Application Security Penetration Tester

Agency Division Job Classification Title IT Security & Compliance Manager I (NS) Position Number Grade DT11 About Us North Carolina State Government is one of the state’s largest employers, with over 76,000 employees all working toward a common goal: a safer and stronger North Carolina. We are a large organization comprised of various agencies, offices, and universities, each providing important public services. Eligible state employees are entitled to comprehensive benefits, including a variety of leave options, professional development opportunities, insurance, and more. To learn more about the benefits of being a North Carolina state employee, visit the N.C. Office of State Human Resources' website. Permanent, temporary, and time-limited state government jobs can be found from the mountains to the coast. Find your next opportunity today! Description of Work The Application Penetration Tester is responsible for conducting comprehensive, in-depth security assessments of NCDHHS applications using both manual techniques and automated tools. This role goes beyond basic vulnerability scanning, requiring the tester to think and operate like a real-world adversary—chaining vulnerabilities, bypassing security controls, and identifying complex attack paths across web applications, REST APIs, and cloud-native environments. The tester will evaluate application logic, authentication and authorization mechanisms, and data flows to uncover high-impact security weaknesses that automated tools alone cannot detect. Additionally, this role involves collaborating with development and engineering teams to clearly communicate findings, provide actionable remediation guidance, and help strengthen the overall security posture of NCDHHS applications. Knowledge Skills and Abilities/Management Preferences Salary Grade Range: $91,600.00 - $160,299.00 Candidates now meet the minimum qualifications of a position if they meet the minimum education and experience listed on the vacancy announcement. The Knowledge, Skills, and Abilities (KSAs)/ Management Preferences are not required. Applicants who possess the following skills are preferred: Experience performing manual penetration testing of web applications, REST APIs, and cloud-native environments, along with static and dynamic code analysis Ability to identify, exploit, and document vulnerabilities such as SQL injection, XSS, and authentication flaws Proficiency in both manual and automated security testing using industry-standard tools Strong collaboration skills to work with developers, DevOps, and engineering teams to remediate vulnerabilities and ensure secure configurations and deployments, including integrating security into CI/CD pipelines Ability to deliver high-quality technical reports with proof of concepts, reproduction steps, and clear remediation guidance The Posting Will Close At 11:59 P.M. The Night Before The End Date This Position Is Funded In Part Through Federal Funds This Role Is Eligible To Be Hybrid And Requires Onsite Reporting Located Within Raleigh, NC About the Office of the Secretary The Office of the Secretary serves as the executive leadership arm of the North Carolina Department of Health and Human Services (NCDHHS), guiding the Department’s mission to improve the health, safety, and well-being of all North Carolinians. Through strategic oversight and collaborative leadership, the Secretary’s Office supports the effective coordination of over a dozen core divisions, ensuring that agency-wide priorities are aligned, resources are used responsibly, and services are delivered with equity and impact.

