DevSecOps/Application Security Specialist
Description:
Description of Work
Discover why NCDIT is the ideal destination for your professional growth - Why Work for NCDIT.
This position may be eligible for hybrid remote work in accordance with state policy and the agency’s remote work program but does require weekly onsite work.
The position is designated Statutory Exempt and is exempt from the State Human Resources Act.
Want to protect and modernize the systems that serve millions of North Carolinians?
Join a team that’s modernizing how North Carolina delivers secure digital services. NC Department of Information Technology (NCDIT) is hiring a DevSecOps/Application Security Specialist to integrate security across our development lifecycle and ensure that state services remain trusted and resilient.
You’ll work directly with developers, platform engineers, and cybersecurity teams to embed secure coding, automate controls in CI/CD pipelines, and strengthen our cloud security posture. If you're driven by purpose and passionate about engineering secure systems at scale, we want to hear from you.
In this role, you will:
Automate security testing within CI/CD pipelines using tools like SAST, DAST, SCA, and IAST
Conduct threat modeling, code reviews, and application-level vulnerability assessments
Enforce secure coding standards and integrate security controls into the SDLC
Collaborate with cloud and platform teams to implement Infrastructure-as-code security practices
Support compliance efforts aligned with state and federal frameworks (e.g., NIST 800-53, HIPAA)
Why Join NCDIT
We’re leading digital transformation across the State of North Carolina. Our work matters—to every citizen, agency, and business we serve. Join us and make an impact while growing your cybersecurity career with access to modern tools, skilled mentors, and a clear mission. Apply today and help secure the systems that power North Carolina.
About the Division
The state Chief Information Officer (SCIO) is responsible for securing North Carolina’s information assets, including data and the supporting infrastructure. The NC Department of Information Technology’s (NCDIT) Enterprise Security and Risk Management Office (ESRMO), supports the state CIO by providing leadership in the development, delivery and maintenance of a cybersecurity program that safeguards the North Carolina’s information and supporting infrastructure against unauthorized use, disclosure, modification, damage or loss. This comprehensive statewide cybersecurity program encompasses: Information security implementation, monitoring, threat and vulnerability management, cyber incident management, and enterprise business continuity management. ESRMO works with executive branch agencies to help them comply with requirements that include: legal and regulatory requirements, statewide technical architecture, and industry best practices. It also works with state agencies, federal and local governments, citizens and private-sector businesses to help manage risk to support secure and sustainable information technology services to meet the needs of North Carolina’s citizens.About the Organization
The N.C. Department of Information Technology (NCDIT) serves as the Technology Center for the State of NC. Services that NCDIT provides reach a client base of state and local government agencies, as well as schools, colleges and universities. NCDIT’s mission is to enable trusted business-driven solutions that meet the needs of North Carolinians. NCDIT provides technology services to state agencies and is charged with closing the digital divide by expanding availability of broadband services and promoting the adoption of affordable, high-speed internet.
As NCDIT’s services reach North Carolina residents from all backgrounds, we believe that our workforce should reflect the demographics of the state. The workforce is our most valuable asset to recognize, understand and meet the IT needs of our constituents across North Carolina. Our agency’s culture is derived through the implementation of thoughtful, practical, innovative and data-driven strategies. We are an Employment First state, ensuring that people with disabilities have equal opportunities to succeed in the state government workplace (Executive Order 92). NCDIT supports recent executive orders to address pay equity for women (Executive Order 93), establish paid parental leave for birth, adoption, and foster care (Executive Order 95), and implement fair chance policies (Executive Order 158). NCDIT also has several initiatives designed to help past and current military personnel and their spouses find rewarding careers with us. Join a team that welcomes, values, respects and supports all members of our work community.
If you have student loans, becoming a state employee includes eligibility for the Public Service Loan Forgiveness Program. Visit to learn more.
Knowledge, Skills and Abilities / Competencies
Resumes/CVs are intended to be used as a complement to an application. Generally resumes/CVs are lacking the detail and breadth of an applicant’s full education and work history so applicants should complete the application with more detail than what their resume contains to show that they meet both the Education Requirements and ALL Knowledge, Skills and Abilities (KSAs) listed below in order to qualify. Click these links for additional information: Introduction to the Job Application and Addressing Knowledge, Skills and Abilities. (Note: These links refer to Dept. of Public Safety process; this process is the same for Dept. of Information Technology.)
