Director of Cyber Resilience

The Office of Security Management within the Department of Information Technology (DoIT) provides State agencies with a common statewide strategy for secure, effective, and technically sound use of the State's information technology resources. The Office is responsible for the establishment of Security Policies, Security Guidance, Security Awareness, and management of the Statewide Security Operations Center (SOC); providing, detection, cyber threat, and incident response capabilities; and is a source of IT security information for State agencies.​

INDV 0018

Dept. of Information Technology

The Director of Cyber Resilience will oversee the Maryland Security Operations Center (MD-SOC), Cybersecurity Incident Response Team (CSIRT), Attack Emulation Program (AEP), threat hunting program, and cyber resiliency program for the State of Maryland. This individual will establish and align the state's cyber resilience services to industry best practices and standards.

Oversight and management of Maryland’s 24/7/365 Security Operations Center team (MD-SOC), Cybersecurity Incident Response Team (CSIRT), and Maryland Information Sharing and Analysis Center (MD-ISAC).

Establish and define the services provided by the state’s incident response team.

Review incident investigation, triage, and escalation processes and tickets

Develop and maintain incident response policies, guidelines, plans, and playbooks, including communications templates and escalation workflows.

Review and integrate cyber threat information into State cybersecurity operations and the MD-SOC

Develop and oversee the implementation of cyber threat information sharing procedures.

Ensure proper staffing and training for MD-SOC, MD-ISAC, AEP, and Threat Hunting teams.

Develop key performance indicators to measure MD-SOC, MD-ISAC, and incident response performance efficacy. 

 

Develop and execute an attack emulation program that integrates purple teaming tools and techniques.

Develop and execute a threat hunting program to execute periodic and continuous threat hunts. 

Develop a centralization strategy for adversary emulation.

Support a cyber resiliency center of excellence that provides Incident response, disaster recovery, and business continuity planning tools, resources, templates, and exercises to state units of government.

 

Lead Cyber Resilience Services for the State.

Direct the execution of tabletop exercises and establish communication lines between internal and external groups.

Serve as the CSIRT Incident Commander during cybersecurity incident response. 

Oversee the cyber continuity manager role and mass communications service.

Lead the technical conversations regarding cyber insurance and state-wide DFIR.

 

Modernize the State Cyber Resilience Program.

Evaluate and implement cyber resilience service capabilities such as a Security Information and Event Management (SIEM) service.

Propose alignment of Maryland, DoIT, and OSM functions and services to achieve a fusion center capability.

Coordinate staffing relationships between MDEM, MSP, National Guard, Maryland Universities, and the MD-SOC.

 

Lead Resilience Liaison Functions.

Provide reporting and investigation on complex incidents and issues to the State CISO and Secretary of DoIT.

Represent the State of Maryland and DoIT in events and conferences relating to cyber resilience.

Seek out and promote training and development opportunities in the areas of cyber resilience.

Education: A bachelor's degree in cybersecurity, information technology, business administration, or a related discipline is required for this position.

Experience: Five (5) years’ experience managing highly technical security, information technology, or incident response teams in a complex hybrid cloud environment supporting multiple sites. Three of the five years’ experience must be in leading and managing threat responses and continuity programs.

Preference will be given to candidates who have one or more of the following:

A high-level cybersecurity certification, such as a CISSP, CISM, CCISO or OSCP.

A privacy-related certification, such as a CIPP/US or CDPSE

A project management certification, such as a Project+, PMP, or CSM.

Experience managing security operation centers and multiple security teams.

Experience with cybersecurity policy, legislation, and regulatory practices.

Experience using one or more of the following platforms or tools ServiceNow, Everbridge, Archer, Fusion, Onspring, Splunk Anomali, Palo Alto, CrowdStrike, Tenable/Nessus.

Please make sure that you provide sufficient information on your application/resume to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after this date. Successful candidates will be placed on the eligible (employment) list for at least one year.

The assessment may consist of a rating of your education, training, and experience related to the requirements of the position. It is important that you provide complete and accurate information on your application. Please report all experience and education that is related to this position.

STATE OF MARYLAND BENEFITS

Online applications are highly recommended. However, if you are unable to apply online, the paper application and supplemental questionnaire may be submitted to: Department of Budget and Management, Recruitment and Examination Division, 301 W. Preston St., Baltimore, MD 21201. Paper application materials must be received in our office by the closing date for the recruitment. No postmarks will be accepted.

For questions regarding this recruitment, please contact the DBM Recruitment and Examination Division at Application.Help@maryland.gov or 410-767-4850, MD TTY Relay Service 1-800-735-2258.

We thank our Veterans for their service to our country.

People with disabilities and bilingual candidates are encouraged to apply.

As an equal opportunity employer, Maryland is committed to recruitment, retaining and promoting employees who are reflective of the State's diversity.

For education obtained outside the U.S., a copy of the equivalent American education as determined by a foreign credential evaluation service must be provided prior to hire.