Application Security Penetration Tester

Agency

Division

Job Classification Title

IT Security & Compliance Manager I (NS)

Position Number

Grade

DT11

About Us

North Carolina State Government is one of the state's largest employers, with over 76,000 employees all working toward a common goal: a safer and stronger North Carolina. We are a large organization comprised of various agencies, offices, and universities, each providing important public services.

Eligible state employees are entitled to comprehensive benefits, including a variety of leave options, professional development opportunities, insurance, and more. To learn more about the benefits of being a North Carolina state employee, visit the N.C. Office of State Human Resources' website.

Permanent, temporary, and time-limited state government jobs can be found from the mountains to the coast. Find your next opportunity today!

Description of Work

The Application Penetration Tester is responsible for conducting comprehensive, in-depth security assessments of NCDHHS applications using both manual techniques and automated tools. This role goes beyond basic vulnerability scanning, requiring the tester to think and operate like a real-world adversary-chaining vulnerabilities, bypassing security controls, and identifying complex attack paths across web applications, REST APIs, and cloud-native environments. The tester will evaluate application logic, authentication and authorization mechanisms, and data flows to uncover high-impact security weaknesses that automated tools alone cannot detect. Additionally, this role involves collaborating with development and engineering teams to clearly communicate findings, provide actionable remediation guidance, and help strengthen the overall security posture of NCDHHS applications.

Knowledge Skills and Abilities/Management Preferences

Salary Grade Range: $91,600.00 - $160,299.00

Candidates now meet the minimum qualifications of a position if they meet the minimum education and experience listed on the vacancy announcement.

The Knowledge, Skills, and Abilities (KSAs)/ Management Preferences are not required. Applicants who possess the following skills are preferred:

• Experience performing manual penetration testing of web applications, REST APIs, and cloud-native environments, along with static and dynamic code analysis

• Ability to identify, exploit, and document vulnerabilities such as SQL injection, XSS, and authentication flaws

• Proficiency in both manual and automated security testing using industry-standard tools

• Strong collaboration skills to work with developers, DevOps, and engineering teams to remediate vulnerabilities and ensure secure configurations and deployments, including integrating security into CI/CD pipelines

• Ability to deliver high-quality technical reports with proof of concepts, reproduction steps, and clear remediation guidance

The Posting Will Close At 11:59 P.M. The Night Before The End Date

This Position Is Funded In Part Through Federal Funds

This Role Is Eligible To Be Hybrid And Requires Onsite Reporting Located Within Raleigh, NC

About the Office of the Secretary

The Office of the Secretary serves as the executive leadership arm of the North Carolina Department of Health and Human Services (NCDHHS), guiding the Department's mission to improve the health, safety, and well-being of all North Carolinians. Through strategic oversight and collaborative leadership, the Secretary's Office supports the effective coordination of over a dozen core divisions, ensuring that agency-wide priorities are aligned, resources are used responsibly, and services are delivered with equity and impact.

Compensation and Benefits

The State of North Carolina offers excellent comprehensive benefits. Employees can participate in health insurance options, standard and supplemental retirement plans, and the NCFlex program (numerous high-quality, low-cost benefits on a pre-tax basis). Employees also receive paid vacation, sick, and community service leave. In addition, paid parental leave is available to eligible employees. Visit website for State Benefits.

Supplemental Contact Information

The North Carolina Department of Health and Human Services (DHHS) is an Equal Opportunity Employer that embraces an Employment First philosophy, which consists of complying with all federal laws, state laws, and Executive Orders. We are committed to reviewing requests for reasonable accommodation at any time during the hiring process or while on the job. For more information about DHHS: .

DHHS uses the Merit-Based Recruitment and Selection Plan to fill positions subject to the State Human Resources Act with the most qualified individuals. Hiring salary will be based on relevant qualifications, internal equity, and budgetary considerations pertinent to the advertised position.

In accordance with the Governor's Executive Order 303, our agency supports second-chance employment for individuals who were previously incarcerated or justice-involved. We invite all potential applicants to apply for positions for which they may be qualified.

Application Process

Be sure to complete the application in its entirety. Resumes will not be accepted in lieu of completing this application.

• Information should be provided in the appropriate areas, to include the following: Education, including high school and all degrees obtained, Work Experience, and Certificates & Licenses. It is critical to our screening and salary determination process that applications contain comprehensive candidate information.

• Answers to Supplemental Questions are not a substitute for providing all relevant information within the body of your application. To receive credit for the supplemental questions, you must provide supporting information within the "Work Experience" section of the application to support your answers.

• Applications must be submitted by 11:59 PM the day before the closing date.

• Applicants may be subject to a criminal background check. All candidates selected for positions considered "Positions of Trust" will be subject to a criminal background check.

• Due to the volume of applications received, we are unable to provide information regarding the status of your application over the phone. To check the status of your application, please log in to your account. Upon the closing date, applications are "Under Review" and will be screened by Human Resources for qualified applicants. The hiring process may take several weeks.

• Degrees must be received from appropriately accredited institutions. Transcripts and degree evaluations may be uploaded with your application. The State of North Carolina/Office of State Human Resources uses the National Association of Credential Evaluation Services (NACES) as a referral resource for applicants who need to have their credentials certified as equivalent.

• For a list of organizations that perform this specialized service, please visit the NACES membership website at .

Degree/College Credit Verification

Degrees must be received from appropriately accredited institutions. Transcripts, degree evaluations, and cover letters may be uploaded with your application.

Veterans' and National Guard Preference

• Applicants seeking Veteran's Preference must attach a DD-214 Member-4 Form (Certificate of Release or Discharge from Active Duty) to their applications.

• Applicants seeking National Guard Preference must attach an NGB 23A (RPAS), along with the state application, if they are a current member of the NC National Guard in good standing.

• Applicants who are former members of either the NC Army National Guard or the NC Air National Guard, with honorable discharge and six years of creditable service, must attach a copy of the DD 256 or NGB 22, along with the state application.

ADA Accommodations

Consistent with the Americans with Disabilities Act (ADA) and the Pregnant Workers Fairness Act (PWFA), DHHS is committed to the full inclusion of all qualified individuals. As part of this commitment, DHHS will ensure that people with disabilities, or known limitations covered by the PWFA, are provided with reasonable accommodation. If reasonable accommodation is needed to participate in the job application or interview process, please contact the person indicated below.

CONTACT INFORMATION:

If there are any questions about this posting, please contact Talent Acquisition at .... Resumes will not be accepted in lieu of completing this application.

Minimum Education and Experience

Some state job postings say you can qualify by an "equivalent combination of education and experience." If that language appears below, then you may qualify through EITHER years of education OR years of directly related experience, OR a combination of both. See the Education and Experience Equivalency Guide for details.

Bachelor's degree in computer science or a related IT field or closely related field from an appropriately accredited institution and two years of progressive experience in IT security or closely related area

OR

Associate degree in computer science or a related IT field or closely related field from an appropriately accredited institution and three years of progressive experience in IT Security or closely related area

OR

An equivalent combination of education and experience.

EEO Statement

The State of North Carolina is an Equal Employment Opportunity Employer and dedicated to providing employees with a work environment free from all forms of unlawful employment discrimination, harassment, or retaliation. The state provides reasonable accommodation to employees and applicants with disabilities; known limitations related to pregnancy, childbirth, or related medical conditions; and for religious beliefs, observances, and practices.

Recruiter:

Lisa M Sasser

Recruiter Email:

...