Skip to main content
Back to jobs

IT Security & Compliance Specialist II

External
nc logoNc · 1915 Health Services Way Wake
ContractHybridToday
Application SecurityCI/CDClassificationComplianceDevSecOpsGraphQL
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role


About the role

North Carolina State Government is one of the state's largest employers, with over 76,000 employees all working toward a common goal: a safer and stronger North Carolina. We are a large organization comprised of various agencies, offices, and universities, each providing important public services. Eligible state employees are entitled to comprehensive benefits, including a variety of leave options, professional development opportunities, insurance, and more. To learn more about the benefits of being a North Carolina state employee, visit the N.C. Office of State Human Resources' website . Permanent, temporary, and time-limited state government jobs can be found from the mountains to the coast. Find your next opportunity today! Description of Work The Application Security Penetration tester is responsible for identifying, analyzing, and mitigating vulnerabilities in software applications and APIs throughout the development lifecycle. This role collaborates closely with development and infrastructure teams to integrate secure coding practices and ensure the security of application from design through deployment. The Application Penetration Tester is responsible to perform deep, manual and automated security assessments of NCDHHS applications. This role goes Beyond automated scanning- you will chain vulnerabilities, bypass controls, and emulate real adversary behavior across web apps, APIs, and mobile platforms. Knowledge Skills and Abilities/Management Preferences Salary Grade Range: $87,617.00 - $117,000.00 Recruitment Range: $87,617.00 - $117,000.00 Candidates now meet the minimum qualifications of a position if they meet the minimum education and experience listed on the vacancy announcement. The Knowledge, Skills, and Abilities (KSAs)/ Management Preferences are not required. Applicants who possess the following skills are preferred: Hands-on experience performing manual penetration testing of web applications, REST and GraphQL APIs, and mobile applications, including static application security testing (SAST), dynamic application security testing (DAST), and threat modeling. Skilled in identifying, exploiting, validating, and documenting security vulnerabilities, including SQL Injection (SQLi), Cross-Site Scripting (XSS), Server Side Request Forgery (SSRF), authentication and authorization flaws. Proficient in conduction both manual and automated security assessment using industry-standard tools such as burp suite, OWASP ZAP, Nmap, Metasploit, Nessus, Snyk, Veracode and Checkmarx. Experience in collaborating with software developers to triage, prioritize, and remediate security findings, while working closely with DevOps and engineering teams to ensure secure application design, configuration, and deployment. Assisted in integrating security controls, automated testing, and vulnerability scanning into CI/CD pipelines to secure software development practices and DevSecOps initiatives. Produced Comprehensive Technical assessment reports containing detailed proof- of-concept (PoC) Exploits, reproducible attack scenarios. The Posting Will Close At 11:59 P.M. The Night Before The End Date This Position Is Funded In Part Through Federal Funds. This Role Is Eligible To Be Hybrid And Requires Onsite Reporting Located Within Raleigh, NC About the NC DHHS Information Technology Division: In collaboration with our partners, the North Carolina Department of Health and Human Services (DHHS) protects the health and safety of all North Carolinians and provides essential health and human services. The IT division (ITD) is one of the divisions that report to the Operational Excellence portfolio. The ITD division comprises four sections: Implementation and Operations, Strategy and Workforce, Enterprise Technology, and Vendor and Finance. ITD offers the following services but not limited to implementations, operations, project/portfolio management, infrastructure, consulting, business division liaison, digital transformation, IT strategy, enterprise technology, IT contract and vendor management, and data office services. Compensation and Benefits: The State of North Carolina offers excellent comprehensive benefits. Employees can participate in health insurance options, standard and supplemental retirement plans, and the NCFlex program (numerous high-quality, low-cost benefits on a pre-tax basis). Employees also receive paid vacation, sick, and community service leave. In addition, paid parental leave is available to eligible employees. Visit the website for State Benefits . Supplemental Contact Information The North Carolina Department of Health and Human Services (DHHS) is an Equal Opportunity Employer that embraces an Employment First philosophy, which consists of complying with all federal laws, state laws, and Executive Orders. We are committed to reviewing requests for reasonab

Benefits

Health insuranceVision insurancePaid time offParental leave

Additional Information

Agency Division Job Classification Title IT Security & Compliance Specialist II (NS) Position Number Grade DT10


Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at nc? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect