Adversary Emulation Manager

The Department of Information Technology (DoIT) leads the State in the creation and implementation of information technology solutions that improve IT infrastructure and government services and keep Maryland current within IT industry trends.

STD 0024

Dept. of Information Technology (DoIT)

The Adversary Emulation Manager serves as the focal point and manager of all proactive testing across the State to include penetration testing, red team activities, purple team activities, vulnerability disclosure, and adversary emulation. The Adversary Emulation Manager will develop and provide governance and oversight of the state Adversary Emulation Program. The role will be responsible for developing the standards of technical assessments conducted across the State, overseeing the scheduling and planning of testing, and ensuring test coverage across the State on a regular basis, including coordination with state agency IT and cybersecurity leadership. The Adversary Emulation Manager will define the Adversary Emulation Program, document all aspects of the program, and manage the delivery of services across the State. This role will work jointly with leaders across DoIT, OSM, and the Cyber Resilience portfolio to ensure that results of testing and lessons learned are incorporated into the State’s defensive cyber posture. The role will also support incident response in complex and unique events that might indicate the presence of a threat actor within State systems, networks, or applications (i.e. networkMaryland).

This role aligns with the mission of DoIT and the Office of Security Management to ensure the security of the State’s information networks. This role is responsible for identifying complex vulnerabilities, system deficiencies, misconfigurations, and security gaps that adversaries might take advantage of, and ensuring that defensive operators have the information and tools required to mitigate these vulnerabilities.

***This is a management service position which serves at the pleasure of the appointing authority***

Job Duties

Design and document the State Adversary Emulation Program. Develop policies, standards, guidelines, processes, and procedures for the Program.

Direct the scheduling and scoping of engagements, direct and provide oversight of technical assessments across State government entities. Coordinate engagements with DoIT and Executive Branch Agency leadership. Prepare associated reports for operational staff and Executive leadership. Develop remediation guidance for assessment findings.

Serve as the subject matter expert for adversary emulation activities, including tactics, techniques, and procedures (TTP) of malicious cyber adversaries, tools used to attack IT systems, and frameworks categorizing cyber-attacks (i.e. MITRE ATT&CK).

Direct the planning and execution of training exercises for DoIT, OSM, and Cyber Resilience to develop personnel expertise in common attack techniques and drill response processes.

Direct the research of vulnerabilities, novel attack and exploitation techniques, and exploitation trends and share insight with Cyber Resilience portfolio to drive improvements in threat intelligence, incident detection, and incident response processes.

Respond as part of the cyber incident response team to events as the subject matter expert on attack and exploitation. Provide SME guidance to incident responders to assist with mitigation of cyber-attacks.

Four years’ experience conducting three or more of the following types of penetration testing or technical assessments: network (external & internal), cloud, web application, mobile, embedded device, OT / ICS / SCADA, social engineering, red team, purple team, or physical security assessments.

At least one year of the four years’ experience required should be in leading/managing penetration testing or technical assessments of the previously defined types.

Demonstrated proficiency in using a variety of penetration testing / technical assessment tools and techniques, knowledge of common vulnerabilities and weaknesses and corresponding remediating / mitigating controls, knowledge of threats, and knowledge of general IT concepts such as basic networking and Active Directory.

Experience performing threat analysis and modeling.

Experience managing teams of security professionals delivering technical services such as penetration testing, technical assessments, incident response, security monitoring, vulnerability assessments, or similar.

Experience in IT Operations roles such as helpdesk, infrastructure, or networking, or in Software Development roles. Relevant certifications such as OSCP, OSEP, OSWE, and similar are highly desirable. Certifications such as CEH, GPEN, CISSP, or similar will also be considered.

The assessment may consist of a rating of your education, training, and experience related to the requirements of the position. It is important that you provide complete and accurate information on your application. Please report all experience and education that is related to this position.

STATE OF MARYLAND BENEFITS

Online applications are highly recommended. However, if you are unable to apply online, the paper application and supplemental questionnaire may be submitted to: Department of Budget and Management, Recruitment and Examination Division, 301 W. Preston St., Baltimore, MD 21201. Paper application materials must be received in our office by the closing date for the recruitment. No postmarks will be accepted.

For questions regarding this recruitment, please contact the DBM Recruitment and Examination Division at Application.Help@maryland.gov or 410-767-4850, MD TTY Relay Service 1-800-735-2258.

We thank our Veterans for their service to our country.

People with disabilities and bilingual candidates are encouraged to apply.

As an equal opportunity employer, Maryland is committed to recruitment, retaining and promoting employees who are reflective of the State's diversity.