Penetration Test Engineer

Healthcare's helping hand.

CHG shook things up in 1979 by inventing the locum tenens staffing model.

We connect doctors with patients who need their care.

As the largest physician staffing firm in America, our providers treat millions of patients each year.

Our industry is growing and demand is high.

This means you'll have plenty of opportunities to grow and develop in your career.

Keeping healthcare healthy can be as fun as it is rewarding

Information Security & Privacy is looking for a Penetration Test Engineer to join our team.

The Penetration Test Engineer will deliver offensive security capabilities to validate CHG Healthcare's security controls across our multi-brand technology portfolio.

As a Penetration Test Engineer on the ISP team you will conduct comprehensive penetration testing, implement DAST for web applications, and validate compliance framework alignment through security testing.

This role will report to the Sr.

Manager Application Security.

Responsibilities

• Conduct penetration testing across critical systems using comprehensive methodology (network, application, API, cloud, social engineering)

• Implement and manage Dynamic Application Security Testing (DAST) for web applications

• Validate security controls to achieve alignment with compliance frameworks (HIPAA, SOC 2, ISO 27001)

• Leverage AI-powered tools to enhance reconnaissance, vulnerability analysis, and testing workflows

• Support roadmap deliverables focused on demonstrable industry-recognized security controls

Qualifications

• Deep technical knowledge of common vulnerabilities, exploitation techniques, and remediation strategies

• Experience with penetration testing tools (Burp Suite, Metasploit, Kali Linux, etc.)

• Proficiency with web application, network, API, and cloud penetration testing methodologies

• Ability to creatively use AI tools to enhance penetration testing and security research

• Excellent communication skills to explain complex vulnerabilities to technical and non-technical audiences

Education & Experience

• 5+ years of hands-on penetration testing and offensive security experience

• Bachelor's degree in Computer Science, Information Security, or related field, or equivalent work experience

Preferred

• Experience in healthcare or highly regulated industries

• Offensive security certifications such as OSCP, OSCE, OSWE, GPEN, or GXPN

• Experience implementing and managing DAST tools (OWASP ZAP, Burp Suite Enterprise, etc.)

• Strong scripting skills (Python, Bash, PowerShell) for automation and tool development

We believe in fair compensation for all of our people, which is why our pay structure takes into account the cost of labor across U.S.

geographic markets.

For this position, we offer a pay range of $81,900 -- $122,900 annually, with pay varying depending on work location and job-related factors such as knowledge, position level and experience.

During the hiring process, your recruiter c...