HHS - Penetration Tester jobs in United States
cer-icon
Apply on Employer Site
company-logo

cFocus Software Incorporated · 23 hours ago

HHS - Penetration Tester

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
date5+ years exp

cFocus Software seeks a Penetration Tester to join our program supporting the Department of Health and Human Services (HHS). This role involves planning, executing, and documenting penetration tests across various environments to identify vulnerabilities and assess security risks.

ChatbotGovernmentInformation TechnologySoftware
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Plan, execute, and document penetration tests against networks, systems, web applications, APIs, databases, and cloud environments
Conduct internal, external, authenticated, unauthenticated, and adversary-simulation testing activities
Perform exploitation, post-exploitation, and privilege escalation to demonstrate real-world risk
Validate vulnerability scan findings and identify false positives and chained attack paths
Conduct application penetration testing aligned with OWASP Top 10 and NIST guidance
Support red team and purple team exercises in coordination with SOC and Incident Response teams
Analyze attacker techniques using MITRE ATT&CK and document TTPs and attack paths
Develop detailed penetration test reports including executive summaries, risk ratings, and remediation guidance
Provide technical remediation guidance to system owners, engineers, developers, and ISSOs
Validate remediation effectiveness through retesting and evidence review
Support compliance testing requirements related to FISMA, RMF, and continuous monitoring
Maintain strict rules of engagement, authorization documentation, and testing approvals
Ensure testing activities comply with HHS, HRSA, and federal legal and ethical requirements

Qualification

Penetration TestingOffensive Security AssessmentsNIST SP 800-53NIST SP 800-30OSCP CertificationVulnerability ManagementAnalytical SkillsDocumentation SkillsCommunication Skills

Required

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
Minimum 5–8 years of experience performing penetration testing or offensive security assessments
Hands-on experience testing enterprise networks, applications, and cloud environments
Strong knowledge of attack techniques, exploitation frameworks, and post-exploitation methods
Strong understanding of NIST SP 800-53, NIST SP 800-30, and vulnerability management processes
Excellent analytical, documentation, and communication skills
Ability to obtain a Public Trust clearance

Preferred

Experience with federal environments and vulnerability management programs
OSCP, GPEN, CEH, or GXPN

Company

cFocus Software Incorporated

twittertwitter
company-logo
cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint.
dateFounded in 2006
location
Largo, Florida, USA
people-size11-50 employees
web-link
https://cfocussoftware.com/

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Manisha Griesinger, MPH, MSc
Program Manager | U.S. EPA Office of the Chief Financial Officer
linkedin
Company data provided by crunchbase