Penetration Test Engineer

Healthcare’s helping hand.

CHG shook things up in 1979 by inventing the locum tenens staffing model. We connect doctors with patients who need their care. As the largest physician staffing firm in America, our providers treat millions of patients each year.

Our industry is growing and demand is high. This means you’ll have plenty of opportunities to grow and develop in your career. Keeping healthcare healthy can be as fun as it is rewarding

Information Security & Privacy is looking for a Penetration Test Engineer to join our team. The Penetration Test Engineer will deliver offensive security capabilities to validate CHG Healthcare's security controls across our multi-brand technology portfolio. As a Penetration Test Engineer on the ISP team you will conduct comprehensive penetration testing, implement DAST for web applications, and validate compliance framework alignment through security testing. This role will report to the Sr. Manager Application Security.

Responsibilities

• Conduct penetration testing across critical systems using comprehensive methodology (network, application, API, cloud, social engineering)

• Implement and manage Dynamic Application Security Testing (DAST) for web applications

• Validate security controls to achieve alignment with compliance frameworks (HIPAA, SOC 2, ISO 27001)

• Leverage AI-powered tools to enhance reconnaissance, vulnerability analysis, and testing workflows

• Support roadmap deliverables focused on demonstrable industry-recognized security controls

Qualifications

• Deep technical knowledge of common vulnerabilities, exploitation techniques, and remediation strategies

• Experience with penetration testing tools (Burp Suite, Metasploit, Kali Linux, etc.)

• Proficiency with web application, network, API, and cloud penetration testing methodologies

• Ability to creatively use AI tools to enhance penetration testing and security research

• Excellent communication skills to explain complex vulnerabilities to technical and non-technical audiences

Education & Experience

• 5+ years of hands-on penetration testing and offensive security experience

• Bachelor's degree in Computer Science, Information Security, or related field, or equivalent work experience

Preferred

• Experience in healthcare or highly regulated industries

• Offensive security certifications such as OSCP, OSCE, OSWE, GPEN, or GXPN

• Experience implementing and managing DAST tools (OWASP ZAP, Burp Suite Enterprise, etc.)

• Strong scripting skills (Python, Bash, PowerShell) for automation and tool development

In return we offer:

• 401(k) retirement plan with company match

• Traditional healthcare benefits such as medical and dental coverage, and some unique benefits like onsite health centers, corporate wellness programs, and free behavioral health appointments.
• Flexible work schedules - including work-from-home options available
• Recognition programs with rewards including trips, cash, and paid time off
• Family-friendly benefits including paid parental leave, fertility coverage, adoption assistance, and marriage counseling
• Tailored training resources including free LinkedIn learning courses
• Volunteer time off and employee-driven matching grants
• Tuition reimbursement programs

Click here to learn more about our company and culture.

CHG Healthcare values a diverse and inclusive workforce. Interested in this role but not a perfect fit? Apply anyway.

We welcome applicants of any race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status and individuals with disabilities as an Affirmative Action/Equal Opportunity Employer. We are an at-will employer.

What makes CHG Different?