NC DHHS - Privacy and Security Office (PSO) requiring services of an IT Security Architect to assist Child Welfare Information System (CWIS).

NC DHHS - Privacy and Security Office (PSO) requiring services of an IT Security Architecture to assist and assess the CWIS.  -Strong understanding of securityprinciples, including secure coding practices, vulnerability management, threatmodeling, and risk assessment.  Strong experience with containerization technologies such as Docker and container orchestration tools like Kubernetes (Redhat OpenShift preferred). Demonstrable experience on securing containerized environments and integrate security into container workflows. Understanding of regulatory compliance requirements (e.g., HIPAA, PCI DSS) and experience implementing controls to meet these requirements. In addition to these technical skills and experiences possessing relevant certifications such as certified Ethical Hacker (CEH), or AWS Certified Security Specialty in security and DevOps practices.Knowledgeable of OSI networking model. Hands-on experience with design and configuration of network security on layer 3, 4, and 7. Application of these in a data center environment is highly desired.

Required/Desired Skills

Skill	Required /Desired	Amount	of Experience
Risk Management - must be able to Identify gaps through risk management, and assist in the development of mitigation strategies.	Required	7	Years
Experience documenting vulnerability assessment results in a accurate, clear, actionable, and available way to appropriate personnel	Required	7	Years
Strong understanding of security principles, including secure coding practices, vulnerability management, threat modeling, and risk assessment.	Required	6	Years
Expertise in using Copado for Salesforce deployment automation and release management	Required	6	Years
Knowledge of common security frameworks such as OWASP Top 10 and CIS Benchmarks.	Required	6	Years
Experience using GitHub Actions for CI/CD pipelines and GitHub Security features like code scanning and secret scanning.	Required	6	Years
Understanding of regulatory compliance requirements (e.g., HIPAA, PCI DSS) and experience implementing controls to meet these requirements.	Required	6	Years
Industrial experience w/ DevSecOps concept such as static code analysis, dependency bot, and container hardening. Experience with integration of these	Required	6	Years
Knowledgeable of OSI networking model. Hands-on experience with design and configuration of network security on layer 3, 4, and 7. Application of thes	Required	6	Years

Questions

No.	Question
Question1	Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question2	Please list candidate's email address HERE that will be used when submitting E-RTR.
Question3	Please indicate how soon this candidate is available to start work. Vendors are encouraged to submit candidates that are available for the duration of the assignment.
Question4	Vendor must disclose to the agency if the candidate will be subcontracted at the time of submission. Do you accept this requirement?
Question5	Vendor must notify the agency if any portion of the requirements listed in this task order are to be outsourced to other countries. Do you accept this requirement?
Question6	Candidates submitted above the bill rate of - may not be considered. Do you accept this requirement?