Critical Infrastructure Security Engineer
State of Maryland
Full-time
On-site
Anne Arundel, Maryland, United States
$73.06 - $75.92 USD hourly
Cybersecurity
Introduction
The Department of Information Technology (DoIT) provides support to state agencies, the Executive Office of the Governor, the Governor’s coordinating offices, and a variety of independent agencies within the Executive Branch.
Striving to provide the highest level of customer service to its internal and external customers, DoIT supports Maryland’s agencies and commissions through its leadership and strategic direction for Information Technology and Telecommunications, establishing a long range, target technology architecture, encouraging cross agency collaboration and advocating best practices for operations and project management.
The Department of Information Technology is seeking a Critical Infrastructure Security Engineer.
***This is a contractual position, with limited benefits***
GRADE
STD 0025
LOCATION OF POSITION
100 Community Place
Crownsville, Maryland 21032
POSITION DUTIES
The Critical Infrastructure Security Engineer serves as a technical authority and advisor within the Maryland Department of Information Technology, supporting the Director of Local Cybersecurity and advancing the State’s mission to protect and secure critical infrastructure. The Engineer supports the Local Cybersecurity Program by leading the design, development, and implementation of Operational Technology and Industrial Control System cybersecurity standards, controls, and monitoring strategies for high-value, mission-critical sectors, with an initial focus on water and wastewater utilities. The Engineer works directly with local government leaders, public utilities, engineers, and IT and OT professionals to identify vulnerabilities, assess cyber risk, and drive risk-reduction measures aligned with NIST, EPA, CISA, and related federal guidance.
The Engineer strengthens statewide cyber resilience by helping jurisdictions design secure network architectures, build incident response and continuity-of-operations plans, and deploy real-time monitoring tools, while shaping state policy and guidance for critical infrastructure protection. The Engineer supports statewide minimum OT cybersecurity standards aligned with NIST SP 800-82, NIST CSF 2.0, and IEC 62443, and ties this work into broader risk management and compliance efforts. In partnership with the Maryland Department of Emergency Management, the Public Service Commission, and federal partners such as CISA and the EPA, the Engineer coordinates interagency efforts to prevent, detect, and respond to incidents that threaten essential services, including incident reporting protocols, technical workshops, and tabletop exercises. The Engineer bridges engineering, policy, and operations by translating complex cybersecurity principles into practical actions for operators of all sizes, supporting service continuity, public safety, and statewide resilience against evolving threats.
***This is a contractual position, with limited benefits***
Roles and Responsibilities:
As a Critical Infrastructure Security Engineer, your mission is to enhance cybersecurity posture and resilience across critical infrastructure within local units of government.
Core responsibilities include:
1. Development and Implementation of Cybersecurity Standards
● Design and maintain comprehensive cybersecurity standards tailored to community water and sewerage systems, covering all OT/ICS components.
● Define technical requirements for secure system architecture, network segmentation, remote access, and incident response planning.
● Align standards with federal and industry frameworks (e.g., NIST SP 800-82, NIST CSF 2.0, IEC 62443, EPA guidance).
● Establish and periodically update minimum cybersecurity standards for community water and wastewater systems, ensuring compliance with evolving threats and regulations.
● Collaborate with DoIT, PSC, and MDEM to align regulatory and technical expectations for critical infrastructure operators.
2. Cybersecurity Training and Workforce Development
● Develop and maintain an approved statewide list of OT/ICS cybersecurity training programs for personnel responsible for water and wastewater operations.
● Vet and recommend training programs that emphasize threat awareness, secure operations, and incident response capabilities.
● Partner with local governments and utilities to ensure consistent statewide training adoption and knowledge transfer.
● Support the creation of a cyber workforce pipeline for operational technology through engagement with academic and professional training institutions.
3. Incident Preparedness, Response, and Recovery
● Assist local jurisdictions and utilities in developing and maintaining cyber incident response and continuity plans.
