What are the responsibilities and job description for the NCDHHS- PSO IT Security Specialist st position at Buzzclan?
NC DHHS - Privacy and Security Office (PSO) requiring services of an IT Security Architect to assist Child Welfare Information System (CWIS).
NC DHHS - Privacy and Security Office (PSO) requiring services of an IT Security Architecture to assist and assess the CWIS. -Strong understanding of securityprinciples, including secure coding practices, vulnerability management, threatmodeling, and risk assessment. Strong experience with containerization technologies such as Docker and container orchestration tools like Kubernetes (Redhat OpenShift preferred). Demonstrable experience on securing containerized environments and integrate security into container workflows. Understanding of regulatory compliance requirements (e.g., HIPAA, PCI DSS) and experience implementing controls to meet these requirements. In addition to these technical skills and experiences possessing relevant certifications such as certified Ethical Hacker (CEH), or AWS Certified Security Specialty in security and DevOps practices.Knowledgeable of OSI networking model. Hands-on experience with design and configuration of network security on layer 3, 4, and 7. Application of these in a data center environment is highly desired.
Required / Desired Skills
Skill
Required / Desired
Amount
of Experience
Risk Management - must be able to Identify gaps through risk management, and assist in the development of mitigation strategies.
Required
Years
Experience documenting vulnerability assessment results in a accurate, clear, actionable, and available way to appropriate personnel
Required
Years
Strong understanding of security principles, including secure coding practices, vulnerability management, threat modeling, and risk assessment.
Required
Years
Expertise in using Copado for Salesforce deployment automation and release management
Required
Years
Knowledge of common security frameworks such as OWASP Top 10 and CIS Benchmarks.
Required
Years
Experience using GitHub Actions for CI / CD pipelines and GitHub Security features like code scanning and secret scanning.
Required
Years
Understanding of regulatory compliance requirements (e.g., HIPAA, PCI DSS) and experience implementing controls to meet these requirements.
Required
Years
Industrial experience w / DevSecOps concept such as static code analysis, dependency bot, and container hardening. Experience with integration of these
Required
Years
Knowledgeable of OSI networking model. Hands-on experience with design and configuration of network security on layer 3, 4, and 7. Application of thes
Required
Years
Questions
Question
Question1
Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question2
Please list candidate's email address HERE that will be used when submitting E-RTR.
Question3
Please indicate how soon this candidate is available to start work. Vendors are encouraged to submit candidates that are available for the duration of the assignment.
Question4
Vendor must disclose to the agency if the candidate will be subcontracted at the time of submission. Do you accept this requirement?
Question5
Vendor must notify the agency if any portion of the requirements listed in this task order are to be outsourced to other countries. Do you accept this requirement?
Question6
Candidates submitted above the bill rate of - may not be considered. Do you accept this requirement?
