Job ID: NC-682648 (97790630)
Onsite Security/Cloud Architect with NIST, HIPAA, DevSecOps, Fortify, CheckMarx, Contrast, Imperva, Metasploit, Webinspect, AWS, GCP, AZURE, SOC2 Type 2, HITRUST and MARSE Experience
Location: Durham, NC DHHS
Duration: 12 months.
Skills :
Experience with risk management to identify gaps through risk management and assisting the development team in implementing mitigation strategies.Required3Years
Experience in NIST 800-53 and HIPAA assessment.Required3Years
Experience in implementing DevSecOps tools such as Fortify, CheckMarx, Contrast, Imperva.Required3Years
Experience in implementing the best practices for vulnerability manament using Qualys and Nessus.Required3Years
Hands-on experience conducting penetration testing on enterprise web applications using tools such as Burp Suite, Metasploit, Webinspect etc.Required3Years
Familiarity with privacy and security and best practices for deploying the the work loads on AWS, GCP and AZURE cloud platforms.Desired3Years
Familiarity with SOC2 Type 2, HITRUST and MARSEDesired3Years
Excellent written English and oral communications skillsRequired.
The NC DHHS Privacy and Security Office (PSO) requires the services of a junior level IT Security Specialist to manage, assist and assess NCFAST compliance with CMS, USDA, ACF, North Carolina and DHHS requirements.
The NC Department of Health and Human Services seeks a junior level IT Security Specialist to manage, assist and assess NCFAST compliance with CMS, USDA, ACF, State of NC and DHHS requirements. This resource must identify the risks and assist in the development of mitigation strategies, and to establish the privacy and security architecture using on prem and cloud infrastructures. Duties include developing familiarity with the security best practices in the cloud (AWS, Azure, GCP,Oracle etc.), reviewing the Business Continuity Plan and Disaster Recovery Testing documents, researching Best Practices for reuse,and applying Federal rules, State IT Security, DHHS Privacy and Security policies and industry standards. This role must be familiar with the tools and frame works to support the Agile development process using DevSecOps and practice good analytical and creative problem solving skills to resolve day to day privacy and security incidents.