Job ID: NC-677290 (913090506)
Cloud Security Analyst/Director (CCSP/CISA/CISSP) with AWS/Azure/GCP, NIST, HIPAA, Soc2 Type2, FedRamp, HITRUST, OWASP Top 10, and testing experience
Location: Raleigh NC (DHHS)
Duration: 12 months
Positions: 1 (1/2)
Skill Required / Desired Amount of Experience
CISSP / CISA / CCSP / Any security specialty certification on one of the leading cloud platforms (AWS/Azure/GCP) Required
Performing the security assessments using NIST 800-53 r4 security controlP Required 5 Years
HIPAA Privacy & Security compliance Required 3 Years
Experience reviewing Soc2 Type2, FedRamp, HITRUST compliance reports Required 3 Years
Knowledge of cloud native security services provided by the AWS/Azure/GCP cloud platforms Required
Experience in performing the network, web and database security assessments. Required
Familiar with the tools and techniques to find and remediate OWASP TOP 10 vulnerabilities of web applications Required
Experience in performing penetration testing on the web applications deployed on the cloud platform Required
Must be able to demonstrate excellent program management, negotiation, communication and problem-solving skills. Responsible for working with both senior-level business executives and IT personnel to define and execute program requirements and manage stakeholder expectations. Strategically plan and manage initiatives consisting of program components that meet Departmental, State and other stakeholder expectations. Responsible for the leadership, direction and oversight of the project team(s) and of all vendor related activities tied to the program. Report to Sr. Executive Management. Authorize and manage internal and external relationships (agency, Federal, vendor, and other State agencies) and dependencies across initiative components to ensure successful delivery of the program. Responsible for establishing and executing adequate project management controls based on industry accepted methodologies and standards. These controls include the responsibility to monitor and control cost, schedule, performance and risk; to ensure quality and security; overall integration and issues resolution and to perform administrative functions.
• Experience in performing the security assessments using NIST 800-53 r4 security controls.
• Experience in implementing the controls for HIPAA Privacy & Security compliance.
• Experience in reviewing the Soc2 Type2, FedRamp, HITRUST compliance reports
• Proficient in using the vulnerability management tools and remediating those identified vulnerabilities.
• Experience in performing the network, web and database security assessments.
• Familiar with the tools and techniques to find and remediate OWASP TOP 10 vulnerabilities of the web applications.
• Experience in performing penetration testing on the web applications deployed on the cloud platform.
• Knowledge of cloud native security services provided by the AWS/Azure/GCP cloud platforms.
CISSP / CISA / CCSP / Any security specialty certification on one of the leading cloud platforms (AWS/Azure/GCP