HHS Penetration Tester

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: 15 hours ago

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Penetration Tester to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:

Bachelors degree in Cybersecurity Information Technology Computer Science or related field.
Minimum 58 years of experience performing penetration testing or offensive security assessments.
Hands-on experience testing enterprise networks applications and cloud environments.
Strong knowledge of attack techniques exploitation frameworks and post-exploitation methods.
Experience with federal environments and vulnerability management programs preferred.
Strong understanding of NIST SP 800-53 NIST SP 800-30 and vulnerability management processes.
Excellent analytical documentation and communication skills.
OSCP GPEN CEH or GXPN preferred.

Duties:

Plan execute and document penetration tests against networks systems web applications APIs databases and cloud environments.
Conduct internal external authenticated unauthenticated and adversary-simulation testing activities.
Perform exploitation post-exploitation and privilege escalation to demonstrate real-world risk.
Validate vulnerability scan findings and identify false positives and chained attack paths.
Conduct application penetration testing aligned with OWASP Top 10 and NIST guidance.
Support red team and purple team exercises in coordination with SOC and Incident Response teams.
Analyze attacker techniques using MITRE ATT&CK and document TTPs and attack paths.
Develop detailed penetration test reports including executive summaries risk ratings and remediation guidance.
Provide technical remediation guidance to system owners engineers developers and ISSOs.
Validate remediation effectiveness through retesting and evidence review.
Support compliance testing requirements related to FISMA RMF and continuous monitoring.
Maintain strict rules of engagement authorization documentation and testing approvals.
Ensure testing activities comply with HHS HRSA and federal legal and ethical requirements.

Required Experience:

Senior IC

Bachelors degree in Cybersecurity Information Technology Computer Science or related field.
Minimum 58 years of experience performing penetration testing or offensive security assessments.
Hands-on experience testing enterprise networks applications and cloud environments.
Strong knowledge of attack techniques exploitation frameworks and post-exploitation methods.
Experience with federal environments and vulnerability management programs preferred.
Strong understanding of NIST SP 800-53 NIST SP 800-30 and vulnerability management processes.
Excellent analytical documentation and communication skills.
OSCP GPEN CEH or GXPN preferred.

Duties:

Plan execute and document penetration tests against networks systems web applications APIs databases and cloud environments.
Conduct internal external authenticated unauthenticated and adversary-simulation testing activities.
Perform exploitation post-exploitation and privilege escalation to demonstrate real-world risk.
Validate vulnerability scan findings and identify false positives and chained attack paths.
Conduct application penetration testing aligned with OWASP Top 10 and NIST guidance.
Support red team and purple team exercises in coordination with SOC and Incident Response teams.
Analyze attacker techniques using MITRE ATT&CK and document TTPs and attack paths.
Develop detailed penetration test reports including executive summaries risk ratings and remediation guidance.
Provide technical remediation guidance to system owners engineers developers and ISSOs.
Validate remediation effectiveness through retesting and evidence review.
Support compliance testing requirements related to FISMA RMF and continuous monitoring.
Maintain strict rules of engagement authorization documentation and testing approvals.
Ensure testing activities comply with HHS HRSA and federal legal and ethical requirements.