HHS - Application Tester

cFocus Software seeks a Application Tester to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance. Qualifications: Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field. Minimum 4–6 years of experience performing application testing or application security assessments. Experience testing web applications, APIs, and cloud-based systems. Working knowledge of OWASP Top 10 vulnerabilities and secure application design principles. Experience validating automated vulnerability scan results. Familiarity with federal vulnerability management and RMF processes. Strong analytical, documentation, and communication skills. Active GTAPT, CEH, or Security+ is preferred Duties: Perform application security testing including dynamic application security testing (DAST), functional testing, and validation testing. Execute test cases against web applications, APIs, microservices, and cloud-hosted applications. Identify application-level vulnerabilities including authentication, authorization, input validation, session management, and data exposure weaknesses. Validate findings from automated scanning tools and identify false positives. Support secure development lifecycle (SDLC) activities by testing applications before release. Document application vulnerabilities, test results, and remediation recommendations. Verify remediation through re-testing and evidence validation. Support application penetration testing and red team activities as required. Coordinate testing activities with developers, system owners, ISSOs, and AppSec engineers. Ensure testing aligns with OWASP Top 10, NIST guidance, and HHS security standards. Maintain application testing SOPs, workflows, and test scripts. Support vulnerability management reporting and POA&M evidence development.