​This is a full-time, Hybrid position at Foxhole Technology, supporting a State-level cybersecurity program in Maryland. The role is primarily focused on governance, risk, and compliance (GRC), specifically conducting maturity assessments and defining security requirements using the newly updated NIST CSF 2.0 framework.

• ​Location: Hybrid – Requires travel within the state of Maryland.
• ​Clearance: None required; must pass a Criminal Background Check.
• ​Experience Required: Minimum five (5) years defining security programs or processes.
• ​Education: BS Degree in a technical field.
• ​Primary Framework: NIST Cybersecurity Framework (CSF) 2.0.

​Key Responsibilities: Maturity and Compliance

​The Engineer will serve as a lead assessor, evaluating how various state organizations protect sensitive information and identifying gaps in their security posture.

• ​Cybersecurity Assessments: Conduct formal assessments to determine an organization’s cybersecurity maturity level.
• ​Policy Development: Define and develop security policies in accordance with NIST guidelines and industry best practices.
• ​Risk & Vulnerability Analysis: Perform risk assessments based on information flow and the sensitivity of data within the organization.
• ​Requirements Definition: Analyze and define technical security requirements for comprehensive information protection.
• ​Stakeholder Presentation: Present formal findings and actionable recommendations to leadership to improve the overall security posture.

​Minimum Requirements and Technical Proficiency

​Foxhole Technology is looking for an experienced practitioner who is deeply familiar with standardized IT security controls and state/federal reporting requirements.

• ​Experience: 5+ years protecting sensitive or classified information at a programmatic level.
• ​Technical Standards: Proficient in generally accepted IT security and control practices (e.g., ISO, COBIT, or similar NIST standards).
• ​NIST Expertise: Specialized knowledge in NIST CSF 2.0 documentation and the practical application of its subcategories and tiers.
• ​Mobility: Must be able to travel to various locations within Maryland as part of the assessment process.

​Why This Role is Unique

​This position is a direct bridge between technical auditing and high-level security strategy. Because it focuses on NIST CSF 2.0—which introduced the “Govern” function—you will be at the forefront of implementing the latest federal standards at a state level. It is an ideal role for an analyst transitioning into a more senior engineering or advisory capacity.