the “Experience” requirement listed above for a graduate level degree in Computer science, cybersecurity, information technology, software engineering, information systems, and computer engineering or related field.

Must have an Information Assurance Architecture and Engineering (IASAE) level 3 certification as described on the Maryland Department of Information Technology website.

Employees in this classification may be subject to call-in 24 hours a day and, therefore, may be required to provide the employing agency with a telephone number where the employee can be reached. Employees may be furnished with a pager or cell phone.

Applicants for this classification may handle sensitive data. This will require a full scope background investigation prior to appointment. A criminal conviction may be grounds for rejection of the applicant.

Employees may occasionally be required to travel to field locations and must have access to an automobile in the event a state vehicle cannot be provided. Standard mileage allowance will be paid for use of a privately owned vehicle.

Class Descriptions are broad descriptions covering groups of positions used by various State departments and agencies.  Position descriptions maintained by the using department or agency specifically address the essential job functions of each position. 

This is a Skilled Service classification in the State Personnel Management System. All positions in this classification are Skilled Service positions. Some positions in Skilled Service classifications may be designated Special Appointment in accordance with the State Personnel and Pensions Article, Section 6-405, Annotated Code of Maryland.

This classification is assigned to Bargaining Unit G, Engineering, Scientific and Administrative Professionals classes. As provided by the State Personnel and Pensions Article, Section 3-102, special appointment, temporary, contractual, supervisory, managerial and confidential employees are excluded from collective bargaining. Additionally, certain executive branch agencies are exempt from collective bargaining and all positions in those agencies are excluded from collective bargaining.

July 1, 2021

Director, Division of Classification and Salary