The Department of Health and Human Services Privacy and Security Office (PSO) is a unit which is located within the Office of the Secretary, Information Technology Division. The PSO provides leadership and direction for the departments privacy, security, Business Continuity Planning (BCP), Continuity of Operations Planning (COOP) and compliance activities. This office ensures that Federal, State and Department-wide privacy and security requirements are met for protecting information and technology, and for instituting polices, standards or other associated materials that support these compliance effort.
This position is responsible for operating and maintaining endpoint detection and response (EDR) and insider threat platforms and responding to security alerts generated from the ERD as well as other security tools. The candidate will provide support for both the EDR and insider threat monitoring platform. Lead and oversee deployment, operation, and maintenance of the EDR and insider threat platforms. Provide support response to other security teams in respect to the EDR and insider threat platforms. Identify adjustments and modifications for configuration and identify new opportunities for tools to incorporate into the EDR platform. Coordinate with various teams, such as application and network, to enable adjustments and modifications to be made to the EDR and insider threat platforms. Additional job responsibilities could include working with application security and managing Web Application Firewalls and understanding of Operating Systems (OS), vulnerability management tools, HIPAA and other regulatory requirements.
About the NC Department of Health and Human Services (DHHS):
The North Carolina Department of Health and Human Services (DHHS) is one of the largest, most complex agencies in the state, and has approximately 17,000 employees. It is responsible for ensuring the health, safety, and well-being of all North Carolinians, providing human service needs for special populations including individuals who are deaf, blind, developmentally disabled, and mentally ill, and helping poor North Carolinians achieve economic independence.
About the NC Division of Information Technology:
DHHS Information Technology (IT) Division provides enterprise information technology leadership and solutions to the department and their partners so that they can leverage technology, resulting ultimately in delivery of consistent, cost effective, reliable, accessible, and secure services. DHHS IT Division works with business divisions to help ensure the availability and integrity of automated information systems to meet their business goals. DHHS IT Division’s primary information technology services are Application Management, Project Management, Privacy and Security, Financial Management, Health Information Technology, Infrastructure and Service Management.
Compensation and Benefits:
The State of North Carolina offers excellent comprehensive benefits. Employees can participate in health insurance options, standard and supplemental retirement plans, and the NCFlex program (numerous high-quality, low-cost benefits on a pre-tax basis). Employees also receive paid vacation, sick, and community service leave. In addition, paid parental leave is available to eligible employees. Visit website for benefits: https://oshr.nc.gov/state-employee-resources/benefits.
For more information about DHHS: https://www.ncdhhs.gov/
Listed below are the knowledge, skills and abilities (KSAs) associated with the position. These KSAs, along with the minimum education and experience listed, are required in order to be deemed "eligible" for the position therefore you must provide supporting information, within the body of your application, to demonstrate your possession of each KSA listed.
Qualified applicants must possess, and application must clearly reflect work experience that demonstrates the following:
-
Proven experience managing EDR tools such as CrowdStrike and security incident response tools with various expedited project delivery schedules.
-
Demonstrated experience in analyzing threat data from various sources, including logs, network traffic, and endpoints, to identify indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs), and patterns associated with cyber threats.
-
Experience creating and maintaining technical documents and security advisories to designated organizational staff related to emerging threats or current attacks, their associated vulnerabilities, and effective controls or mitigation solutions.
-
Proven experience in the development of processes and procedures for incorporation and utilization in cyber incident response efforts.
-
Experience working in Vulnerability Management to include industry standards (such as CVE, CPE, and CVSS) for work included to compile and track vulnerabilities over a period to enhance clarity and precision for metrics-related purposes and produce actionable assessment that results in both a technical and non-technical format
-
Documented experience applying Threat Hunting Frameworks & Methodologies alongside conducting proactive threat hunting exercises to identify advanced and persistent threats within the organization's network and systems and define thresholds for threat behavior recognition.
-
Documented experience providing security oversight and compliance planning through the periodic review of solutions and the adjustment of security postures based on identified risks as a part of the department’s risk management process.
Management Preferences:-
Experience in Operating Systems (OS) and vulnerability management tools, HIPAA and other regulatory requirements
-
Experience applying industry best practice i.e., NIST, ISO/IEC 27002 etc.
-
SANS Global Information Assurance Certifications (Or Similar – ex. Carnegie-Mellon CERT); Security Essentials Certification (GSEC); or Information System Security Certification Consortium (ISC2) Systems Security Certified Practitioner (SSCP) are preferred by management
The North Carolina Department of Health and Human Services (DHHS) is an Equal Opportunity Employer who embraces an Employment First philosophy which consists of complying with all federal laws, state laws and Executive Orders. We are committed to reviewing requests for reasonable accommodation at any time during the hiring process or while on the job.
For more information about DHHS: https://www.ncdhhs.gov/.
DHHS uses the Merit-Based Recruitment and Selection Plan to fill positions subject to the State Human Resources Act with the most qualified individuals. Hiring salary will be based on relevant qualifications, internal equity, and budgetary considerations pertinent to the advertised position.
It is critical to our screening and salary determination process that applications contain comprehensive information. Information should be provided in the appropriate areas to include the beginning and end dates of jobs worked, education with the date graduated, all work experience, and certificates /licenses. Resumes will not be accepted in lieu of completing this application. Answers to Supplemental Questions must refer to education or work experience listed on this application to receive credit. Degrees must be received from appropriately accredited institutions.
-
Applicants seeking Veteran's Preference must attach a DD-214 Member-4 Form (Certificate of Release or Discharge from Active Duty) to their applications.
-
Applicants seeking National Guard Preference must attach a NGB 23A (RPAS) if they are a current member of the NC National Guard in good standing. If a former member of the NC National Guard, who served for at least 6 years and was discharged under honorable conditions, they must attach either a DD256 or NGB 22.
-
If applicants earned college credit hours but did not complete a degree program, they must attach an unofficial transcript to each application to receive credit for this education.
-
Applicants may be subject to a criminal background check. All candidates selected for positions considered "Positions of Trust" will be subject to a criminal background check.
Applications for positions requiring specific coursework must be accompanied by a copy of the applicant's transcript. Applicants with degrees not conferred at a United States college or university must attach verification that their degree is equivalent to a similar degree from a U.S. institution. The Office of State Human Resources uses the National Association of Credential Evaluation Services (NACES) as a referral resource for applicants who need to have their credentials certified as equivalent. For a list of organizations that perform this specialized service, please visit the NACES membership website at https://www.naces.org/members. Transcripts, degree evaluations and cover letters may be uploaded with your application.
NOTE: Applicants will be communicated via email only for updates on the status of their application or any questions on their application. If there are any questions about this posting other than your application status, please contact HR at 919-855-4930.
For technical issues with your application, please call the NeoGov Helpline at 877-204-4442. If you have a technical issue with your Government Jobs account, please call their Help Line at 1-855-524-5627.