Hi Dear,
This is regarding an excellent job opportunity with my client...
Position: Security Specialist
Location: Durham, NC
Duration: 12 months
Either Webcam Interview or In Person
The NC DHHS Privacy and Security Office (PSO) requires the services of a highly experienced IT Security Specialist to manage, assist and assess NCFAST compliance with CMS, USDA, ACF, North Carolina and DHHS requirements.
The NC Department of Health and Human Services seeks a highly experienced IT Security Specialist to manage, assist and assess NCFAST compliance with CMS, USDA, ACF, State of NC and DHHS requirements.
· This resource must manage and review the RFP, MOU and MOA for privacy, security, Business Continuity Planning, and Disaster Recovery based on federal, state and department requirements.
This resource must identify the risks and assist in the development of mitigation strategies, and establish the privacy and security architecture using on prem and cloud infrastructures.
· Duties include providing guidance on implementing security best practices in the cloud (AWS, Azure, GCP,Oracle etc.), defining and reviewing Privacy and Security/Information Assurance requirements (and dependencies), and defining and reviewing the Business Continuity Plan and Disaster Recovery Testing plans.
· Tasks also include researching Best Practices for reuse, applying Federal rules, State IT Security, DHHS Privacy and Security policies and industry standards, and defining the process to transition from the current architecture to the target architecture based on experience in implementing tools and frame works to support the Agile development process using DevSecOps.
· The ideal candidate will have experience working with current and emerging information security technologies, privacy and development methodologies and related Center for Medicaid and Medicare requirements (CMS).
· Bachelor’s degree in computer science, cloud certification, management information systems, or related field is preferred.
· Candidate must have security architecture knowledge like TOGAF and MITA, good analytical and creative problem solving skills and rely on experience and judgment to plan and accomplish goals.
· This role requires leadership skills to independently perform a variety of complicated tasks with a wide degree of creativity and latitude.
Please send me your candidates updated resume and expected pay rate
Skills Matrix:
| Skill | Required / Desired | Amount | of Experience |
| Experience with risk management to identify gaps through risk management and assisting the development team in implementing mitigation strategies. | Required | 7 | Years |
| Experience updating privacy and security policies based on gaps found through an assessment process. | Required | 4 | Years |
| Experience in NIST 800-53 and HIPAA assessment. | Required | 7 | Years |
| Experience in implementing DevSecOps tools such as Fortify, CheckMarx, Contrast, Imperva. | Required | 3 | Years |
| Experience in implementing the best practices for vulnerability manament using Qualys and Nessus. | Required | 4 | Years |
| Hands-on experience conducting penetration testing on enterprise web applications using tools such as Burp Suite, Metasploit, Webinspect etc. | Required | 4 | Years |
| Hands-on experience implementing the privacy and security and best practices for deploying the the work loads on AWS, GCP and AZURE cloud platforms. | Required | 3 | Years |
| Familiarity with SOC2 Type 2, HITRUST and MARSE | Desired | 3 | Years |
| Excellent written English and oral communications skills | Required | | |
| Knowledge of security architecture such as TOGAF and MITA. | Required | | |
| Demonstrated analytical and creative problem solving skills. | Required |