cFocus Softwareorporated logo

HHS - Penetration Tester

cFocus Softwareorporated
2 months ago
Full-time
Remote
United States
Penetration Tester
cFocus Software seeks a Penetration Tester to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:
  • Bachelorโ€™s degree in Cybersecurity, Information Technology, Computer Science, or related field.
  • Minimum 5โ€“8 years of experience performing penetration testing or offensive security assessments.
  • Hands-on experience testing enterprise networks, applications, and cloud environments.
  • Strong knowledge of attack techniques, exploitation frameworks, and post-exploitation methods.
  • Experience with federal environments and vulnerability management programs preferred.
  • Strong understanding of NIST SP 800-53, NIST SP 800-30, and vulnerability management processes.
  • Excellent analytical, documentation, and communication skills.
  • OSCP, GPEN, CEH, or GXPN preferred.
Duties:
ย 
  • Plan, execute, and document penetration tests against networks, systems, web applications, APIs, databases, and cloud environments.
  • Conduct internal, external, authenticated, unauthenticated, and adversary-simulation testing activities.
  • Perform exploitation, post-exploitation, and privilege escalation to demonstrate real-world risk.
  • Validate vulnerability scan findings and identify false positives and chained attack paths.
  • Conduct application penetration testing aligned with OWASP Top 10 and NIST guidance.
  • Support red team and purple team exercises in coordination with SOC and Incident Response teams.
  • Analyze attacker techniques using MITRE ATT&CK and document TTPs and attack paths.
  • Develop detailed penetration test reports including executive summaries, risk ratings, and remediation guidance.
  • Provide technical remediation guidance to system owners, engineers, developers, and ISSOs.
  • Validate remediation effectiveness through retesting and evidence review.
  • Support compliance testing requirements related to FISMA, RMF, and continuous monitoring.
  • Maintain strict rules of engagement, authorization documentation, and testing approvals.
  • Ensure testing activities comply with HHS, HRSA, and federal legal and ethical requirements.

ย