CRITICAL INFRASTRUCTURE SECURITY ENGINEER DoIT Enterprise Architect jobs in United States
cer-icon
Apply on Employer Site
company-logo

State of Maryland · 2 hours ago

CRITICAL INFRASTRUCTURE SECURITY ENGINEER DoIT Enterprise Architect

positionMaryland, United States
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp

The State of Maryland's Department of Information Technology is seeking a Critical Infrastructure Security Engineer to enhance cybersecurity posture across critical infrastructure. The role involves leading the design and implementation of cybersecurity standards for Operational Technology and Industrial Control Systems, while collaborating with local governments and utilities to strengthen statewide cyber resilience.

Government Administration

Responsibilities

Development and Implementation of Cybersecurity Standards
Design and maintain comprehensive cybersecurity standards tailored to community water and sewerage systems, covering all OT/ICS components
Define technical requirements for secure system architecture, network segmentation, remote access, and incident response planning
Align standards with federal and industry frameworks (e.g., NIST SP 800-82, NIST CSF 2.0, IEC 62443, EPA guidance)
Establish and periodically update minimum cybersecurity standards for community water and wastewater systems, ensuring compliance with evolving threats and regulations
Collaborate with DoIT, PSC, and MDEM to align regulatory and technical expectations for critical infrastructure operators
Cybersecurity Training and Workforce Development
Develop and maintain an approved statewide list of OT/ICS cybersecurity training programs for personnel responsible for water and wastewater operations
Vet and recommend training programs that emphasize threat awareness, secure operations, and incident response capabilities
Partner with local governments and utilities to ensure consistent statewide training adoption and knowledge transfer
Support the creation of a cyber workforce pipeline for operational technology through engagement with academic and professional training institutions
Incident Preparedness, Response, and Recovery
Assist local jurisdictions and utilities in developing and maintaining cyber incident response and continuity plans
Lead or support tabletop and functional exercises simulating ransomware and OT system compromise scenarios
Establish procedures to ensure timely incident reporting to DoIT in accordance with state and federal guidance
Provide technical guidance and post-incident analysis to strengthen resilience and reduce repeat vulnerabilities
Coordinate lessons learned across jurisdictions to promote a unified statewide response capability
Technical Consultation and Vulnerability Management
Conduct or support cyber risk assessments of OT networks and control systems to identify exploitable vulnerabilities
Design and recommend secure network architectures, segmentation strategies, and monitoring solutions
Provide hands-on technical assistance to utilities and local entities for remediation planning and implementation
Support deployment of cybersecurity monitoring tools and integration with state-level situational awareness capabilities
Collaboration and Stakeholder Engagement
Collaborate closely with DoIT’s Office of Security Management, Maryland Public Service Commission, Maryland Department of Emergency Management, and other agencies to synchronize cybersecurity initiatives
Serve as a technical liaison between state and local governments, ensuring bidirectional communication and knowledge sharing
Build and maintain partnerships with utility operators, private-sector vendors, and federal agencies (e.g., EPA, DHS CISA) to align Maryland’s critical infrastructure protection strategies
Promote public-private collaboration to improve security culture, information sharing, and coordinated incident response across the critical infrastructure ecosystem
Represent DoIT at regional and national working groups, conferences, and technical forums related to OT/ICS cybersecurity
Strong communication and documentation skills to communicate with a diverse range of stakeholders and effectively report findings

Qualification

Operational Technology (OT)Industrial Control Systems (ICS)Cybersecurity Standards DevelopmentRisk AssessmentsNIST Cybersecurity FrameworkIncident Response PlanningCybersecurity TrainingCommunication SkillsCollaboration SkillsDocumentation Skills

Required

Five (5) years of experience in cybersecurity with at least two (2) years of experience in Operational Technology (OT) and Industrial Control Systems (ICS), or Supervisory Control and Data Acquisition (SCADA) technology

Preferred

Experience performing risk assessments for critical infrastructure
An ICS related certification, such as: (CAP, CCTS, GICSP, GCIP, CISSP, ISA/IEC62443, CEH)
Experience with: NIST Cybersecurity Framework (CSF), NIST SP 800-82, IEC 62443, CISA CPGs, or other relevant industry or regulatory standards
Experience with security monitoring in OT environments (SIEM, anomaly detection for ICS)
Project management experience: Leading assessments, secure design initiatives, and incident response planning

Benefits

Subsidized health benefit coverage for themselves and their dependents
Paid leave will accrue at a rate of one hour for every 30 hours worked.

Company

State of Maryland

twitter
Glassdoor3.8
company-logo
Maryland is on the path to becoming the best state in the nation.
location
Baltimore, Maryland, US
people-size5001-10000 employees
web-link
https://jobapscloud.com/MD/

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Michael Piercy
Senior Advisor for Program Innovation to the Chief Technology Officer State of Maryland, MDTHINK
linkedin
leader-logo
Michele Thomas
Chief Technology Officer, State of Maryland
linkedin
Company data provided by crunchbase