Are you ready to take the next step in your career?
Discover why NCDIT is the ideal destination for your professional growth - Why Work for NCDIT .
We currently have an opening for Manager of Security Operations.
The position is designated Statutory Exempt and is exempt from the State Human Resources Act.
Candidates for this role must be within a 4-hour drive of either Raleigh or Asheville.
At North Carolina Department of Information Technology (NCDIT), we’re committed to safeguarding critical information systems and ensuring the security and integrity of our state’s data. As our Manager of Security Operations, you’ll play a pivotal role in our mission to protect against emerging threats and maintain a proactive cybersecurity posture. You’ll lead and provide technical expertise and guidance to a dynamic team that is responsible for security operations within the Enterprise Security and Risk Management Office (ESRMO).
This senior role involves managing the Cybersecurity Threat Analyst Center (CTAC), which includes the State Security Operations Center (SOC), security architecture and engineering team, threat intelligence team, and where necessary, incident response capabilities. The Manager ensures that the security operations team effectively supports and augments other teams both internally and externally as necessary. The Security Operations team is responsible for providing services to NCDIT, state agencies, and other State, Local, Territorial, and Tribal (SLTT) members as directed. This position reports directly to the State Chief Risk Officer (SCRO).
You will be responsible for:
Strategic Leadership
Leading the daily operations of the security operations team including the SOC and CTAC
Coordinating the integration and operation of cybersecurity tools within the enterprise and ensuring interoperability with other agencies
Coordinating with other agencies to maintain a proactive cybersecurity posture to include collaboration and coordination with federal, state, local, and critical infrastructure partners
Leading operational efforts to ensure cybersecurity support for a comprehensive state-wide cybersecurity program
Operational Excellence
Ensuring security tool and platform integration across the enterprise to include automation and efficiency gains where possible
Continuously evaluating the effectiveness of the CTAC and SOC to ensure proper monitoring, alerting, and escalation of security events
Policies and Standards
Developing and implementing security operations processes and procedures, and standards to guide our operations
Creating insightful reports for leadership, providing updates on initiatives and operational effectiveness
Support security reviews, assessments, and recommendations for improvement.
Update and maintain runbooks and other critical team documentation
Professional Development
Participating in training, table-top exercises, and other relevant educational material
Communication
Driving effective, timely, and actionable communication of security events, advisories, and other relevant cybersecurity matters
About the Organization
The Enterprise Security & Risk Management Office (ESRMO) houses the state's cybersecurity and business continuity subject matter experts who are responsible for providing and supporting a variety of functions within the state both directly to NCDIT as well as other state, county, and local entities and is organized to help the state meet the requirements of security standards legislation, N.C.G.S.
147-33.110-33.113 and N.C.G.S.
147-33.72c and other legal and regulatory requirements. The ESRMO works closely with NCDIT staff and with executive branch agencies to ensure compliance with security statutes and mandates, statewide information security policies, the Statewide Technical Architecture, industry best practices, and other regulatory requirements. Working with state agencies, federal and local governments, citizens and private sector businesses, the ESRMO helps to manage risk in order to support secure and sustainable information technology services that meet the needs of the citizens of North Carolina.
The N.C. Department of Information Technology (NCDIT) serves as the Technology Center for the State of NC. Services that NCDIT provides reach a client base of state and local government agencies, as well as schools, colleges and universities. NCDIT’s mission is to enable trusted business-driven solutions that meet the needs of North Carolinians. NCDIT provides technology services to state agencies and is charged with closing the digital divide by expanding availability of broadband services and promoting the adoption of affordable, high-speed internet.
As NCDIT’s services reach North Carolina residents from all backgrounds, we believe that a diverse workforce is our most valuable asset to recognize, understand and meet the IT needs of our constituents across the state. Our agency culture intentionally values diversity, equity and inclusion through the implementation of thoughtful, practical, innovative and data-driven strategies. We are an Employment First state, ensuring that people with disabilities have equal opportunities to succeed in the state government workplace ( Executive Order 92 ). NCDIT supports recent executive orders to address pay equity for women ( Executive Order 93 ), establish paid parental leave for birth, adoption, and foster care ( Executive Order 95 ), and implement fair chance policies ( Executive Order 158 ). NCDIT also has several initiatives designed to help past and current military personnel and their spouses find rewarding careers with us. Join a team that welcomes, values, respects and supports all members of our work community.
If you have student loans, becoming a state employee includes eligibility for the Public Service Loan Forgiveness Program. Visit www.studentaid.gov to learn more.
Knowledge, Skills And Abilities / Competencies
Resumes/CVs are intended to be used as a complement to an application. Generally resumes/CVs are lacking the detail and breadth of an applicant’s full education and work history so applicants should complete the application with more detail than what their resume contains to show that they meet both the Education Requirements and ALL Knowledge, Skills and Abilities (KSAs) listed below in order to qualify. Click these links for additional information: Introduction to the Job Application and Addressing Knowledge, Skills and Abilities. (Note: These links refer to Dept. of Public Safety process; this process is the same for Dept. of Information Technology.)
