Offer summary

Qualifications:

5+ years of experience in IT security and risk management., Strong understanding of security principles, secure coding practices, and vulnerability management., Experience with containerization technologies like Docker and Kubernetes., Relevant certifications such as Certified Ethical Hacker (CEH) or AWS Certified Security Specialty..

Key responsabilities:

Assess and assist in the security architecture of the Child Welfare Information System (CWIS).

Identify security gaps and develop mitigation strategies through risk management.

Document vulnerability assessment results clearly and accurately for appropriate personnel.

Implement security controls to meet regulatory compliance requirements such as HIPAA and PCI DSS.

Job description

Job Location: Available to work Remote, Raleigh, NC.

Note: Child Welfare Information System (CWIS) experience is required

Job Description:

NC DHHS - Privacy and Security Office (PSO) requiring services of an IT Security Architecture to assist and assess the CWIS. -Strong understanding of security principles, including secure coding practices, vulnerability management, threat modeling, and risk assessment. Strong experience with containerization technologies such as Docker and container orchestration tools like Kubernetes (Redhat OpenShift preferred). Demonstrable experience on securing containerized environments and integrate security into container workflows. Understanding of regulatory compliance requirements (e.g., HIPAA, PCI DSS) and experience implementing controls to meet these requirements. In addition to these technical skills and experiences possessing relevant certifications such as certified Ethical Hacker (CEH), or AWS Certified Security Specialty in security and DevOps practices. Knowledgeable of OSI networking model. Hands-on experience with design and configuration of network security on layer 3, 4, and 7. Application of these in a data center environment is highly desired

Requirements

Skills Set:

Skill	Required /Desired	Experience
Risk Management - must be able to Identify gaps through risk management, and assist in the development of mitigation strategies	Required	7 years
Experience documenting vulnerability assessment results in a accurate, clear, actionable, and available way to appropriate personnel	Required	7 years
Strong understanding of security principles, including secure coding practices, vulnerability management, threat modeling, and risk assessment	Required	7 years
Expertise in using Copado for Salesforce deployment automation and release management	Required	6 years
Knowledge of common security frameworks such as OWASP Top 10 and CIS Benchmarks	Required	6 years
Experience using GitHub Actions for CI/CD pipelines and GitHub Security features like code scanning and secret scanning	Required	6 years
Understanding of regulatory compliance requirements (e.g., HIPAA, PCI DSS) and experience implementing controls to meet these requirements	Required	6 years
Industrial experience w/ DevSecOps concept such as static code analysis, dependency bot, and container hardening. Experience with integration of these	Required	6 years
Knowledgeable of OSI networking model. Hands-on experience with design and configuration of network security on layer 3, 4, and 7. Application of these	Required	-