IT Security & Compliance Specialist II

The State Of North Carolina
Raleigh, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate
Compensation
$ 117K

Job location

Raleigh, United States of America

Tech stack

API
Software Applications
Software System Penetration Testing
Automation of Tests
Burp Suite
Computer Security
DevOps
Information Security Management
Mobile Application Software
NMap
Secure Coding
Security Software
SQL Injection
Web Applications
Enterprise Software Applications
Sonatype
Veracode
Cross-Site Scripting (XSS)
Information Technology
Metasploit
Nessus
GraphQL
Checkmarx
REST
Devsecops
Static Application Security Testing
Vulnerability Analysis
Dynamic Application Security Testing

Job description

The Application Security Penetration tester is responsible for identifying, analyzing, and mitigating vulnerabilities in software applications and APIs throughout the development lifecycle. This role collaborates closely with development and infrastructure teams to integrate secure coding practices and ensure the security of application from design through deployment., The Application Penetration Tester is responsible to perform deep, manual and automated security assessments of NCDHHS applications. This role goes Beyond automated scanning- you will chain vulnerabilities, bypass controls, and emulate real adversary behavior across web apps, APIs, and mobile platforms., In collaboration with our partners, the North Carolina Department of Health and Human Services (DHHS) protects the health and safety of all North Carolinians and provides essential health and human services. The IT division (ITD) is one of the divisions that report to the Operational Excellence portfolio. The ITD division comprises four sections: Implementation and Operations, Strategy and Workforce, Enterprise Technology, and Vendor and Finance. ITD offers the following services but not limited to implementations, operations, project/portfolio management, infrastructure, consulting, business division liaison, digital transformation, IT strategy, enterprise technology, IT contract and vendor management, and data office services., * Degrees must be received from appropriately accredited institutions. Transcripts and degree evaluations may be uploaded with your application. The State of North Carolina/Office of State Human Resources uses the National Association of Credential Evaluation Services (NACES) as a referral resource for applicants who need to have their credentials certified as equivalent.

  • For a list of organizations that perform this specialized service, please visit the NACES membership website at https://www.naces.org/members .

Degree/College Credit Verification

Degrees must be received from appropriately accredited institutions. Transcripts, degree evaluations, and cover letters may be uploaded with your application.

Veterans' and National Guard Preference

  • Applicants seeking Veteran's Preference must attach a DD-214 Member-4 Form (Certificate of Release or Discharge from Active Duty) to their applications.
  • Applicants seeking National Guard Preference must attach an NGB 23A (RPAS), along with the state application, if they are a current member of the NC National Guard in good standing.
  • Applicants who are former members of either the NC Army National Guard or the NC Air National Guard, with honorable discharge and six years of creditable service, must attach a copy of the DD 256 or NGB 22, along with the state application.

ADA Accommodations

Consistent with the Americans with Disabilities Act (ADA) and the Pregnant Workers Fairness Act (PWFA), DHHS is committed to the full inclusion of all qualified individuals. As part of this commitment, DHHS will ensure that people with disabilities, or known limitations covered by the PWFA, are provided with reasonable accommodation. If reasonable accommodation is needed to participate in the job application or interview process, please contact the person indicated below.

Requirements

The Knowledge, Skills, and Abilities (KSAs)/ Management Preferences are not required. Applicants who possess the following skills are preferred:

  • Hands-on experience performing manual penetration testing of web applications, REST and GraphQL APIs, and mobile applications, including static application security testing (SAST), dynamic application security testing (DAST), and threat modeling.
  • Skilled in identifying, exploiting, validating, and documenting security vulnerabilities, including SQL Injection (SQLi), Cross-Site Scripting (XSS), Server Side Request Forgery (SSRF), authentication and authorization flaws.
  • Proficient in conduction both manual and automated security assessment using industry-standard tools such as burp suite, OWASP ZAP, Nmap, Metasploit, Nessus, Snyk, Veracode and Checkmarx.
  • Experience in collaborating with software developers to triage, prioritize, and remediate security findings, while working closely with DevOps and engineering teams to ensure secure application design, configuration, and deployment.
  • Assisted in integrating security controls, automated testing, and vulnerability scanning into CI/CD pipelines to secure software development practices and DevSecOps initiatives.
  • Produced Comprehensive Technical assessment reports containing detailed proof- of-concept (PoC) Exploits, reproducible attack scenarios., Some state job postings say you can qualify by an "equivalent combination of education and experience." If that language appears below, then you may qualify through EITHER years of education OR years of directly related experience, OR a combination of both. See the Education and Experience Equivalency Guide for details.

Bachelor's degree in computer science or a related IT field or related degree from an appropriately accredited institution and two years of progressive experience in IT Security or closely related area;

OR

Associate degree in computer science or a related IT field or related degree from an appropriately accredited institution and three years of progressive experience in IT Security or closely related area;

OR

An equivalent combination of education and experience.

Benefits & conditions

Pulled from the full job description

  • Paid parental leave
  • Parental leave
  • Health insurance
  • Retirement plan

About the company

North Carolina State Government is one of the state's largest employers, with over 76,000 employees all working toward a common goal: a safer and stronger North Carolina. We are a large organization comprised of various agencies, offices, and universities, each providing important public services., The State of North Carolina is an Equal Employment Opportunity Employer and dedicated to providing employees with a work environment free from all forms of unlawful employment discrimination, harassment, or retaliation. The state provides reasonable accommodation to employees and applicants with disabilities; known limitations related to pregnancy, childbirth, or related medical conditions; and for religious beliefs, observances, and practices.

Apply for this position