Compensation and Benefits

The State of North Carolina offers excellent comprehensive benefits. Employees can participate in health insurance options, standard and supplemental retirement plans, and the NCFlex program (numerous high-quality, low-cost benefits on a pre-tax basis). Employees also receive paid vacation, sick, and community service leave. In addition, paid parental leave is available to eligible employees. Visit website for State Benefits. Supplemental Contact Information The North Carolina Department of Health and Human Services (DHHS) is an Equal Opportunity Employer that embraces an Employment First philosophy, which consists of complying with all federal laws, state laws, and Executive Orders. We are committed to reviewing requests for reasonable accommodation at any time during the hiring process or while on the job. For more information about DHHS: https://www.ncdhhs.gov/. DHHS uses the Merit-Based Recruitment and Selection Plan to fill positions subject to the State Human Resources Act with the most qualified individuals. Hiring salary will be based on relevant qualifications, internal equity, and budgetary considerations pertinent to the advertised position. In accordance with the Governor’s Executive Order 303, our agency supports second-chance employment for individuals who were previously incarcerated or justice-involved. We invite all potential applicants to apply for positions for which they may be qualified. Application Process Be sure to complete the application in its entirety. Resumes will not be accepted in lieu of completing this application. Information should be provided in the appropriate areas, to include the following: Education, including high school and all degrees obtained, Work Experience, and Certificates & Licenses. It is critical to our screening and salary determination process that applications contain comprehensive candidate information. Answers to Supplemental Questions are not a substitute for providing all relevant information within the body of your application. To receive credit for the supplemental questions, you must provide supporting information within the "Work Experience" section of the application to support your answers. Applications must be submitted by 11:59 PM the day before the closing date. Applicants may be subject to a criminal background check. All candidates selected for positions considered "Positions of Trust" will be subject to a criminal background check. Due to the volume of applications received, we are unable to provide information regarding the status of your application over the phone. To check the status of your application, please log in to your account. Upon the closing date, applications are "Under Review" and will be screened by Human Resources for qualified applicants. The hiring process may take several weeks. Degrees must be received from appropriately accredited institutions. Transcripts and degree evaluations may be uploaded with your application. The State of North Carolina/Office of State Human Resources uses the National Association of Credential Evaluation Services (NACES) as a referral resource for applicants who need to have their credentials certified as equivalent. For a list of organizations that perform this specialized service, please visit the NACES membership website at https://www.naces.org/members. Degree/College Credit Verification Degrees must be received from appropriately accredited institutions. Transcripts, degree evaluations, and cover letters may be uploaded with your application. Veterans’ and National Guard Preference Applicants seeking Veteran's Preference must attach a DD-214 Member-4 Form (Certificate of Release or Discharge from Active Duty) to their applications. Applicants seeking National Guard Preference must attach an NGB 23A (RPAS), along with the state application, if they are a current member of the NC National Guard in good standing. Applicants who are former members of either the NC Army National Guard or the NC Air National Guard, with honorable discharge and six years of creditable service, must attach a copy of the DD 256 or NGB 22, along with the state application. ADA Accommodations Consistent with the Americans with Disabilities Act (ADA) and the Pregnant Workers Fairness Act (PWFA), DHHS is committed to the full inclusion of all qualified individuals. As part of this commitment, DHHS will ensure that people with disabilities, or known limitations covered by the PWFA, are provided with reasonable accommodation. If reasonable accommodation is needed to participate in the job application or interview process, please contact the person indicated below. CONTACT INFORMATION: If there are any questions about this posting, please contact Talent Acquisition at [email protected]. Resumes will not be accepted in lieu of completing this application. Minimum Education and Experience Some state job postings say you can qualify by an “equivalent combination of education and experience.” If that language appears below, then you may qualify through EITHER years of education OR years of directly related experience, OR a combination of both. See the Education and Experience Equivalency Guide for details. Bachelor's degree in computer science or a related IT field or closely related field from an appropriately accredited institution and two years of progressive experience in IT security or closely related area OR Associate degree in computer science or a related IT field or closely related field from an appropriately accredited institution and three years of progressive experience in IT Security or closely related area OR An equivalent combination of education and experience. EEO Statement The State of North Carolina is an Equal Employment Opportunity Employer and dedicated to providing employees with a work environment free from all forms of unlawful employment discrimination, harassment, or retaliation. The state provides reasonable accommodation to employees and applicants with disabilities; known limitations related to pregnancy, childbirth, or related medical conditions; and for religious beliefs, observances, and practices. Recruiter: Lisa M Sasser Recruiter Email: [email protected] North Carolina State Government is one of the state’s largest employers, with over 76,000 employees all working toward a common goal: a safer and stronger North Carolina. We are a large organization comprised of various agencies, offices, and universities, each providing important public services. Eligible state employees are entitled to comprehensive benefits, including a variety of leave options, professional development opportunities, insurance, and more. To learn more about the benefits of being a North Carolina state employee, visit the N.C. Office of State Human Resources' website. Permanent, temporary, and time-limited state government jobs can be found from the mountains to the coast. Find your next opportunity today! State Application Resources/Frequently Asked Questions Valuing Education and Experience The State of North Carolina values the knowledge and experience of our jobseekers and current state employees. Approximately 91 percent of state job classifications allow experience to be substituted for education or do not require a post-secondary degree. Learn more about how you may qualify for a position through education or directly related experience, or a combination of both, with the Education and Experience Equivalency Guide. All job postings close at 11:59pm the night before the End Date on the posting. Introduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match. If you are already a state employee, please search for jobs by clicking here. Apply To This Job