IT Security & Compliance Specialist II
IT Security & Compliance Specialist II (NS)
Grade: DT10
Salary Grade Range: $87,617.00 - $117,000.00
Description of Work
The Application Security Penetration tester is responsible for identifying, analyzing, and mitigating vulnerabilities in software applications and APIs throughout the development lifecycle. This role collaborates closely with development and infrastructure teams to integrate secure coding practices and ensure the security of applications from design through deployment.
The Application Penetration Tester is responsible for performing deep, manual and automated security assessments of NCDHHS applications. The role goes beyond automated scanning—chain vulnerabilities, bypass controls, and emulate real adversary behavior across web apps, APIs, and mobile platforms.
This role is eligible to be hybrid and requires onsite reporting located within Raleigh, NC.
Qualifications and Preferred Skills
- Hands‑on experience performing manual penetration testing of web applications, REST and GraphQL APIs, and mobile applications, including static application security testing (SAST), dynamic application security testing (DAST), and threat modeling.
- Skilled in identifying, exploiting, validating, and documenting security vulnerabilities, including SQL Injection (SQLi), Cross‑Site Scripting (XSS), Server Side Request Forgery (SSRF), authentication and authorization flaws.
- Proficient in conducting both manual and automated security assessment using industry‑standard tools such as Burp Suite, OWASP ZAP, Nmap, Metasploit, Nessus, Snyk, Veracode and Checkmarx.
- Experience in collaborating with software developers to triage, prioritize, and remediate security findings, while working closely with DevOps and engineering teams to ensure secure application design, configuration, and deployment.
- Assisted in integrating security controls, automated testing, and vulnerability scanning into CI/CD pipelines to secure software development practices and DevSecOps initiatives.
- Produced comprehensive technical assessment reports containing detailed proof‑of‑concept (PoC) exploits, reproducible attack scenarios.
Minimum Education and Experience
Bachelor’s degree in computer science or a related IT field or related degree from an appropriately accredited institution and two years of progressive experience in IT Security or closely related area; OR Associate degree in computer science or a related IT field or related degree from an appropriately accredited institution and three years of progressive experience in IT Security or closely related area; OR an equivalent combination of education and experience.
Compensation and Benefits
The State of North Carolina offers excellent comprehensive benefits. Employees can participate in health insurance options, standard and supplemental retirement plans, and the NCFlex program (numerous high‑quality, low‑cost benefits on a pre‑tax basis). Employees also receive paid vacation, sick, and community service leave. In addition, paid parental leave is available to eligible employees.
EEO Statement
The State of North Carolina is an Equal Employment Opportunity Employer and dedicated to providing employees with a work environment free from all forms of unlawful employment discrimination, harassment, or retaliation. The state provides reasonable accommodation to employees and applicants with disabilities; known limitations related to pregnancy, childbirth, or related medical conditions; and for religious beliefs, observances, and practices.
#J-18808-Ljbffr