Job ID: NC-656611 (910690914)
Security Analyst with NIST 800-53, HIPAA, DevSecOps, Fortify, CheckMarx, Contrast, Imperva, Qualys, Nessus, Burp Suite, Metasploit, Webinspect, AWS, GCP, AZURE, SOC2 Type 2, HITRUST, MARSE, TOGAF and MITA experience
Location: Raleigh, NC (NCDHHS)
Duration: 12 months
Interview: Either Webcam Interview or In Person
Positions: 1 (1/1)
Skills:
Experience with risk management to identify gaps through risk management and assisting the development team in implementing mitigation strategies.Required7Years
Experience updating privacy and security policies based on gaps found through an assessment process.Required4Years
Experience in NIST 800-53 and HIPAA assessment.Required7Years
Experience in implementing DevSecOps tools such as Fortify, CheckMarx, Contrast, Imperva.Required3Years
Experience in implementing the best practices for vulnerability manament using Qualys and Nessus.Required4Years
Hands-on experience conducting penetration testing on enterprise web applications using tools such as Burp Suite, Metasploit, Webinspect etc.Required4Years
Hands-on experience implementing the privacy and security and best practices for deploying the the work loads on AWS, GCP and AZURE cloud platforms.Required3Years
Familiarity with SOC2 Type 2, HITRUST and MARSEDesired3Years
Excellent written English and oral communications skillsRequired
Knowledge of security architecture such as TOGAF and MITA.Required
Demonstrated analytical and creative problem solving skills.Required
The NC Department of Health and Human Services seeks a highly experienced IT Security Specialist to manage, assist and assess NCFAST compliance with CMS, USDA, ACF, State of NC and DHHS requirements. This resource must manage and review the RFP, MOU and MOA for privacy, security, Business Continuity Planning, and Disaster Recovery based on federal, state and department requirements. This resource must identify the risks and assist in the development of mitigation strategies, and establish the privacy and security architecture using on prem and cloud infrastructures. Hands on and security architecture experience including networking, IAM, IaC in at least one of AWS, Azure and GCP), defining and reviewing Privacy and Security/Information Assurance requirements (and dependencies), and defining and reviewing the Business Continuity Plan and Disaster Recovery Testing plans.•Application migration experience from on-premises to cloud IaaS, PaaS and SaaS models. Strong experience in Asset Management and Policy Compliance. Hands on experience developing a mature vulnerability management including asset management and threat protection. Experience with Policy Compliance requirements. Tasks also include researching Best Practices for reuse, applying Federal rules, State IT Security, DHHS Privacy and Security policies and industry standards, and defining the process to transition from the current architecture to the target architecture based on experience in implementing tools and frame works to support the Agile development process using DevSecOps. The ideal candidate will have experience working with current and emerging information security technologies, privacy and development methodologies and related Center for Medicaid and Medicare requirements (CMS). Bachelor’s degree in computer science, cloud certification, management information systems, or related field is preferred. Candidate must have security architecture knowledge like TOGAF and MITA, good analytical and creative problem solving skills and rely on experience and judgment to plan and accomplish goals. This role requires leadership skills to independently perform a variety of complicated tasks with a wide degree of creativity and latitude.