State of Maryland logo

Critical Infrastructure Cybersecurity Engineer/Architect

State of Maryland
3 days ago
Full-time
On-site
Anne Arundel, Maryland, United States
$73.06 - $75.92 USD hourly
Cybersecurity & InfoSec

Introduction

The Department of Information Technology (DoIT) provides support to state agencies, the Executive Office of the Governor, the Governor’s coordinating offices, and a variety of independent agencies within the Executive Branch.

Striving to provide the highest level of customer service to its internal and external customers, DoIT supports Maryland’s agencies and commissions through its leadership and strategic direction for Information Technology and Telecommunications, establishing a long range, target technology architecture, encouraging cross agency collaboration and advocating best practices for operations and project management.


***This is a contractual position, with limited benefits***

GRADE

STD 0025

LOCATION OF POSITION

100 Community Place
Crownsville, Maryland  21032

POSITION DUTIES

The Critical Infrastructure Cybersecurity Engineer/Architect serves a statewide role, responsible for strengthening cybersecurity collaboration across Maryland’s critical infrastructure ecosystem. Enhancing cybersecurity posture and resilience across critical infrastructure within local units of government.

This position supports the Senior Director for State and Local Cybersecurity and works closely with the Director of Local Cybersecurity to coordinate cybersecurity initiatives that protect essential services operated by state agencies, local governments, utilities, and private sector partners.

The position focuses on building partnerships, coordinating cybersecurity preparedness efforts, and facilitating the development of guidance and resources that support critical infrastructure operators across the state. The role emphasizes program coordination, stakeholder engagement, and policy alignment rather than serving as the sole technical subject matter expert in operational technology.

Through collaboration with state agencies, local jurisdictions, utilities, and federal partners, this position helps ensure that Maryland’s critical infrastructure sectors maintain a coordinated, resilient, and risk-informed cybersecurity posture.

This position directly supports the State’s broader cybersecurity mission by promoting communication, coordination, and resource alignment among organizations responsible for delivering essential public services.


Job Duties 

Development and Implementation of Cybersecurity Standards 
  • Design and maintain comprehensive cybersecurity standards tailored to community water and sewerage systems, covering all OT/ICS components. 
  • Define technical requirements for secure system architecture, network segmentation, remote access, and incident response planning. 
  • Align standards with federal and industry frameworks (e.g., NIST SP 800-82, NIST CSF 2.0, IEC 62443, EPA guidance). 
  • Establish and periodically update minimum cybersecurity standards for community water and wastewater systems, ensuring compliance with evolving threats and regulations. 
  • Collaborate with DoIT, PSC, and MDEM to align regulatory and technical expectations for critical infrastructure operators.   
  
Cybersecurity Training and Workforce Development 
  • Develop and maintain an approved statewide list of OT/ICS cybersecurity training programs for personnel responsible for water and wastewater operations. 
  • Vet and recommend training programs that emphasize threat awareness, secure operations, and incident response capabilities. 
  • Partner with local governments and utilities to ensure consistent statewide training adoption and knowledge transfer. 
  • Support the creation of a cyber workforce pipeline for operational technology through engagement with academic and professional training institutions.     

Incident Preparedness, Response, and Recovery 
  • Assist local jurisdictions and utilities in developing and maintaining cyber incident response and continuity plans. 
  • Lead or support tabletop and functional exercises simulating ransomware and OT system compromise scenarios. 
  • Establish procedures to ensure timely incident reporting to DoIT in accordance with state and federal guidance. 
  • Provide technical guidance and post-incident analysis to strengthen resilience and reduce repeat vulnerabilities. 
  • Coordinate lessons learned across jurisdictions to promote a unified statewide response capability.  
   
Technical Consultation and Vulnerability Management 
  • Conduct or support cyber risk assessments of OT networks and control systems to identify exploitable vulnerabilities. 
  • Design and recommend secure network architectures, segmentation strategies, and monitoring solutions.
  • Provide hands-on technical assistance to utilities and local entities for remediation planning and implementation. 
  • Support deployment of cybersecurity monitoring tools and integration with state-level situational awareness capabilities.

Collaboration and Stakeholder Engagement 
  • Collaborate closely with DoIT’s Office of Security Management, Maryland Public Service Commission, Maryland Department of Emergency Management, and other agencies to synchronize cybersecurity initiatives. 
  • Serve as a technical liaison between state and local governments, ensuring bidirectional communication and knowledge sharing. 
  • Build and maintain partnerships with utility operators, private-sector vendors, and federal agencies (e.g., EPA, DHS CISA) to align Maryland’s critical infrastructure protection strategies. 
  • Promote public-private collaboration to improve security culture, information sharing, and coordinated incident response across the critical infrastructure ecosystem. 
  • Represent DoIT at regional and national working groups, conferences, and technical forums related to OT/ICS cybersecurity.

MINIMUM QUALIFICATIONS

Education: A bachelor's degree from an accredited college or university in computer science, cybersecurity, engineering, or a related field.

Experience: Five (5) years of experience in cybersecurity with at least three (3) years of this experience being in one or more of the following critical infrastructure domains: Operational Technology (OT) or  Industrial Control Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) technology. 

Note: Additional years of cybersecurity or critical infrastructure experience may be substituted on a year-to-year basis for the required education.  

DESIRED OR PREFERRED QUALIFICATIONS

Preference may be given to applicants who possess one or more of the following preferred qualification(s). Include clear and specific information on your application regarding your qualifications.

  • Ability to develop and maintain cybersecurity standards, policies, and incident response plans.
  • Support in the following areas: cybersecurity solutions (including network, operating system (OS) and/or application-level support for systems), environment discovery, security documentation, cyber service delivery and/or migration, standard development, policies and procedures, guidance, and advice for securing critical infrastructure.
  • Risk assessments for critical infrastructure.
  • Ability to travel on an occasional basis to jurisdictions within Maryland.
  • Working experience with: 
NIST Cybersecurity Framework (CSF)
NIST SP 800-82
IEC 62443
CISA CPGs
or other relevant industry or regulatory standards 

SELECTION PROCESS

Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after this date. Successful candidates will be ranked as Best Qualified, Better Qualified, or Qualified and placed on the eligible (employment) list for at least one year.

EXAMINATION PROCESS

The assessment may consist of a rating of your education, training, and experience related to the requirements of the position. It is important that you provide complete and accurate information on your application. Please report all experience and education that is related to this position.

BENEFITS

Contractual employees who work 30 or more hours a week (or on average 130 hours per month) will be eligible for subsidized health benefit coverage for themselves and their dependents. View rates on the Department of Budget & Management website, State Employees, Health Benefits, Contractual/Variable rates.

Paid leave will accrue at a rate of one hour for every 30 hours worked.  

FURTHER INSTRUCTIONS

Online applications are highly recommended. However, if you are unable to apply online, the paper application and supplemental questionnaire may be submitted to: Department of Budget and Management, Recruitment and Examination Division, 301 W. Preston St., Baltimore, MD 21201.

Paper application materials must be received in our office by the closing date for the recruitment. No postmarks will be accepted.

For questions regarding this recruitment, please contact the DBM Recruitment and Examination Division at Application.Help@maryland.gov or 410-767-4850, MD TTY Relay Service 1-800-735-2258. 

We thank our Veterans for their service to our country. 

People with disabilities and bilingual candidates are encouraged to apply. As an equal opportunity employer, Maryland is committed to recruitment, retaining and promoting employees who are reflective of the State's diversity.