Job ID: NC-682648 (97790120)
Hybrid Security Analyst with NIST, HIPAA, DevSecOps, Fortify, CheckMarx, Contrast, Imperva, Qualys, Nessus, penetration testing, Burp, Metasploit, Webinspect, AWS/GCP/AZURE, SOC2, HITRUST, MARSE, DR, Business Continuity Plan, Agile experience
Location: Raleigh NC (DHHS)
Duration: 12 months
Positions: 1 (3)
This position may be required to work Weekend and nights if needed
SkillRequired / DesiredAmountof Experience
Experience with risk management to identify gaps through risk management and assisting the development team in implementing mitigation strategies.Required3Years
Experience in NIST 800-53 and HIPAA assessment.Required3Years
Experience in implementing DevSecOps tools such as Fortify, CheckMarx, Contrast, Imperva.Required3Years
Experience in implementing the best practices for vulnerability manament using Qualys and Nessus.Required3Years
Hands-on experience conducting penetration testing on enterprise web applications using tools such as Burp Suite, Metasploit, Webinspect etc.Required3Years
Familiarity with privacy and security and best practices for deploying the the work loads on AWS, GCP and AZURE cloud platforms.Desired3Years
Familiarity with SOC2 Type 2, HITRUST and MARSEDesired3Years
Excellent written English and oral communications skillsRequired
The NC Department of Health and Human Services seeks a junior level IT Security Specialist to manage, assist and assess NCFAST compliance with CMS, USDA, ACF, State of NC and DHHS requirements. This resource must identify the risks and assist in the development of mitigation strategies, and to establish the privacy and security architecture using on prem and cloud infrastructures. Duties include developing familiarity with the security best practices in the cloud (AWS, Azure, GCP,Oracle etc.), reviewing the Business Continuity Plan and Disaster Recovery Testing documents, researching Best Practices for reuse,and applying Federal rules, State IT Security, DHHS Privacy and Security policies and industry standards. This role must be familiar with the tools and frame works to support the Agile development process using DevSecOps and practice good analytical and creative problem solving skills to resolve day to day privacy and security incidents.