- Hourly / - BiWeekly /
- Monthly / $102,170.00-$171,409.00 Yearly
MANAGEMENT
SERVICE BARGAINING UNIT: M
A Department of Information
Technology (DoIT) Cyber Defense Incident Responder Manager is the managerial
level of work in the Office of Security Management (OSM) and is tasked with
daily management of the Security Operations center, which includes providing
tasking a direct oversight of multiple groups within the unit. Additional
responsibilities include handling escalated security incidents and supporting
the investigation and remediation of these events, proactive threat hunting,
capability development, and operational continuous improvement. Positions in
this classification supervise lower-level DoIT Cyber Defense Incident
Responders.
Employees in this
classification receive managerial supervision from an Executive Cyber
Leadership Director.
Position placement in
this classification is determined by the Classification Job Evaluation Methodology.
The use of this method involves comparing the
assigned duties and responsibilities of a position to the job criteria found in
the Nature of Work and Examples of Work sections of a classification
specification.
The DoIT Cyber Defense Incident Responder Manager
differs from the DoIT Cyber Defense Incident Responder Ld/Adv in
that the DoIT Cyber Defense Incident Responder Ld/Adv
handles cases of a more complex nature or leads lower-level DoIT Cyber Defense Incident Responders while the DoIT Cyber
Defense Incident Responder Manager has supervisory responsibility for
lower-level DoIT Cyber Defense Incident Responders and is responsible for the
daily management of the Security Operations center.
Plans,
coordinates, supervises, and evaluates the work of DoIT Cyber Defense Incident
Responders and related support staff;
Supervises
subordinate staff involved with the management of the Security Operations
center, including handling escalated security incidents and supporting
investigation and remediation of these events, proactive threat hunting,
capability development, and operational continuous improvement;
Assigns
and reviews work for completeness, accuracy, the application of and compliance
with State and federal policy, procedures, laws, rules and regulations;
Plans
and controls workload to assure accuracy and compliance;
Analyzes
work to determine causes of errors, and recommends and implements corrective
actions, and policy and procedural changes when necessary;
Trains
staff in work management and technical areas of the work;
Coordinates
and provides expert technical support to enterprise-wide cyber defense
technicians to resolve cyber defense incidents;
Correlates
incident data to identify specific vulnerabilities and make recommendations
that enable expeditious remediation;
Performs
analysis of log files from a variety of sources (e.g., individual host logs,
network traffic logs, firewall logs, and intrusion detection system [IDS] logs)
to identify possible threats to network security;
Performs
cyber defense incident triage, to include determining scope, urgency, and
potential impact, identifying the specific vulnerability, and making
recommendations that enable expeditious remediation;
Performs
cyber defense trend analysis and reporting;
Performs
initial, forensically sound collection of images and inspect to discern
possible mitigation/remediation on enterprise systems;
Performs
real-time cyber defense incident handling (e.g., forensic collections,
intrusion correlation and tracking, threat analysis, and direct system
remediation) tasks to support deployable Incident Response Teams (IRTs);
Receives
and analyzes network alerts from various sources within the enterprise and
determine possible causes of such alerts;
Tracks
and documents cyber defense incidents from initial detection through final
resolution;
Writes
and publishes cyber defense techniques, guidance, and reports on incident
findings to appropriate constituencies;
Employs
approved defense-in-depth principles and practices (e.g., defense-in-multiple
places, layered defenses, security robustness);
Collects
intrusion artifacts (e.g., source code, malware, Trojans) and use discovered
data to enable mitigation of potential cyber defense incidents within the
enterprise;
Serves
as technical expert and liaison to law enforcement personnel and explain
incident details as required;
Coordinates
with intelligence analysts to correlate threat assessment data;
Writes
and publishes after action reviews;
Monitors
external data sources (e.g., cyber defense vendor sites, Computer Emergency
Response Teams, Security Focus) to maintain currency of cyber defense threat
condition and determine which security issues may have an impact on the
enterprise;
Coordinates
incident response functions;
Performs
other related duties.
Specific educational and
experience requirements are set by the agency based on the essential job
functions assigned to the position.
Class
Descriptions are broad descriptions covering groups of positions used by
various State departments and agencies. Position descriptions maintained
by the using department or agency specifically address the essential job
functions of each position.
Class
Descriptions provide information about the Nature of Work, Examples of
Work, General Requirements and Acknowledgements. The Required
Knowledge, Skills, and Abilities; Minimum Education and Experience
Requirements; Special Requirements; and recruitment and testing procedures are
set by the using agency.
This is a
Management Service classification in the State Personnel Management
System. All positions in this classification are Management Service
positions.
This
classification is not assigned to a bargaining unit, as indicated by the
designation of S (Supervisor), M (Manager), T (Agency Head), U (Board or
Commission Member), W (Student), X (Used by Agency or Excluded by
Executive Order), or Z (Confidential). As provided by State Personnel and
Pensions Article, Section 3-102, special appointment, temporary,
contractual, supervisory, managerial and confidential employees are
excluded collective bargaining. Additionally, certain executive
branch agencies are exempt from collective bargaining and all positions in
those agencies are excluded from collective bargaining.