Title: Cybersecurity Expert (20 hours/wk)

Client: Department of Public Safety and Correctional Services (DPSCS)

DK Consulting Overview: Founded in May 2003, DK Consulting, LLC, a woman-owned small business, was formed to provide management and technology solutions based on industry best practices. DK Consulting, LLC works with multiple State, Federal, and Commercial customers, and our services range from providing customers with that one ‘critical resource’ to assuming responsibility for an entire IT project. We offer excellent benefits and provide exceptional employee management.

The client is seeking a highly experienced and motivated Senior Application Developer – Advanced Technology with deep expertise in cybersecurity architecture, application security, and security operations. This individual will play a key role in protecting critical infrastructure, ensuring compliance with security standards, and leading cybersecurity initiatives across DPSCS systems and platforms.

This position is ideal for a cybersecurity expert who has hands-on experience with modern security technologies, frameworks, and tools—including Splunk, cloud security (AWS, Azure, GCP), and DevSecOps practices—and is eager to architect and implement scalable security solutions in a highly regulated environment.

Interview mode: In-person

Location: 6776 Reisterstown Rd #309. Baltimore, Maryland 21215

Key Responsibilities:

Cybersecurity Architecture & Strategy

• Design, implement, and maintain security architecture for DPSCS applications, systems, and networks.
• Evaluate and recommend security controls aligned with NIST 800-53, CSF 2.0, MITRE ATT&CK, and CIS controls.
• Develop, document, and enforce best practices for security in cloud, on-premises, and hybrid environments.

Security Engineering & Monitoring

• Lead the integration of Splunk with various platforms (e.g., firewalls, EDR, vulnerability scanners) for enterprise-wide security monitoring and analytics.
• Plan, maintain, and optimize large-scale Splunk deployments to support SOC and threat detection efforts.
• Conduct penetration tests, vulnerability assessments, and root cause analyses using automated and manual methods.

Application Security & DevSecOps

• Integrate security practices into the software development lifecycle (SDLC) and CI/CD pipelines.
• Implement security testing tools and processes to secure internally developed and third-party applications.
• Collaborate with developers to remediate vulnerabilities and improve application security posture.

Incident Response & Threat Intelligence

• Support incident response (IR) activities and post-incident reviews using insights from Splunk and other platforms.
• Reconstruct timelines and conduct forensic analysis of complex security events.
• Act as a primary escalation point for cybersecurity incidents and mentor junior analysts in response protocols.

Governance, Risk, and Compliance

• Ensure systems and processes meet PCI-DSS, HIPAA, FISMA, or other applicable regulatory and compliance standards.
• Support audits and security assessments across various business units.
• Create reports, dashboards, and documentation for internal and external stakeholders.

Required Qualifications:

• Education: Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, or a related field.
• Certifications
  • CISSP (Certified Information Systems Security Professional) – Required
  • CISM, CSSLP, Security+, or TOGAF – Strongly Preferred
  • Cloud and scripting certifications a plus (e.g., AWS Security, Azure Security Engineer)
• Experience:
  • 7 - 10 years of IT and cybersecurity experience, with 3–5 years in a cybersecurity architect or senior engineering role.
  • Prior government or public sector experience.
• Deep understanding of network, endpoint, application, and cloud security.
• Experience with security frameworks like NIST, MITRE ATT&CK, ISO 27001, and CIS.
• Hands-on experience with Splunk, SIEM integration, API development, and custom security tooling.
• Proficiency in Python, PowerShell, or similar scripting languages for security automation.
• Familiarity with DevSecOps tools, methodologies, and secure SDLC principles.
• Knowledge of security protocols and technologies including IPSec, SSL, VPN, GRE over IPsec, etc.

*No Visa restrictions*