HHS - Penetration Tester

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
• Minimum 5–8 years of experience performing penetration testing or offensive security assessments.
• Hands-on experience testing enterprise networks, applications, and cloud environments.
• Strong knowledge of attack techniques, exploitation frameworks, and post-exploitation methods.
• Experience with federal environments and vulnerability management programs preferred.
• Strong understanding of NIST SP 800-53, NIST SP 800-30, and vulnerability management processes.
• Excellent analytical, documentation, and communication skills.
• OSCP, GPEN, CEH, or GXPN preferred.

• Plan, execute, and document penetration tests against networks, systems, web applications, APIs, databases, and cloud environments.
• Conduct internal, external, authenticated, unauthenticated, and adversary-simulation testing activities.
• Perform exploitation, post-exploitation, and privilege escalation to demonstrate real-world risk.
• Validate vulnerability scan findings and identify false positives and chained attack paths.
• Conduct application penetration testing aligned with OWASP Top 10 and NIST guidance.
• Support red team and purple team exercises in coordination with SOC and Incident Response teams.
• Analyze attacker techniques using MITRE ATT&CK and document TTPs and attack paths.
• Develop detailed penetration test reports including executive summaries, risk ratings, and remediation guidance.
• Provide technical remediation guidance to system owners, engineers, developers, and ISSOs.
• Validate remediation effectiveness through retesting and evidence review.
• Support compliance testing requirements related to FISMA, RMF, and continuous monitoring.
• Maintain strict rules of engagement, authorization documentation, and testing approvals.
• Ensure testing activities comply with HHS, HRSA, and federal legal and ethical requirements.

Powered by JazzHR