Job ID: NC-683355 (910690519)
Security Analyst (CEH/CISSP/GSEC/Security+) with IDS/IPS, SIEM, Antivirus, Network Traffic Analyzers, PCI-DSS, ISO, NIST, SABSA, TOGAF, OWASP, FISMA, HIPAA, IRS-1075, Tenable Nessus, IBM Qradar experience
Location: Raleigh, NC (NCDOT)
Duration: 12 months
***The candidate will be allowed to work remotely until all staff return to site. At that point the candidate will be required to come onsite.
***The candidate will need to use his or her own computer until he or she starts working onsite. When the candidate is working full time on site he or she will be given NCDOT equipment.
Progressive advanced experience as an IT information security professional working within an enterprise environment Required 5 Years
Hands-on experience implementing, administrating and operating technologies such as firewalls, IDS/IPS, SIEM, Antivirus, Network Traffic Analyzers Required 5 Years
Experience leading PCI-DSS annual assessment and evidence gathering, familiarity with PCI-DSS 3.2 or higher Required 2 Years
Experience leading risk assessments using industry standard frameworks such as ISO or NIST for complex IT projects and technologies Required 2 Years
Familiarity and practical experience with SABSA or TOGAF enterprise architecture frameworks and methodologies Highly desired
Advanced knowledge of regulatory compliance including, but not limited to: OWASP, ISO, NIST, FISMA, PCI-DSS, HIPAA and IRS-1075 Required 2 Years
CISSP, GSEC, CEH, Security+ or similar information security certification Required
SABSA or TOGAF certification Highly desired
Specific experience implementing, administrating or operating Tenable Nessus Highly desired
Specific experience implementing, administrating or operating IBM Qradar SIEM Highly desired
Experience consulting on information security and IT solutions for a state or federal agency. Required 2 Years
Experience developing, leading and executing information security incident response plans Required 2 Years
Experience developing and implementing information security policy, standards and procedures. Required 2 Years
Experience implementing and operating enterprise class data networking solutions Highly desired 2 Years
Experience implementing and operating enterprise class server and storage systems Highly desired 2 Years
Experience implementing and supporting systems within enterprise class data center environments Highly desired 2 Years
Advanced experience performing risk assessments against NIST 800-53 Required 2 Years
Experience consulting on information security and IT solutions for a state motor vehicles agency. Highly desired.
The NCDIT-Transportation Information Security Office requires a senior information security architect specializing in risk assessment and technical consultation, focusing on industry standard security, risk, and compliance, especially PCI-DSS and NIST.
***The candidate will be allowed to work remotely until all staff return to site. At that point the candidate will be required to come onsite.
***The candidate will need to use his or her own computer until he or she starts working onsite. When the candidate is working full time on site he or she will be given NCDOT equipment.
The NCDIT-Transportation Information Security Office (ISO) requires a senior information security architect analyst specializing in risk assessment and business technical consultation. This architect resource will consult on multiple projects to recommend security best practices, develop architectures and hardening guides, and review and evaluate solutions against relevant risk frameworks and regulations. This resource will provide information security policy, process, procedure and application consulting to the NCDIT-Transportation Information Security Office focusing on DMV program and project support. This position will be an NCDIT-Transportation Information Security Business Architect (ISBA) dedicated primarily to DMV projects, and will support some minor overflow project consulting for other Divisions and IT consulting. This resource will lead PCI-DSS compliance activities for NCDOT. This resource should possess senior information security technical skillsets as well as senior soft skills as this resource will interface with IT and business leaders across the agency. This resource should possess senior skillsets in preparing reports and presentations to senior management, program/project management and related staff on the recommendations, issues and status of any given IT information security aspect of a project or initiative. This resource must have extensive advanced information security practitioner experience with hands-on experience implementing and operating a suite of standard information security technologies such as but not limited to firewalls, IDS/IPS, SIEM and network traffic capture and analysis. The position will require extensive experience and knowledge of information security frameworks such as ISO 27001, NIST 800-53 and other standards such as PCI-DSS, FISMA, OWASP and federal law and NC General Statute. This position will benefit from familiarity and experience with IT architecture frameworks and methodologies such as SABSA and TOGAF.