Job Location: Available to work Remote, Raleigh, NC.
Note: Child
Welfare Information System (CWIS) experience is required
Job
Description:
NC DHHS -
Privacy and Security Office (PSO) requiring services of an IT Security
Architecture to assist and assess the CWIS. -Strong understanding of
security principles, including secure coding practices, vulnerability
management, threat modeling, and risk assessment. Strong experience with
containerization technologies such as Docker and container orchestration tools
like Kubernetes (Redhat OpenShift preferred). Demonstrable experience on
securing containerized environments and integrate security into container
workflows. Understanding of regulatory compliance requirements (e.g., HIPAA,
PCI DSS) and experience implementing controls to meet these requirements. In
addition to these technical skills and experiences possessing relevant
certifications such as certified Ethical Hacker (CEH), or AWS Certified
Security Specialty in security and DevOps practices. Knowledgeable of OSI
networking model. Hands-on experience with design and configuration of network
security on layer 3, 4, and 7. Application of these in a data center
environment is highly desired
Skills
Set:
Skill | Required /Desired | Experience |
Risk Management - must be able to Identify gaps
through risk management, and assist in the development of mitigation
strategies | 7 years | |
Experience documenting vulnerability assessment
results in a accurate, clear, actionable, and available way to appropriate
personnel | 7 years | |
Strong
understanding of security principles, including secure coding practices,
vulnerability management, threat modeling, and risk assessment | 7 years | |
Expertise
in using Copado for Salesforce deployment automation and release management | 6 years | |
Knowledge of common security frameworks such as
OWASP Top 10 and CIS Benchmarks | 6 years | |
Experience
using GitHub Actions for CI/CD pipelines and GitHub Security features like
code scanning and secret scanning | 6 years | |
Understanding of regulatory compliance
requirements (e.g., HIPAA, PCI DSS) and experience implementing controls to
meet these requirements | 6 years | |
Industrial
experience w/ DevSecOps concept such as static code analysis, dependency bot,
and container hardening. Experience with integration of these | 6 years | |
Knowledgeable
of OSI networking model. Hands-on experience with design and configuration of
network security on layer 3, 4, and 7. Application of these | - |