To qualify for this position, applicants must document on the application that they possess ALL of the following:
Experience operationalizing computer and network forensics, system and network security, incident management, intrusion detection, vulnerability and patch management, log analysis, and/or related technologies
Experience in cybersecurity threat intelligence (TI) collection, processing, and analysis (i.e., to understand context and priority to predict, detect, and counteract threats)
Experience working with the multiple security disciplines, such as identification, authentication, authorization, access control, administration, and audit, risk management, disaster recovery, and business continuity
Experience with vulnerability assessment and management concepts, including vulnerability scanning and penetration testing methodologies, reporting, and/or remediation processes
Management Preferences
Demonstrated ability to stay current on emerging cybersecurity tools and technology
Demonstrated understanding and use of attack and defense frameworks such as Mitre ATT&CK Framework, Diamond Model of Intrusion Analysis, and Cyber Kill Chain and other industry frameworks such as NIST CSF, RMF, and others
Relevant industry recognized and relevant certifications are highly desirable. Examples of these include: CISSP, CISM, CRISC, CCSP, CySA+, PenTest+, Linux+, Security+, CISA, CEH, GSLC, GSEC, GPEN, GCED, GCIH, GCFE, and ITIL
This position will have access to data within the Division of Criminal Information Network (DCIN); and as such, NC Administrative Code 14B NCAC 18A.0401 mandates that prior to receiving and/or maintaining certification as a DCIN user, applicants:
Shall be a citizen of the United States,
Shall be at least 18 years of age,
Shall agree to a fingerprint-based background search. Only applicable to positions that require access to DCIN, typically GDAC
Minimum Education And Experience Requirements
Some state job postings say you can qualify by an ‘equivalent combination of education and experience.’ If that language appears below, then you may qualify through EITHER years of education OR years of directly related experience, OR a combination of both. See the Education and Experience Equivalency Guide for details.
Bachelor's degree in computer science or a related IT field or related degree from an appropriately accredited institution and three years of progressive experience in IT security or closely related area including two years of supervisory experience;
or
Associate degree in computer science or a related IT field or related degree from an appropriately accredited institution and four years of progressive experience in IT security or closely related area which includes two years supervisory experience; or an equivalent combination of education and experience.
Supplemental and Contact Information
The North Carolina Department of Information Technology (DIT) is an Equal Opportunity Employer who embraces an Employment First philosophy which consists of complying with all federal laws, state laws and Executive Orders.
NCDIT uses the Merit-Based Recruitment and Selection Plan to fill posted positions. Hiring salary will be based on relevant qualifications, internal equity, and budgetary considerations pertinent to the advertised position.
The Department of Information Technology will not accept "See Resume" or inserted text resumes in lieu of all work experience and education completed on the application.
Employment at NCDIT is contingent upon a satisfactory background check.
Applicants seeking Veteran's Preference must attach a DD form 214, Certificate of Release or Discharge from Active Duty, along with your application.
Applicants seeking National Guard Preference must attach a NGB 23A (RPAS) if you are a current member of the NC National Guard in good standing. If you are a former member of the NC National Guard who served for at least 6 years and was discharged under honorable conditions, you must attach either a DD256 or NGB 22.
Applicants applying for positions that require specific coursework, must upload and attach a copy of the transcript with their application.
Applicants with relevant professional certifications to the posted job must attach proof of active certification along with the information in the “Certificates and Licenses” section.
If applicants earned college credit hours but did not complete a degree program, they must attach an official transcript to each application to receive credit for this education.
If applicants earned a foreign degree, foreign degrees require an official evaluation for U.S. equivalency, and must be submitted to Human Resources for verification. There are several organizations that perform this specialized service, feel free to use any service of your choosing. The National Association of Credential Evaluation Services (NACES) has several options on their website that can provide credential verification: https://www.naces.org/members
REMOTE WORK:
We trust our employees to be self-motivated and successful in hybrid/remote roles, thus NCDIT offers robust work from home options and variable work schedule flexibility.
COMPENSATION & BENEFITS:
The state of North Carolina offers excellent comprehensive benefits. Employees can participate in health insurance options, standard and supplemental retirement plans, and the NCFlex program (numerous high-quality, low-cost benefits on a pre-tax basis). Employees also receive paid vacation, sick, and community service leave. In addition, paid parental leave is available to eligible employees.
Some highlights include:
The best funded pension plan/retirement system in the nation according to Moody’s Investor’s Service
Twelve (12) holidays/year
Fourteen (14) vacation days/year which increase as length of service increases and accumulate year-to-year
Twelve (12) sick days/year which are cumulative indefinitely
Longevity pay lump sum payout yearly based on length of service
401K, 457, and 403(b) plans
Learn more about employee perks/benefits:
Why Work For NC?
NC OSHR: Benefits
NC OSHR: Total Compensation Calculator
To apply for this position, please click the "Apply" link above (on the Government Jobs website) or visit https://www.governmentjobs.com/Applications/Index/northcarolina to complete an on-line application.
Due to the volume of applications received, we are unable to provide information regarding the status of your application over the phone. To check the status of your application, please log in to your account and click "Application Status." If you are selected for an interview, you will be contacted by management. If you are no longer under consideration, you will receive an email notification. If there are any questions about this posting other than your application status, please contact: