Critical Infrastructure Security Engineer

The Department of Information Technology (DoIT) provides support to state agencies, the Executive Office of the Governor, the Governor’s coordinating offices, and a variety of independent agencies within the Executive Branch. Striving to provide the highest level of customer service to its internal and external customers, DoIT supports Maryland’s agencies and commissions through its leadership and strategic direction for Information Technology and Telecommunications, establishing a long range, target technology architecture, encouraging cross agency collaboration and advocating best practices for operations and project management. The Department of Information Technology is seeking a Critical Infrastructure Security Engineer. This is a contractual position, with limited benefits The Critical Infrastructure Security Engineer serves as a technical authority and advisor within the Maryland Department of Information Technology, supporting the Director of Local Cybersecurity and advancing the State’s mission to protect and secure critical infrastructure. The Engineer supports the Local Cybersecurity Program by leading the design, development, and implementation of Operational Technology and Industrial Control System cybersecurity standards, controls, and monitoring strategies for high-value, mission-critical sectors, with an initial focus on water and wastewater utilities. The Engineer works directly with local government leaders, public utilities, engineers, and IT and OT professionals to identify vulnerabilities, assess cyber risk, and drive risk-reduction measures aligned with NIST, EPA, CISA, and related federal guidance. The Engineer strengthens statewide cyber resilience by helping jurisdictions design secure network architectures, build incident response and continuity-of-operations plans, and deploy real-time monitoring tools, while shaping state policy and guidance for critical infrastructure protection. The Engineer supports statewide minimum OT cybersecurity standards aligned with NIST SP 800-82, NIST CSF 2.0, and IEC 62443, and ties this work into broader risk management and compliance efforts. In partnership with the Maryland Department of Emergency Management, the Public Service Commission, and federal partners such as CISA and the EPA, the Engineer coordinates interagency efforts to prevent, detect, and respond to incidents that threaten essential services, including incident reporting protocols, technical workshops, and tabletop exercises. The Engineer bridges engineering, policy, and operations by translating complex cybersecurity principles into practical actions for operators of all sizes, supporting service continuity, public safety, and statewide resilience against evolving threats. This is a contractual position, with limited benefits