Performance & Security Testing Engineer

Spar Information Systems Logo
Spar Information Systems
United States (Remote)
  • Security
  • Applications have closed

Role: Performance & Security Testing Engineer

Location: Remote

Duration: 12 Months

Mandatory Skills: Performance Testing, Security Testing, Penetration Testing.

Job description:

We are seeking a skilled Performance and Security Testing Engineer (PenTest) with strong expertise in testing mission-critical healthcare applications. The candidate will be responsible for ensuring applications are secure, performant, HIPAA-compliant, and resilient to vulnerabilities and high transaction volumes.

Key Responsibilities Performance Testing:

Design, develop, and execute performance, load, stress, and scalability tests for healthcare applications (e.g., provider portals, claims processing systems, EHR integrations).

Monitor system performance under peak loads and identify bottlenecks in application, database, or infrastructure.

Define KPIs (response time, throughput, concurrent users, memory utilization, CPU usage, etc.) and prepare performance test reports.

Collaborate with development, infrastructure, and DevOps teams to tune performance issues.

Security & Penetration Testing:

Conduct penetration testing, vulnerability assessments, and security code reviews for healthcare applications and APIs.

Identify OWASP Top 10 vulnerabilities, configuration weaknesses, and potential data exposure risks.

Perform static and dynamic application security testing (SAST/DAST) across web, mobile, and API layers.

Recommend and validate remediations for vulnerabilities and provide risk-based prioritization.

Ensure compliance with HIPAA, HITRUST, and other healthcare data security standards.

Collaboration & Reporting:

Work closely with QA, DevSecOps, and development teams to integrate security and performance testing into CI/CD pipelines.

Document findings, prepare dashboards/reports, and present results to technical and non-technical stakeholders.

Contribute to continuous improvement of testing methodologies, tools, and processes.

Required Skills & Qualifications

Bachelor’s degree in computer science, Information Security, or related field.

5 years of experience in Performance Testing and Security Testing.

Proficiency with performance testing tools (JMeter, LoadRunner, Gatling, BlazeMeter, or similar).

Experience with penetration testing tools (Burp Suite, OWASP ZAP, Nessus, Metasploit, Kali Linux).

Strong understanding of web technologies, APIs, cloud platforms (AWS/Azure), and databases.

Knowledge of healthcare compliance and regulatory standards (HIPAA, HITRUST, PHI/PII protection).

Familiarity with DevSecOps practices and integrating security testing in CI/CD pipelines.

Strong problem-solving and communication skills.

Preferred Qualifications

Experience with healthcare payer/provider applications (claims, enrollment, EDI, HL7, FHIR, EMR/EHR systems).

Certification(s) such as OSCP, CEH, CISSP, CISA, CPT, or HP LoadRunner.

Exposure to container security (Docker, Kubernetes), API security, and cloud security.

Apply for job