Location: Remote / Hybrid / Travel as Required (U.S.)
Security Requirement: Must be eligible to obtain and maintain an HHS Tier 4 High Risk Public Trust.
About EnDyna
EnDyna is seeking experienced Penetration Testers to support the Department of Health and Human Services (HHS) Office of Inspector General (OIG) Cyber Assessment Team. The successful candidate will conduct advanced penetration testing, security assessments, vulnerability analysis, exploitation activities, technical reporting, and cybersecurity consulting supporting Federal audit activities.
Candidates will be considered for either Mid-Level or Senior positions based upon education, certifications, and demonstrated experience.
Position Responsibilities
The selected candidate will perform cybersecurity assessments including:
Penetration Testing
Perform external network penetration testing
Perform internal network penetration testing
Perform web application penetration testing
Perform cloud security assessments
Perform wireless security assessments
Perform mobile application testing
Perform container security assessments
Perform AI system security assessments
Conduct phishing and social engineering assessments
Perform information gathering and reconnaissance
Enumerate hosts, services, operating systems, applications and network devices
Identify vulnerabilities and attack paths
Exploit vulnerabilities using approved methodologies
Perform post-exploitation activities
Demonstrate persistence techniques
Evaluate data access and exfiltration opportunities
Document countermeasures encountered during testing
Validate remediation activities
Security Analysis
Analyze vulnerability scan results
Correlate findings from multiple tools
Eliminate false positives
Prioritize vulnerabilities based upon risk
Map findings to NIST, CVE, OWASP and Federal guidance
Develop mitigation recommendations
Documentation & Reporting
Prepare professional technical documentation including:
Rules of Engagement review
Attack confirmation lists
Penetration testing reports
Executive summaries
Technical findings
Risk analyses
Recommendations
Supporting evidence
Screenshots
Logs
Testing artifacts
Customer Interaction
Participate in planning meetings
Conduct entrance conferences
Present technical findings
Participate in status briefings
Explain vulnerabilities to both technical and executive audiences
Support audit teams throughout engagements
Technical Assistance
Provide cybersecurity expertise supporting OIG auditors by:
Performing vulnerability scans
Analyzing scan results
Advising auditors on security findings
Supporting remote assessments
Participating in technical discussions
Required Qualifications
Mid-Level
Bachelor's degree in Cybersecurity, Computer Science, Information Technology or related field
4+ years of penetration testing experience
Experience performing network and web application penetration testing
Experience with vulnerability assessment tools
Experience writing professional technical reports
Knowledge of TCP/IP networking
Understanding of Windows and Linux operating systems
Senior Level
Bachelor's degree (Master's preferred)
8+ years of penetration testing experience
Experience leading penetration testing engagements
Advanced exploitation experience
Experience with cloud environments
Experience mentoring junior testers
Experience briefing executive leadership
Strong technical writing skills
Desired Technical Skills
Experience with:
Burp Suite Pro
Nmap
Nessus
Metasploit
Kali Linux
Wireshark
BloodHound
Impacket
CrackMapExec
PowerShell
Python
Azure
AWS
Docker
Kubernetes
Active Directory
Microsoft Entra ID
Wireless testing tools
Preferred Certifications
One or more of:
OSCP
OSCE
OSEP
GPEN
GWAPT
GXPN
GCIH
CISSP
Security+
PNPT
CRTO
Desired Knowledge
Experience with:
NIST SP 800-115
OWASP Testing Guide
MITRE ATT&CK
CVSS
Federal cybersecurity environments
FISMA
FedRAMP
Travel
Occasional travel throughout the United States may be required.
Why Join EnDyna
Support one of the Federal Government's premier cybersecurity audit organizations
Perform real-world penetration testing
Work alongside nationally recognized cybersecurity experts
All Job Ads are subject to GrabJobs’s Terms of Service. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by GrabJobs moderation team. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.
Be the first to receive the latest Others Full-Time Jobs in the US.
Setup your job alert:
By activating job alerts, I agree to GrabJobs Terms & Privacy Policy. I can unsubscribe to job alerts anytime.
Skip
GrabJobs is the no1 job portal in the US, connecting you to thousands of jobs fast!
Find the best jobs in the US, apply in 1 click and get a job today!