Lead Application Tester

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Application Tester. In this role, you will support various application security testing initiatives crucial for safeguarding public health technology systems. Your expertise will directly impact the security and integrity of applications used within the Department of Health and Human Services, ensuring they meet essential compliance and testing standards. This remote position allows for flexibility while contributing to vital projects that enhance user safety and system reliability.

• Perform application security testing including dynamic application security testing (DAST), functional testing, and validation testing.
• Execute test cases against web applications, APIs, microservices, and cloud-hosted applications.
• Identify application-level vulnerabilities including authentication, authorization, input validation, session management, and data exposure weaknesses.
• Validate findings from automated scanning tools and identify false positives.
• Support secure development lifecycle (SDLC) activities by testing applications before release.
• Document application vulnerabilities, test results, and remediation recommendations.
• Verify remediation through re-testing and evidence validation.
• Support application penetration testing and red team activities as required.
• Coordinate testing activities with developers, system owners, ISSOs, and AppSec engineers.
• Ensure testing aligns with OWASP Top 10, NIST guidance, and HHS security standards.
• Maintain application testing SOPs, workflows, and test scripts.
• Support vulnerability management reporting and POA&M evidence development.

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field.
• Minimum 4–6 years of experience performing application testing or application security assessments.
• Experience testing web applications, APIs, and cloud-based systems.
• Working knowledge of OWASP Top 10 vulnerabilities and secure application design principles.
• Experience validating automated vulnerability scan results.
• Familiarity with federal vulnerability management and RMF processes.
• Strong analytical, documentation, and communication skills.
• Active GTAPT, CEH, or Security+ is preferred.

• Flexible remote work arrangements.
• Opportunities for professional development and training.
• Collaborative and supportive team environment.
• Engagement in significant public health projects.
• Comprehensive health and wellness benefits.

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

#LI-CL1