Managed Security Provider Services

The Maryland-based government authority in Annapolis is seeking a managed security service provider to strengthen its cybersecurity operations, engineering capabilities, and enterprise risk management. The agency aims to establish a centralized security department that eliminates security gaps, improves cyber hygiene, and defines clear roles and responsibilities. By enforcing proper separations of duties, the agency intends to strengthen its overall governance and protect its critical systems and data. The scope of work requires the provider to deliver application security services, including vulnerability assessments, secure code reviews, and architecture analysis. The selected provider must integrate security practices into the software development life cycle and offer remediation guidance and training to development teams. Additionally, the project covers technology risk management through system, network, and application risk assessments, control evaluations, and the delivery of risk registers mapped to enterprise risk tolerance. Eligible bidders must be onshore organizations based entirely in the United States. The agency requires all project work to be performed offsite, and bidders must submit their proposals digitally via email or an online portal. While the agency is looking for competitive budget proposals, it has established a contract period of two years for these services. The agency will host a pre-bid meeting on May 14, 2026, to discuss the opportunity. Bidders must submit any questions regarding the procurement no later than June 26, 2026.