logo inner

HHS - Penetration Tester

Companycfocussoftware
LocationWorldwide
TypeRemote
cFocus Software seeks a Penetration Tester to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.

Qualifications:


  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
  • Minimum 5–8 years of experience performing penetration testing or offensive security assessments.
  • Hands-on experience testing enterprise networks, applications, and cloud environments.
  • Strong knowledge of attack techniques, exploitation frameworks, and post-exploitation methods.
  • Experience with federal environments and vulnerability management programs preferred.
  • Strong understanding of NIST SP 800-53, NIST SP 800-30, and vulnerability management processes.
  • Excellent analytical, documentation, and communication skills.
  • OSCP, GPEN, CEH, or GXPN preferred.

Duties:


  • Plan, execute, and document penetration tests against networks, systems, web applications, APIs, databases, and cloud environments.
  • Conduct internal, external, authenticated, unauthenticated, and adversary-simulation testing activities.
  • Perform exploitation, post-exploitation, and privilege escalation to demonstrate real-world risk.
  • Validate vulnerability scan findings and identify false positives and chained attack paths.
  • Conduct application penetration testing aligned with OWASP Top 10 and NIST guidance.
  • Support red team and purple team exercises in coordination with SOC and Incident Response teams.
  • Analyze attacker techniques using MITRE ATT&CK and document TTPs and attack paths.
  • Develop detailed penetration test reports including executive summaries, risk ratings, and remediation guidance.
  • Provide technical remediation guidance to system owners, engineers, developers, and ISSOs.
  • Validate remediation effectiveness through retesting and evidence review.
  • Support compliance testing requirements related to FISMA, RMF, and continuous monitoring.
  • Maintain strict rules of engagement, authorization documentation, and testing approvals.
  • Ensure testing activities comply with HHS, HRSA, and federal legal and ethical requirements.


Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Quick SearchSearch JobsSearch Remote Jobs hiring WorldwideSearch Remote Jobs in the USSearch Jobs in IndiaSearch Remote Jobs in UKSearch by Title
AreaCaliforniaMassachusettsNew YorkTexasVirginiaWashington D.C.View all
Popular SubRemote JobsWeb3 JobsiOS Developer JobsFront End Developer Remote JobsComputational Geometry JobsCannabis CareersView all
CompanyAbout UsContact usBlogCreditsCareersPrivacy PolicyCookie Policy
Copyright © 2025