NCDHHS- PSO IT Security Specialist st

NC DHHS Privacy and Security Office (PSO) requiring services of an IT Security Architect to assist Child Welfare Information System (CWIS).

NC DHHS Privacy and Security Office (PSO) requiring services of an IT Security Architecture to assist and assess the CWIS. Strong understanding of securityprinciples including secure coding practices vulnerability management threatmodeling and risk assessment. Strong experience with containerization technologies such as Docker and container orchestration tools like Kubernetes (Redhat OpenShift preferred). Demonstrable experience on securing containerized environments and integrate security into container workflows. Understanding of regulatory compliance requirements (e.g. HIPAA PCI DSS) and experience implementing controls to meet these requirements. In addition to these technical skills and experiences possessing relevant certifications such as certified Ethical Hacker (CEH) or AWS Certified Security Specialty in security and DevOps practices.Knowledgeable of OSI networking model. Handson experience with design and configuration of network security on layer 3 4 and 7. Application of these in a data center environment is highly desired.

Required/Desired Skills
SkillRequired /DesiredAmountof ExperienceRisk Management must be able to Identify gaps through risk management and assist in the development of mitigation strategies.Required7YearsExperience documenting vulnerability assessment results in a accurate clear actionable and available way to appropriate personnelRequired7YearsStrong understanding of security principles including secure coding practices vulnerability management threat modeling and risk assessment. Required6YearsExpertise in using Copado for Salesforce deployment automation and release managementRequired6YearsKnowledge of common security frameworks such as OWASP Top 10 and CIS Benchmarks.Required6YearsExperience using GitHub Actions for CI/CD pipelines and GitHub Security features like code scanning and secret scanning.Required6YearsUnderstanding of regulatory compliance requirements (e.g. HIPAA PCI DSS) and experience implementing controls to meet these requirements. Required6YearsIndustrial experience w/ DevSecOps concept such as static code analysis dependency bot and container hardening. Experience with integration of theseRequired6YearsKnowledgeable of OSI networking model. Handson experience with design and configuration of network security on layer 3 4 and 7. Application of thesRequired6Years
Questions
No.QuestionQuestion1Absences greater than two weeks MUST be approved by CAI management in advance and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirementQuestion2Please list candidates email address HERE that will be used when submitting ERTR.Question3Please indicate how soon this candidate is available to start work. Vendors are encouraged to submit candidates that are available for the duration of the assignment.Question4Vendor must disclose to the agency if the candidate will be subcontracted at the time of submission. Do you accept this requirementQuestion5Vendor must notify the agency if any portion of the requirements listed in this task order are to be outsourced to other countries. Do you accept this requirementQuestion6Candidates submitted above the bill rate of $115.00 may not be considered. Do you accept this requirement