Posted at: 2 February

HHS - Application Tester

Company

CompanycFocus Software Incorporated

cFocus Software is a Largo, Maryland-based B2G SaaS provider specializing in cybersecurity solutions and compliance automation for federal government agencies, including the DoD.

Remote Hiring Policy:

cFocus Software supports remote work for certain roles and is hiring from various locations within the United States, including Washington, DC. Team members may work remotely, but compliance as a federal contractor suggests a focus on U.S. candidates.

Job Type

Full-time

Allowed Applicant Locations

United States

Apply Here

Job Description

cFocus Software seeks a Application Tester to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:
  • Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field.
  • Minimum 4–6 years of experience performing application testing or application security assessments.
  • Experience testing web applications, APIs, and cloud-based systems.
  • Working knowledge of OWASP Top 10 vulnerabilities and secure application design principles.
  • Experience validating automated vulnerability scan results.
  • Familiarity with federal vulnerability management and RMF processes.
  • Strong analytical, documentation, and communication skills.
  • Active GTAPT, CEH, or Security+ is preferred
Duties:
 
  • Perform application security testing including dynamic application security testing (DAST), functional testing, and validation testing.
  • Execute test cases against web applications, APIs, microservices, and cloud-hosted applications.
  • Identify application-level vulnerabilities including authentication, authorization, input validation, session management, and data exposure weaknesses.
  • Validate findings from automated scanning tools and identify false positives.
  • Support secure development lifecycle (SDLC) activities by testing applications before release.
  • Document application vulnerabilities, test results, and remediation recommendations.
  • Verify remediation through re-testing and evidence validation.
  • Support application penetration testing and red team activities as required.
  • Coordinate testing activities with developers, system owners, ISSOs, and AppSec engineers.
  • Ensure testing aligns with OWASP Top 10, NIST guidance, and HHS security standards.
  • Maintain application testing SOPs, workflows, and test scripts.
  • Support vulnerability management reporting and POA&M evidence development.

 
Apply Here