Senior OT - IT Cyber Security Engineer

Position is available to work in a hybrid work from home capacity. The manager will discuss this in more detail at time of interview. Candidates will need to be local to the Hampton area. If not, they will need to relocate to the area to be considered for this role.

Our Company

More than a utility company, Unitil provides energy for life.

Our work helps keep homes comfortable, businesses thriving and communities connected. Unitil is an investor-owned public utility proudly serving Maine, Massachusetts and New Hampshire. We are dedicated to delivering energy to our customers safely and reliably.

Unitil is committed to creating an inclusive environment that welcomes and values the differences among all of our employees, customers, suppliers and the communities in which we live and conduct business. The continued success of Unitil is enhanced through initiatives that promote diversity and value our employees.

Take advantage of a comprehensive benefits package.

Unitil offers competitive salaries, a consumer-driven health plan, dental and vision coverage, flexible work, company-paid holidays, a, robust, highly competitive retirement plan and educational assistance.

- Note: Benefit offerings may differ between union and non-union employee groups

Position Purpose

Responsible for ensuring the security and integrity of our organization's operational technology infrastructure, including industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. This position will play a critical role in safeguarding our OT/IT environment from cyber threats and ensuring the continuous and safe operation of essential industrial processes. Additionally, this position will be responsible for OT asset inventory and vulnerability management for the company’s network assets including firewalls, switches, IoT devices which includes physical security systems, cameras, UPS devices, HVAC and lighting controls.

Key Responsibilities:

- Cybersecurity Assessment: Conduct security assessments and vulnerability assessments on IT/OT systems to identify potential weaknesses and threats.

- Incident Response: Develop and implement incident response plans specific to OT environments to detect and mitigate cyber incidents.

- Network Security: Design, implement, and maintain security measures for OT networks, including firewalls, intrusion detection systems, and access controls.

- Patch Management: Oversee patch management processes for OT systems, ensuring timely updates and minimal disruption to critical operations.

- Security Policies: Develop and enforce security policies and procedures for the OT environment, aligned with industry standards and regulatory requirements.

- Security Monitoring: Implement real-time monitoring solutions to detect anomalies and unauthorized access in OT networks and systems.

- Risk Assessment: Perform risk assessments and develop risk mitigation strategies for OT assets and processes.

- Compliance: Ensure compliance with relevant industry standards and regulations, such as NERC-CIP and CIS.

- Collaboration: Collaborate with cross-functional teams, including IT security, engineering, and operations, to align cybersecurity efforts with overall business objectives.

- Training and Awareness: Provide training and awareness programs for OT/IT staff to promote cybersecurity best practices.

- Vendor Management: Review/Monitor/Audit Vendors to confirm they follow Unitil standards which includes: Risk Assessment and Compliance. Periodically evaluate vendor for renew or offboarding.

- Asset Management: Develop and maintain a comprehensive asset inventory for network and IoT devices.

- Firmware and Lifecycle Management: Ensure that network and IoT devices are at current firmware and patch versions and work with IT Infrastructure to schedule replacement of end of life devices.

Principal Accountabilities

% of time

End Results

60%

Data Security

- Perform activities that ensure the security of IT and OT data, privacy, and record confidentiality.

- Participate in periodic risk assessments, and diagnose internal/external security, intrusion attempts, and cyber-crime response to ensure compliance with security standards

- Manage software to assess cyber risk, and facilitate the application of fixes, patches and updates. Coordinate with OT stakeholders the installation of manual patching of OT devices and servers.

- Manage OT malware and virus protection systems to ensure adequate endpoint security at all times.

- Coordinate and participate in efforts to ensure proper configuration of perimeter defense and incident response.

- Implement compliance activities with IT Policies, procedures and tests including the Written Information Security Program, Asset Management, Disaster Recovery, Change Management, Problem Management, and Security Plans.

- Participate in Unitil’s Cyber Incident Response activities and is a member of the CIRT team.

- Serve as project manager/lead within OT security projects.

- Development and maintenance of OT Vulnerability (Patching) Metrics.

- Recommendation of standards and procedures for hardening of OT devices and environments.

- Develop and administer focused security training to OT Staff.

20%

Compliance

- Assist in coordination of cyber drills, exercises and assessments with internal and external stakeholders.

- Identify security risks and exposures, and participate in response activities.

- Provide reporting needed for IT Control monitoring and responses to external audits, external penetration tests and vulnerability assessments. Fulfill audit requests by providing supporting evidence.

- Report on compliance activities related to IT NERC-CIP, CIS and other IT compliancy programs for the company.

- Follow IT policies and procedures to ensure the security of information assets against unauthorized or accidental modification, destruction, or disclosure. Work with Application/Asset Owners to obtain proper documentation for system/application changes.

- Promote awareness of applicable regulatory standards, upstream risks and industry best practices.

15%

Identity, Credential & Access Management

- Work with Application/Asset Owners to define critical security groups and process for maintaining ‘least privileged’ access to systems

5%

Assist the Cyber Security Operations Manager, and other Subject Matter Experts in the evaluation and implementation of tools, policies and configurations to improve data security and business controls specific to the OT environment. Research new technologies that will assist in attaining these goals.

Qualifications

- Bachelor's degree in Cybersecurity, Information Technology, or a related field (Master's degree preferred).

- CISSP or Equivalent Certification is preferred.

- 7-10 years IT security or information security experience.

- Proven ability to engage with Senior Management and regulators.

- Proven experience in OT cybersecurity, with a strong understanding of industrial control systems and SCADA systems.

- Proficiency in OT protocols and technologies, including Modbus, DNP3, OPC, etc.

- Knowledge of relevant cybersecurity standards and regulations, such as NIST Cybersecurity Framework, CIS and NERC-CIP

- Experience with IPS/IDS, network monitoring and SIEM/SOAR technologies.

- Knowledge and related experience in OT security issues and techniques.

- Effective communication skills, focusing on presentation of technical information.

- Strong analytical skills and attention to detail.

- Advanced technical degree and/or Security Certifications preferred.

Unitil is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.

Last updated: 09/10/2025