● Lead or support tabletop and functional exercises simulating ransomware and OT system compromise scenarios.
● Establish procedures to ensure timely incident reporting to DoIT in accordance with state and federal guidance.
● Provide technical guidance and post-incident analysis to strengthen resilience and reduce repeat vulnerabilities.
● Coordinate lessons learned across jurisdictions to promote a unified statewide response capability.
4. Technical Consultation and Vulnerability Management
● Conduct or support cyber risk assessments of OT networks and control systems to identify exploitable vulnerabilities.
● Design and recommend secure network architectures, segmentation strategies, and monitoring solutions.
● Provide hands-on technical assistance to utilities and local entities for remediation planning and implementation.
● Support deployment of cybersecurity monitoring tools and integration with state-level situational awareness capabilities.
5. Collaboration and Stakeholder Engagement
● Collaborate closely with DoIT’s Office of Security Management, Maryland Public Service Commission, Maryland Department of Emergency Management, and other agencies to synchronize cybersecurity initiatives.
● Serve as a technical liaison between state and local governments, ensuring bidirectional communication and knowledge sharing.
● Build and maintain partnerships with utility operators, private-sector vendors, and federal agencies (e.g., EPA, DHS CISA) to align Maryland’s critical infrastructure protection strategies.
● Promote public-private collaboration to improve security culture, information sharing, and coordinated incident response across the critical infrastructure ecosystem.
● Represent DoIT at regional and national working groups, conferences, and technical forums related to OT/ICS cybersecurity.
● Strong communication and documentation skills to communicate with a diverse range of stakeholders and effectively report findings.
MINIMUM QUALIFICATIONS
Five (5) years of experience in cybersecurity with at least two (2) years of experience in Operational Technology (OT) and Industrial Control Systems (ICS), or Supervisory Control and Data Acquisition (SCADA) technology.
DESIRED OR PREFERRED QUALIFICATIONS
Preference will be given to candidates who also have one or more of the following:
● Experience performing risk assessments for critical infrastructure.
● An ICS related certification, such as: (CAP, CCTS, GICSP, GCIP, CISSP, ISA/IEC62443, CEH)
● Experience with: NIST Cybersecurity Framework (CSF), NIST SP 800-82, IEC 62443, CISA CPGs, or other relevant industry or regulatory standards
● Experience with security monitoring in OT environments (SIEM, anomaly detection for ICS).
● Project management experience: Leading assessments, secure design initiatives, and incident response planning.
SELECTION PROCESS
Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment.
All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after this date.
Successful candidates will be placed on the eligible (employment) list for at least one year.
EXAMINATION PROCESS
The assessment may consist of a rating of your education, training, and experience related to the requirements of the position. It is important that you provide complete and accurate information on your application. Please report all experience and education that is related to this position.
BENEFITS
Benefits
Contractual employees who work 30 or more hours a week (or on average 130 hours per month) will be eligible for subsidized health benefit coverage for themselves and their dependents. View rates on the Department of Budget & Management website, State Employees, Health Benefits, Contractual/Variable rates.
Leave
Paid leave will accrue at a rate of one hour for every 30 hours worked.
FURTHER INSTRUCTIONS
Online applications are highly recommended. However, if you are unable to apply online, the paper application and supplemental questionnaire may be submitted to: Department of Budget and Management, Recruitment and Examination Division, 301 W. Preston St., Baltimore, MD 21201.
Paper application materials must be received in our office by the closing date for the recruitment. No postmarks will be accepted.
For questions regarding this recruitment, please contact the DBM Recruitment and Examination Division at Application.Help@maryland.gov or 410-767-4850, MD TTY Relay Service 1-800-735-2258.
We thank our Veterans for their service to our country.
People with disabilities and bilingual candidates are encouraged to apply. As an equal opportunity employer, Maryland is committed to recruitment, retaining and promoting employees who are reflective of the State's diversity.