Job summary:


Title:
IT Security Specialist

Location:
Durham, NC, United States

Length and terms:
Long term - W2 or C2C


Position created on 01/25/2022 04:40 pm

Job description:


Interview Type: Skype *** Very long term project; initial PO for 1 year, expect to go for 4+ years *** Remote during covid then onsite

The client is looking for a candidate with strong security architecture experience including networking, IAM, IaC in at least one of AWS, Azure and GCP. Any migration experience from on-premises to cloud IaaS, PaaS and SaaS models is good to have.

The NC Department of Health and Human Services seeks a highly experienced IT Security Specialist to manage, assist and  assess NCFAST compliance with CMS, USDA, ACF, State of NC and DHHS requirements. This resource must manage and review the RFP, MOU and MOA for privacy, security, Business Continuity Planning, and Disaster Recovery based on federal, state and department requirements.   This resource must identify the risks and assist in the development of mitigation strategies, and establish the privacy and security architecture using on prem and cloud infrastructures. Hands on and security architecture experience including networking, IAM, IaC in at least one of AWS, Azure and GCP), defining and reviewing Privacy and Security/Information Assurance requirements (and dependencies), and defining and reviewing the Business Continuity Plan and Disaster Recovery Testing plans.

Application migration experience from on-premises to cloud IaaS, PaaS and SaaS models. Strong experience in Asset Management and Policy Compliance. Hands on experience developing a mature vulnerability management including asset management and threat protection. Experience with Policy Compliance requirements. Tasks also include researching Best Practices for reuse, applying Federal rules, State IT Security, DHHS Privacy and Security policies and industry standards, and defining the process to transition from the current architecture to the target architecture based on experience in implementing tools and frame works to support the Agile development process using DevSecOps. The ideal candidate will have experience working with current and emerging information security technologies, privacy and development methodologies and related Center for Medicaid and Medicare requirements (CMS). Bachelor's degree in computer science, cloud certification, management information systems, or related field is preferred.  Candidate must have security architecture knowledge like TOGAF and MITA, good analytical and creative problem solving skills and rely on experience and judgment to plan and accomplish goals. This role requires leadership skills to independently perform a variety of complicated tasks with a wide degree of creativity and latitude.  

Required Skills

  • 7 years of Experience with risk management to identify gaps through risk management and assisting the development team in implementing mitigation strategies.
  • 4 years of Experience updating privacy and security policies based on gaps found through an assessment process.
  • 7 years of Experience in NIST 800-53 and HIPAA assessment.
  • 3 years of Experience in implementing DevSecOps tools such as Fortify, CheckMarx, Contrast, Imperva.
  • 4 years of Experience in implementing the best practices for vulnerability manament using Qualys and Nessus.
  • 4 years of Hands-on experience conducting penetration testing on enterprise web applications using tools such as Burp Suite, Metasploit, Webinspect etc.
  • 3 years of Hands-on experience implementing the privacy and security and best practices for deploying the the work loads on AWS, GCP and AZURE cloud platforms.
  • 2 years of Hands on and security architecture experience including networking, IAM, IaC in at least one of AWS, Azure and GCP.
  • 2 years of Application migration experience from on-premises to cloud IaaS, PaaS and SaaS models
  • Excellent written English and oral communications skills
  • Knowledge of security architecture such as TOGAF and MITA.
  • Demonstrated analytical and creative problem solving skills.

Desired skills

  • 3 years of Familiarity with SOC2 Type 2, HITRUST and MARSE

 

Contact the recruiter working on this position:



The recruiter working on this position is Rajendra Reddy
His/her contact number is +(1) (202) 4706751
His/her contact email is rajr@msysinc.com

Our recruiters will be more than happy to help you to get this contract.