Lead Penetration Tester

Position Title: Lead Penetration Tester

Position Type: Full Time Employee

Location: Hybrid (Leesburg & Remote)

Clearance Requirement: Secret

The Senior Penetration Tester supports the FAA Office of Information Security & Privacy Service (AIS) Cybersecurity Operations program. This role is responsible for executing authorized penetration testing activities across FAA/DOT systems and networks, documenting processes and procedures, producing required reports and deliverables, and supporting Red/Blue Team and incident response exercises from an offensive perspective.

The position operates within a controlled federal environment requiring strict adherence to Rules of Engagement (RoE), written authorizations, evidence handling requirements, and coordination with system owners, SOC analysts, and government stakeholders.

• Conduct authorized penetration testing activities against FAA/DOT systems and networks in accordance with approved scope and Rules of Engagement.
• Perform no-knowledge and/or limited-knowledge assessments under Government supervision.
• Document, maintain, and update penetration testing processes and procedures.
• Develop Penetration Testing Project Management Plans outlining targets, schedules, staffing assignments, and status.
• Produce comprehensive Penetration Testing Reports of Findings including executive summaries, methodologies, vulnerabilities identified, risk impacts, and remediation recommendations.
• Generate weekly status reports in accordance with government-required format and timelines.
• Capture, retain, and manage logs and artifacts of all manual and automated testing activities for audit and forensic purposes.
• Coordinate with system owners and SOC teams to validate findings and support remediation efforts.
• Support Red/Blue Team exercises and incident response plan (IRP) exercises, including attack scenario development, execution, and post-exercise analysis.
• Evaluate and support integration or operational use of penetration testing tools as authorized.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience).
• 5+ years of hands-on penetration testing experience in enterprise environments.
• Demonstrated experience operating under formal Rules of Engagement and written authorization processes.
• Experience producing detailed technical assessment reports and executive-level summaries.
• Strong understanding of network, web application, and system security vulnerabilities and exploitation techniques.
• Experience supporting federal or regulated environments with strict documentation and compliance requirements.
• Strong written and verbal communication skills with the ability to brief technical and non-technical stakeholders.

• Experience supporting federal cybersecurity programs (FAA, DOT, DoD, or similar).
• Experience participating in Red/Blue Team exercises and incident response simulations.
• Familiarity with NIST 800-115 and other federal security testing guidance.
• Relevant certifications such as OSCP, GPEN, CEH, CISSP, or similar.
• Experience assessing cloud or hybrid environments.

• Competitive compensation package and benefits.
• Salary Range 150 - 160K.
• Professional development and certification opportunities.
• Collaborative and supportive team environment.