System Tester / Assessor - SecuriGence LLC

Job Title: System Tester / Assessor

Location: Remote with occasional onsite meetings

Clearance Level: Public Trust BI

Summary

We deliver essential technology services to our customers in support of their missions to sustain the national security and economic interests of our nation. SecuriGence is seeking a System Tester / Assessor to support the Health and Human Services Administration for Community Living Enterprise IT Services Program.

The System Tester / Assessor will be responsible for conducting comprehensive security assessments and system testing for the HHS ACL EITS program. This role ensures that all systems comply with federal security standards, function as expected, and are free from vulnerabilities or performance issues. The individual will work closely with the ISSO, Security Architect, and development teams to assess security controls, validate system functionality, and perform various types of testing, ensuring compliance with FISMA, NIST, and other applicable regulations.

Responsibilities

• Conducts scans and assessments to identify vulnerabilities in systems, networks, and applications.
• Analyze findings to deter mine severity, potential impacts and required remediation actions.
• Perform Penetration testing using simulated attacks to find weakness that an actual attacker might exploit.
• Conduct both black box and white box testing on web applications, networks, APIs and other systems to discover vulnerabilities.
• Experience with security controls testing, threat modeling, Cloud security.
• Familiar with integrating security testing into CI/CD pipelines.
• Perform security assessments of information systems, ensuring compliance with FISMA, NIST 800-53, FedRAMP, and other federal standards.
• Document and report security risks, weaknesses, and findings to the Information System Security Manager (ISSM).
• Perform functional testing, integration testing, performance testing, and security testing on the systems used within the program.
• Develop test plans and scripts to validate the functionality and security of systems based on requirements.
• Identify, document, and report any system bugs, vulnerabilities, or performance issues.
• Use both automated and manual testing techniques to probe for vulnerabilities and document potential risks.
• Work with the security and development teams to mitigate and remediate identified vulnerabilities.
• Prepare and deliver comprehensive security assessment reports that highlight findings from audits, tests, and assessments.
• Ensure testing procedures and assessments comply with NIST RMF, FISMA, and Section 508 standards.
• Contribute to the development of System Security Plans (SSPs) by verifying and validating the security controls.

Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, Software Testing, or additional experience in Lieu of degree.
• 3+ years of experience in system testing, security assessments.
• Experience working with federal security guidelines, such as FISMA, NIST RMF, and FedRAMP.
• Proficiency with security testing tools such as Nessus, Burp Suite, Qualys, Metasploit, and other vulnerability assessment and penetration testing tools.
• Experience with automated testing frameworks and tools.
• Understanding of advanced persistent Threats and strategies for detection and prevention.
• Strong understanding of software development lifecycle (SDLC), quality assurance principles, and security controls.

Preferred Qualification

• Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or equivalent certification.
• Certified Software Tester (CSTE) or ISTQB certification is a plus.

About

SecuriGence LLC (SG) is an agile, Veteran-owned small business headquartered in the Washington, DC metropolitan region. Established in April 2010 we have been supporting the Department of Defense and other United States Civil agencies in Systems Engineering, Software Engineering, Software Development, Cyber Security, and Cloud/Virtualization Management.

SecuriGence provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.