What are the responsibilities and job description for the IT Security Specialist - HYBRID position at Chandra Technologies, Inc.?
Job Description
Job Description:
NC DHHS - Privacy and Security Office (PSO) is seeking an Information Technology (IT) professional with proven application security testing experience using tools such as BURP Suite, Fortify and manul testing.
Duties include, are not limited to:
- Experience with Security testing tools to implement the security framework in DevSecOps.
- Experience with application security testing tools such as BURP suite, Fortify and manual testing
- Familiar with application development frame work such as .net, java, spring boot
- Detailed understanding and strong skill set in operating and working with the Splunk toolset
- Experience in finding OWASP top 10 vulnerabilities and provide guidance to the application development team to remediate the identified vulnerabilities
- Experience in using vulnerability management tools such as Qualys and to work with stake holders to remediate the identified vulnerabilities in a timely manner. .
- Expertise with Linux, windows and Command-line interface
- Excellent troubleshooting skills and strong technical learning aptitude required.
- Experience in HIPAA Privacy & Security Risk Assessments
- Implement the security framework within the DevSecOps environment, leveraging security testing tools like BURP Suite, Fortify, and manual testing.
- Work with a variety of application development frameworks, including .NET, Java, Spring Boot, and others.
- Identify and assess OWASP top 10 vulnerabilities and provide guidance to the application development team for remediation.
- Utilize vulnerability management tools, such as Qualys, to identify and promptly address vulnerabilities while collaborating with stakeholders.
- Showcase expertise in operating systems such as Linux and Windows, as well as proficiency in Command-line interfaces.
- Possess excellent troubleshooting skills and a strong aptitude for technical learning.
- Conduct HIPAA Privacy & Security Risk Assessments to ensure compliance and data security.
Qualifications:
- Bachelor's degree in a relevant field (preferred).
- Industry-recognized IT security certifications (e.g., CISSP, CISM, CEH) are a plus.
- Proven experience in application security testing, vulnerability management, and incident response.
- Familiarity with healthcare data security regulations, including HIPAA.
- Strong communication skills and the ability to collaborate effectively with diverse teams.
- Analytical mindset and problem-solving abilities.
- Splunk certifications
Required Skills:
Risk Management - must be able to Identify gaps through risk management, and assist in the development of mitigation strategies. |
Experience updating privacy and security policies based on gaps found through an assessment process. |
Discover, evaluate, assess, systems, networks, and components through the use of vulnerability scanning and risk assessment method. |
Experience documenting vulnerability assessment results in a accurate, clear, actionable, and available way to appropriate personnel |
Must be able to review & assess projects and systems throughout all phases of their life cycle in an effort to identify Privacy org needs |
Must be able to serve as a knowledge base for organizations as it relates to compliance requirements and mitigation strategies. |
Experience Performing risk assessments based on NIST 800-53 Rev 4. ISO-27001, HIPAA, and IRS Pub 1075. |
Experience with network mapping and vulnerability scanning tools such as NESSUS and NMAP. |
