×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

HHS - Penetration Tester

Remote / Online - Candidates ideally in
Rockville, Montgomery County, Maryland, 20849, USA
Listing for: cFocus Software Incorporated
Remote/Work from Home position
Listed on 2026-02-14
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 110000 USD Yearly USD 80000.00 110000.00 YEAR
Job Description & How to Apply Below

cFocus Software seeks a Penetration Tester to join our program supporting the Department of Health and Human Services (HHS). This position is remote. This position requires the ability to obtain a Public Trust clearance.

Qualifications
  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
  • Minimum 5–8 years of experience performing penetration testing or offensive security assessments.
  • Hands-on experience testing enterprise networks, applications, and cloud environments.
  • Strong knowledge of attack techniques, exploitation frameworks, and post-exploitation methods.
  • Experience with federal environments and vulnerability management programs preferred.
  • Strong understanding of NIST SP 800-53, NIST SP 800-30, and vulnerability management processes.
  • Excellent analytical, documentation, and communication skills.
  • OSCP, GPEN, CEH, or GXPN preferred.
Duties
  • Plan, execute, and document penetration tests against networks, systems, web applications, APIs, databases, and cloud environments.
  • Conduct internal, external, authenticated, unauthenticated, and adversary-simulation testing activities.
  • Perform exploitation, post-exploitation, and privilege escalation to demonstrate real-world risk.
  • Validate vulnerability scan findings and identify false positives and chained attack paths.
  • Conduct application penetration testing aligned with OWASP Top 10 and NIST guidance.
  • Support red team and purple team exercises in coordination with SOC and Incident Response teams.
  • Analyze attacker techniques using MITRE ATT&CK and document TTPs and attack paths.
  • Develop detailed penetration test reports including executive summaries, risk ratings, and remediation guidance.
  • Provide technical remediation guidance to system owners, engineers, developers, and ISSOs.
  • Validate remediation effectiveness through retesting and evidence review.
  • Support compliance testing requirements related to FISMA, RMF, and continuous monitoring.
  • Maintain strict rules of engagement, authorization documentation, and testing approvals.
  • Ensure testing activities comply with HHS, HRSA, and federal legal and ethical requirements.
#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search