State of Maryland

SKILLED SERVICE         BARGAINING UNIT: G         

A Department of Information Technology (DoIT) Network Operations Specialist Lead/Advanced is the lead or advanced level of work in the Office of Security Management (OSM) and is tasked with day-to-day management of the firewalls and other network-based components that support security operations. Employees in this classification either assign, review, approve the work and train lower level DoIT Network Operations Specialists, or perform advanced level duties that include serve as a project lead or address the most complex tasks and escalated issues prior to engaging a higher-level IT manager or director.

Employees in this classification receive general supervision from the Director of Security Operations or another designated administrator.  Positions in this classification do not supervise.

Positions in this classification are evaluated using the Classification job evaluation methodology. The use of this method involves comparing the assigned duties and responsibilities of a position to the job criteria found in the Nature of Work and Examples of Work sections of a class specification.

This position may require work outside of regular business hours, and work in an on-call capacity.

The DoIT Network Operations Specialist I and the DoIT Network Operations Specialist II are differentiated on the basis of supervisory control exercised by the supervisor over these employees.  The DoIT Network Operations Specialist I performs a limited range of duties under moderate supervision and the DoIT Network Operations Specialist II performs the full range of duties under general supervision.  The DoIT Network Operations Specialist II differs from the DoIT Network Operations Specialist Lead/Advanced in that the DoIT Network Operations Specialist Lead/Advanced serves as a project lead or addresses the most complex tasks and escalated issues prior to engaging a higher-level IT manager or director or lead lower-level DoIT Network Operations Specialists.

When functioning at the Lead level:

Assigns, reviews, and approves the work of DoIT Network Operations Specialists;

Trains DoIT Network Operations Specialists.

When Functioning at the Advanced Level:

Serves as project lead or technical expert in:

Configuring and optimizing network hubs, routers, and switches (e.g., higher-level protocols, tunneling);

Implements new system design procedures, test procedures, and quality standards.

When Functioning at Both Levels:

Configures and optimizes network hubs, routers, and switches (e.g., higher-level protocols, tunneling);

Develops and implements network backup and recovery procedures.

Diagnoses network connectivity problems.

Implements new system design procedures, test procedures, and quality standards;

Installs and maintains network infrastructure device operating system software (e.g., IOS, firmware);

Installs or replaces network hubs, routers, and switches;

Integrates new systems into existing network architecture.

Monitors network capacity and performance;

Patches network vulnerabilities to ensure that information is safeguarded against outside parties;

Provides feedback on network requirements, including network architecture and infrastructure;

Tests and maintains network infrastructure including software and hardware devices;

Performs other related duties.

Knowledge of computer networking concepts and protocols, and network security methodologies; Knowledge of risk management processes (e.g., methods for assessing and mitigating risk); Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy; Knowledge of cybersecurity and privacy principles; Knowledge of cyber threats and vulnerabilities; Knowledge of specific operational impacts of cybersecurity lapses; Knowledge of communication methods, principles, and concepts that support the network infrastructure; Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware; Knowledge of organization's Local and Wide Area Network connections; Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data; Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption); Knowledge of local area and wide area networking principles and concepts including bandwidth management; Knowledge of measures or indicators of system performance and availability; Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]); Knowledge of remote access technology concepts; Knowledge of server administration and systems engineering theories, concepts, and methods; Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing); Knowledge of Virtual Private Network (VPN) security; Knowledge of concepts, terminology, and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless); Knowledge of network tools (e.g., ping, traceroute, nslookup); Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN); Knowledge of web filtering technologies; Knowledge of the capabilities of different electronic communication systems and methods (e.g., e-mail, VOIP, IM, web forums, Direct Video Broadcasts); Knowledge of the range of existing networks (e.g., PBX, LANs, WANs, WIFI, SCADA); Knowledge of Wi-Fi; Knowledge of Voice over IP (VoIP); Knowledge of the common attack vectors on the network layer; Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth); Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools; Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]); Knowledge of symmetric key rotation techniques and concepts; Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model); Knowledge of Personally Identifiable Information (PII) data security standards; Knowledge of Payment Card Industry (PCI) data security standards; Knowledge of Personal Health Information (PHI) data security standards; Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly; Knowledge of an organization's information classification program and procedures for information compromise; Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services; Knowledge of controls related to the use, processing, storage, and transmission of data.

Skill in analyzing network traffic capacity and performance characteristics; Skill in establishing a routing schema; Skill in implementing, maintaining, and improving established network security practices; Skill in installing, configuring, and troubleshooting LAN and WAN components such as routers, hubs, and switches; Skill in using network management tools to analyze network traffic patterns (e.g., simple network management protocol); Skill in securing network communications; Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters); Skill in configuring and utilizing network protection components (e.g., Firewalls, VPNs, network intrusion detection systems); Skill in implementing and testing network infrastructure contingency and recovery plans; Skill in sub-netting; Skill in configuring and utilizing computer protection components (e.g., hardware firewalls, servers, routers, as appropriate).

Ability to operate network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware; Ability to operate common network tools (e.g., ping, traceroute, nslookup); Ability to execute OS command line (e.g., ipconfig, netstat, dir, nbtstat); Ability to operate the organization's LAN/WAN pathways; Ability to monitor measures or indicators of system performance and availability; Ability to operate different electronic communication systems and methods (e.g., e-mail, VOIP, IM, web forums, Direct Video Broadcasts); Ability to monitor traffic flows across the network; Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).

Experience: Fourteen years of experience in information security and/or automated digital network systems (ADNS), which includes network management, server management, or security operations.

Notes:

1. Candidates may substitute the possession of a graduate degree in computer science, cybersecurity, information technology, software engineering, information systems, and computer engineering or related field from an accredited college or university and ten years of experience in information security and/or automated digital network systems (ADNS), which includes network management, server management, or security operations for the required experience.

2. Candidates may substitute the possession of a Ph. D degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field from an accredited college or university and eight years of experience in information security and/or automated digital network systems (ADNS), which includes network management, server management, or security operations for the required experience.

Must have an Information Assurance Architecture & Engineering certification (IASAE) level III or higher and a certification associated with the methodologies and processes as described on the Maryland Department of Information Technology website.

Employees in this classification may be subject to call-in 24 hours a day and, therefore, may be required to provide the employing agency with a telephone number where the employee can be reached. Employees may be furnished with a pager or cell phone.

Applicants for this classification may handle sensitive data. This will require a full scope background investigation prior to appointment. A criminal conviction may be grounds for rejection of the applicant.

Employees may occasionally be required to travel to field locations and must have access to an automobile in the event a state vehicle cannot be provided. Standard mileage allowance will be paid for use of a privately owned vehicle.

Class Descriptions are broad descriptions covering groups of positions used by various State departments and agencies.  Position descriptions maintained by the using department or agency specifically address the essential job functions of each position. 

This is a Skilled Service classification in the State Personnel Management System. All positions in this classification are Skilled Service positions. Some positions in Skilled Service classifications may be designated Special Appointment in accordance with the State Personnel and Pensions Article, Section 6-405, Annotated Code of Maryland.

This classification is assigned to Bargaining Unit G, Engineering, Scientific and Administrative Professionals classes. As provided by the State Personnel and Pensions Article, Section 3-102, special appointment, temporary, contractual, supervisory, managerial and confidential employees are excluded from collective bargaining. Additionally, certain executive branch agencies are exempt from collective bargaining and all positions in those agencies are excluded from collective bargaining.

July 1, 2021

Director, Division of Classification and Salary