Accountabilities

• Perform application security testing including dynamic application security testing (DAST), functional testing, and validation testing.
• Execute test cases against web applications, APIs, microservices, and cloud-hosted applications.
• Identify application-level vulnerabilities including authentication, authorization, input validation, session management, and data exposure weaknesses.
• Validate findings from automated scanning tools and identify false positives.
• Support secure development lifecycle (SDLC) activities by testing applications before release.
• Document application vulnerabilities, test results, and remediation recommendations.
• Verify remediation through re-testing and evidence validation.
• Support application penetration testing and red team activities as required.
• Coordinate testing activities with developers, system owners, ISSOs, and AppSec engineers.
• Ensure testing aligns with OWASP Top 10, NIST guidance, and HHS security standards.
• Maintain application testing SOPs, workflows, and test scripts.
• Support vulnerability management reporting and POA&M evidence development.

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field.
• Minimum 4–6 years of experience performing application testing or application security assessments.
• Experience testing web applications, APIs, and cloud-based systems.
• Working knowledge of OWASP Top 10 vulnerabilities and secure application design principles.
• Experience validating automated vulnerability scan results.
• Familiarity with federal vulnerability management and RMF processes.
• Strong analytical, documentation, and communication skills.
• Active GTAPT, CEH, or Security+ is preferred.

Benefits

• Flexible remote work arrangements.
• Opportunities for professional development and training.
• Collaborative and supportive team environment.
• Engagement in significant public health projects.
• Comprehensive health and wellness benefits.