Hourly
Information Technology
Contract
3-5 Years
BA/BS/Undergraduate
Job Description
Short Description:
The NC DHHS Privacy and Security Office (PSO) requires the services of a junior level IT Security Specialist to manage, assist and assess NCFAST compliance with CMS, USDA, ACF, North Carolina and DHHS requirements.
Complete Description:
The NC Department of Health and Human Services seeks a junior level IT Security Specialist to manage, assist and assess NCFAST compliance with CMS, USDA, ACF, State of NC and DHHS requirements. This resource must identify the risks and assist in the development of mitigation strategies, and to establish the privacy and security architecture using on prem and cloud infrastructures. Duties include developing familiarity with the security best practices in the cloud (AWS, Azure, GCP,Oracle etc.), reviewing the Business Continuity Plan and Disaster Recovery Testing documents, researching Best Practices for reuse,and applying Federal rules, State IT Security, DHHS Privacy and Security policies and industry standards. This role must be familiar with the tools and frame works to support the Agile development process using DevSecOps and practice good analytical and creative problem solving skills to resolve day to day privacy and security incidents.
Job Requirements
Required / Desired Skills
Skill Required / Desired
Amount of Experience
Experience with risk management to identify gaps through risk management and assisting the development team in implementing mitigation strategies. Required 3 Years
Experience in NIST 800-53 and HIPAA assessment. Required 3 Years
Experience in implementing DevSecOps tools such as Fortify, CheckMarx, Contrast, Imperva. Required 3 Years
Experience in implementing the best practices for vulnerability manament using Qualys and Nessus. Required 3 Years
Hands-on experience conducting penetration testing on enterprise web applications using tools such as Burp Suite, Metasploit, Webinspect etc. Required 3 Years
Familiarity with privacy and security and best practices for deploying the the work loads on AWS, GCP and AZURE cloud platforms. Desired 3 Years
Familiarity with SOC2 Type 2, HITRUST and MARSE Desired 3 Years
Excellent written English and oral communications skills Required