To qualify for this position, applicants must document on the application that they possess ALL of the following:
Experience integrating application security tools into automated development pipelines, preferably by integrating Infrastructure-as-Code (iaC) into CI/CD pipelines within DevSecOps (e.g., Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST))
Experience with secure coding practices and/or threat modeling methodologies (e.g., (e.g., STRIDE, DREAD, Process for Attack Simulation and Threat Analysis [PASTA]))
Hands-on experience in cloud platform security (e.g., AWS, Azure, or GCP)
Experience in scripting (e.g., Python, Bash) for automating security controls
Experience with security compliance frameworks (e.g., National Institute of Standards and Technology (NIST) Special Publication 800-53, Open Worldwide Application Security Project (OWASP) Top 10, and Center for Internet Security (CIS) benchmarks)
This position requires a fingerprint-based background search. Hires must agree to a fingerprint-based background search prior to being hired.
Minimum Education and Experience Requirements
Some state job postings say you can qualify by an ‘equivalent combination of education and experience.’ If that language appears below, then you may qualify through EITHER years of education OR years of directly related experience, OR a combination of both. See the Education and Experience Equivalency Guide for details.Bachelor's degree in computer science or an IT related field or related technical degree from an appropriately accredited institution and six years of progressive experience in business application, business intelligence, or enterprise application consulting or development
OR
Associate degree in computer science or an IT related field or related technical degree from an appropriately accredited institution and seven years of progressive experience in business application consulting or development
OR
High School or General Education Development (GED) diploma and ten years of experience in business application, business intelligence, or enterprise application consulting or development; or an equivalent combination of education and experience.
Supplemental and Contact Information
The North Carolina Department of Information Technology (DIT) is an Equal Opportunity Employer who embraces an Employment First philosophy which consists of complying with all federal laws, state laws and Executive Orders.
NCDIT uses the Merit-Based Recruitment and Selection Plan to fill posted positions. Hiring salary will be based on relevant qualifications, internal equity, and budgetary considerations pertinent to the advertised position.
The Department of Information Technology will not accept "See Resume" or inserted text resumes in lieu of all work experience and education completed on the application.
Employment at NCDIT is contingent upon a satisfactory background check.
Applicants seeking Veteran's Preference must attach a DD form 214, Certificate of Release or Discharge from Active Duty, along with your application.
Applicants seeking National Guard Preference must attach a NGB 23A (RPAS) if you are a current member of the NC National Guard in good standing. If you are a former member of the NC National Guard who served for at least 6 years and was discharged under honorable conditions, you must attach either a DD256 or NGB 22.
Applicants applying for positions that require specific coursework, must upload and attach a copy of the transcript with their application.
Applicants with relevant professional certifications to the posted job must attach proof of active certification along with the information in the “Certificates and Licenses” section.
If applicants earned college credit hours but did not complete a degree program, they must attach an official transcript to each application to receive credit for this education.
If applicants earned a foreign degree, foreign degrees require an official evaluation for U.S. equivalency, and must be submitted to Human Resources for verification. There are several organizations that perform this specialized service, feel free to use any service of your choosing. The National Association of Credential Evaluation Services (NACES) has several options on their website that can provide credential verification:
HYBRID/FLEXIBLE WORK SCHEDULES:
At NCDIT, we are dedicated to fostering a collaborative and flexible work environment, offering a hybrid remote work option for positions that are conducive to remote flexibility. If you do not currently reside within a reasonable commuting distance of the assigned duty station, new hires are granted up to 120 days from their start date to relocate. This relocation ensures the ability to work onsite multiple days per week. If you're eager to contribute to a dynamic workplace, we encourage you to apply!
COMPENSATION & BENEFITS:
The state of North Carolina offers excellent comprehensive benefits. Employees can participate in health insurance options, standard and supplemental retirement plans, and the NCFlex program (numerous high-quality, low-cost benefits on a pre-tax basis). Employees also receive paid vacation, sick, and community service leave. In addition, paid parental leave is available to eligible employees.
Some highlights include:
The best funded pension plan/retirement system in the nation according to Moody’s Investor’s Service
Twelve (12) holidays/year
Fourteen (14) vacation days/year which increase as length of service increases and accumulate year-to-year
Twelve (12) sick days/year which are cumulative indefinitely
Longevity pay lump sum payout yearly based on length of service
401K, 457, and 403(b) plans
Learn more about employee perks/benefits:
Why Work For NC?
NC OSHR: Benefits
NC OSHR: Total Compensation Calculator
To apply for this position, please click the "Apply" link above (on the Government Jobs website) or visit to complete an on-line application.
Due to the volume of applications received, we are unable to provide information regarding the status of your application over the phone. To check the status of your application, please log in to your account and click "Application Status." If you are selected for an interview, you will be contacted by management. If you are no longer under consideration, you will receive an email notification. If there are any questions about this posting other than your application status, please contact:
NCDIT Human Resources
Shaun Osborne
For technical issues with your application, please call the GovernmentJobs.com Applicant Support Help Line at .