Penetration Test Engineer
About The Position
Healthcare’s helping hand. CHG shook things up in 1979 by inventing the locum tenens staffing model. We connect doctors with patients who need their care. As the largest physician staffing firm in America, our providers treat millions of patients each year. Our industry is growing and demand is high. This means you’ll have plenty of opportunities to grow and develop in your career. Keeping healthcare healthy can be as fun as it is rewarding Information Security & Privacy is looking for a Penetration Test Engineer to join our team. The Penetration Test Engineer will deliver offensive security capabilities to validate CHG Healthcare's security controls across our multi-brand technology portfolio. As a Penetration Test Engineer on the ISP team you will conduct comprehensive penetration testing, implement DAST for web applications, and validate compliance framework alignment through security testing. This role will report to the Sr. Manager Application Security.
Requirements
- Deep technical knowledge of common vulnerabilities, exploitation techniques, and remediation strategies
- Experience with penetration testing tools (Burp Suite, Metasploit, Kali Linux, etc.)
- Proficiency with web application, network, API, and cloud penetration testing methodologies
- Ability to creatively use AI tools to enhance penetration testing and security research
- Excellent communication skills to explain complex vulnerabilities to technical and non-technical audiences
- 5+ years of hands-on penetration testing and offensive security experience
- Bachelor's degree in Computer Science, Information Security, or related field, or equivalent work experience
Nice To Haves
- Experience in healthcare or highly regulated industries
- Offensive security certifications such as OSCP, OSCE, OSWE, GPEN, or GXPN
- Experience implementing and managing DAST tools (OWASP ZAP, Burp Suite Enterprise, etc.)
- Strong scripting skills (Python, Bash, PowerShell) for automation and tool development
Responsibilities
- Conduct penetration testing across critical systems using comprehensive methodology (network, application, API, cloud, social engineering)
- Implement and manage Dynamic Application Security Testing (DAST) for web applications
- Validate security controls to achieve alignment with compliance frameworks (HIPAA, SOC 2, ISO 27001)
- Leverage AI-powered tools to enhance reconnaissance, vulnerability analysis, and testing workflows
- Support roadmap deliverables focused on demonstrable industry-recognized security controls
Benefits
- 401(k) retirement plan with company match
- Traditional healthcare benefits such as medical and dental coverage, and some unique benefits like onsite health centers, corporate wellness programs, and free behavioral health appointments.
- Flexible work schedules - including work-from-home options available
- Recognition programs with rewards including trips, cash, and paid time off
- Family-friendly benefits including paid parental leave, fertility coverage, adoption assistance, and marriage counseling
- Tailored training resources including free LinkedIn learning courses
- Volunteer time off and employee-driven matching grants
- Tuition reimbursement programs
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
51-100 employees
