Skip to Main Content

Cybersecurity Defense Analyst


Recruitment #22-004476-0003


The Maryland State Retirement Agency is the administrator of the Maryland State Retirement and Pension System (“System”). The System is a defined benefit retirement system covering governmental employees within the State of Maryland. The System is a multi-employer, public employees’ defined benefit retirement system composed of twelve (12) separate retirement and pension systems with over 50 different rule sets.  The System has over 397,000 participants (customers), including 192,000 members who are actively employed and participating in the System, 165,000 payees who receive a monthly payment from the System, and 40,000 vested members who are no longer actively employed but have earned a benefit that will become payable at a future date.




120 E. Baltimore Street

Baltimore, MD 21202

Main Purpose of Job

This position provides senior technical knowledge and support in the Agency’s Information Systems Division – a team that enjoys a positive reputation for getting work accomplished. The incumbent provides specialized expertise in maintaining the efficient and secure operation of both on premise server-based and cloud-based information systems and for protecting the data assets generated by such systems. This is accomplished by installing, managing, and documenting the underlying software, security hardware devices, and communication subsystems to ensure risks such as unauthorized access, data corruption, or loss of confidentiality and data availability are avoided or mitigated. Responsible for documenting and executing the Agency disaster recovery plan and incident response plan.


Experience: Two years of experience maintaining and modifying operating systems for multipurpose, multi-tasking computers.




1. Candidates may substitute thirty credit hours from an accredited college or university in Computer Information Technology, Computer Science, Management Information Systems or other information technology related field to include course work in machine or assembler computer languages, and operating system and data communication technology for multipurpose multi-tasking computers for one year of the required experience.


2. Candidates may substitute experience operating multipurpose, multi-tasking computer systems; or scheduling, controlling input and output or maintaining a tape library to process data on multipurpose, multi-tasking computer systems; or converting data from project specifications by developing program code using third generation or other generally accepted computer programming languages; or designing, developing and maintaining communications networks on a year-for-year basis for a high school education.


3. Candidates may substitute the possession of a Bachelor's degree from an accredited college or university in Computer Information Technology, Computer Science, Management Information Systems or other information technology related field to include course work in machine or assembler computer languages, and operating system and data communication technology for multipurpose, multi-tasking computers and one year of experience maintaining and modifying operating systems for multipurpose, multi-tasking computers for the required experience.


4. Candidates may substitute U.S. Armed Forces military service experience as a commissioned officer in the Computer Systems Operations classifications or Computer Systems Operations specialty codes in the Information Technology field of work on a year-for-year basis for the required experience.


Applicants must possess the following selective qualification(s) to be considered. Include clear and specific information on your application regarding all qualifications. 


One year working experience in information systems data security.  This experience must be reflected in your application.



The ideal applicant should have the following experience:

  1. Skilled in the Cybersecurity discipline; knowledgeable in topics related to Internet security, troubleshooting advanced/complex interplay of malware at both the endpoint and network exposure points, experience with incident management and related tasks involving forensic evidence preservation and interpretation. 
  2. Experience with incident response and handling, intrusion detection systems, and monitoring/ identifying/mitigating threats from the generated system log events outputted from such system.
  3.  At least one year of experience with NextGen Internet firewalls; setup & configuration, building policies and troubleshooting complex traffic issues.
  4. At least one year of experience with Security Information Event Management (SIEM) systems; dashboard configuration, event correlation analysis and ability to build incident playbooks.
  5. At least one year of experience with database activity monitoring systems; setup monitoring rules, reporting and event interpretation
  6. At least one year of experience with Data Leak Protection (DLP) systems; configuration, policy building and reporting.
  7. Familiar with information security standards and guidelines (e.g., Cybersecurity Framework (CSF), FISMA, NIST, etc.).
  8. Certifications – CEH (Certified Ethical Hacker), CompTIA Security+, GIAC certifications (GISF, GSEC, GISP, etc.)
  9. Good interpersonal and technical writing skills.


Employees in this classification may be subject to call 24 hours a day and, therefore, may be required to provide the employing agency with a telephone number where the employee can be reached or will be furnished with a pager.


Please make sure that you provide sufficient information on your application to show that you meet the minimum for this recruitment.  All information concerning your qualifications must be submitted by the closing date.  We will not consider information submitted after this date. 

Successful candidates will be ranked as Best Qualified, Better Qualified, or Qualified and placed on the employment (eligible) list for at least one year.  This list will be used by the hiring agency to select employees.

For education obtained outside the U.S., a copy of the equivalent American education as determined by a foreign credential evaluation service must accompany the application.


Due to the confidential nature of the work, selected candidates must undergo and pass a background check.


The examination will consist of a rating of your education, training, and experience as presented on your application and as they relate to the requirements of the position.  You may be asked to complete a supplemental questionnaire.  The supplemental questionnaire may be used as part of the rating process.  Therefore, it is important that you provide complete and accurate information on your application.  Please report all experience and education that is related to this position.



The online application process is STRONGLY preferred.  If online access is not available, you may mail a paper application and supplemental questionnaire (if applicable) to:

DBM Recruitment & Examination Department

301 West Preston Street, Room 608

Baltimore, MD 21201

All mailed documents must include the applicant's name and the job number and must be received by the closing date.   Resumes will NOT be accepted in lieu of completing the application.

For questions regarding this recruitment, please contact the DBM Recruitment and Examination Division at or 410-767-4850, MD TTY Relay Service 1-800-735-2258.

TTY Users: call via Maryland Relay

As an equal opportunity employer, Maryland is committed to recruiting, retaining, and promoting employees who are reflective of the State’s diversity.  People with disabilities and bilingual candidates are encouraged to apply. 

We thank our Veterans for their service to our country and encourage them to apply.

Powered by JobAps