Critical Infrastructure Cybersecurity Engineer/ Architect (DoIT Enterprise Architect)

## **Introduction**

The Department of Information Technology (DoIT) provides support to state agencies, the Executive Office of the Governor, the Governor’s coordinating offices, and a variety of independent agencies within the Executive Branch.

Striving to provide the highest level of customer service to its internal and external customers, DoIT supports Maryland’s agencies and commissions through its leadership and strategic direction for Information Technology and Telecommunications, establishing a long range, target technology architecture, encouraging cross agency collaboration and advocating best practices for operations and project management.

• *\*\*\*This is a contractual position, with limited benefits\*\*\***

## **GRADE**

STD 0025

## **LOCATION OF POSITION**

100 Community Place

Crownsville, Maryland 21032

## **POSITION DUTIES**

The Critical Infrastructure Cybersecurity Engineer/Architect serves a statewide role, responsible for strengthening cybersecurity collaboration across Maryland’s critical infrastructure ecosystem. Enhancing cybersecurity posture and resilience across critical infrastructure within local units of government.

This position supports the Senior Director for State and Local Cybersecurity and works closely with the Director of Local Cybersecurity to coordinate cybersecurity initiatives that protect essential services operated by state agencies, local governments, utilities, and private sector partners.

The position focuses on building partnerships, coordinating cybersecurity preparedness efforts, and facilitating the development of guidance and resources that support critical infrastructure operators across the state. The role emphasizes program coordination, stakeholder engagement, and policy alignment rather than serving as the sole technical subject matter expert in operational technology.

Through collaboration with state agencies, local jurisdictions, utilities, and federal partners, this position helps ensure that Maryland’s critical infrastructure sectors maintain a coordinated, resilient, and risk-informed cybersecurity posture.

This position directly supports the State’s broader cybersecurity mission by promoting communication, coordination, and resource alignment among organizations responsible for delivering essential public services.

• *Job Duties**
• *Development and Implementation of Cybersecurity Standards**
• Design and maintain comprehensive cybersecurity standards tailored to community water and sewerage systems, covering all OT/ICS components.
• Define technical requirements for secure system architecture, network segmentation, remote access, and incident response planning.
• Align standards with federal and industry frameworks (e.g., NIST SP 800-82, NIST CSF 2.0, IEC 62443, EPA guidance).
• Establish and periodically update minimum cybersecurity standards for community water and wastewater systems, ensuring compliance with evolving threats and regulations.
• Collaborate with DoIT, PSC, and MDEM to align regulatory and technical expectations for critical infrastructure operators.
• *Cybersecurity Training and Workforce Development**
• Develop and maintain an approved statewide list of OT/ICS cybersecurity training programs for personnel responsible for water and wastewater operations.
• Vet and recommend training programs that emphasize threat awareness, secure operations, and incident response capabilities.
• Partner with local governments and utilities to ensure consistent statewide training adoption and knowledge transfer.
• Support the creation of a cyber workforce pipeline for operational technology through engagement with academic and professional training institutions.
• *Incident Preparedness, Response, and Recovery**
• Assist local jurisdictions and utilities in developing and maintaining cyber incident response and continuity plans.
• Lead or support tabletop and functional exercises simulating ransomware and OT system compromise scenarios.
• Establish procedures to ensure timely incident reporting to DoIT in accordance with state and federal guidance.
• Provide technical guidance and post-incident analysis to strengthen resilience and reduce repeat vulnerabilities.
• Coordinate lessons learned across jurisdictions to promote a unified statewide response capability.
• *Technical Consultation and Vulnerability Management**
• Conduct or support cyber risk assessments of OT networks and control systems to identify exploitable vulnerabilities.
• Design and recommend secure network architectures, segmentation strategies, and monitoring solutions.
• Provide hands-on technical assistance to utilities and local entities for remediation planning and implementation.
• Support deployment of cybersecurity monitoring tools and i