Penetration Testing Lead
Listed on 2026-07-13
-
Engineering
Cybersecurity, Systems Engineer -
IT/Tech
Cybersecurity, Systems Engineer
Description
OCH Technologies is seeking a Penetration Testing Lead responsible for planning, executing, and documenting all penetration testing activities performed under this contract, including network, system, application, and aircraft cybersecurity assessments. This individual develops Rules of Engagement with system owners, leads red and blue team exercises, and delivers comprehensive penetration test reports that provide actionable, technically sound findings and recommendations. The ideal candidate is an experienced offensive security professional who combines advanced technical expertise with the discipline, sound judgment, and attention to detail required to operate successfully in a highly regulated, safety‑critical environment.
This position supports a proposal effort and is contingent upon award, customer approval, and successful onboarding requirements.
LocationHybrid – Air Traffic Control System Command Center (ATCSCC) Washington, DC
This position may require up to 50% travel to FAA facilities.
Core Responsibilities & Duties- Serve as primary technical POC for all penetration testing activities, including network, system, application, aircraft cyber, and specialized assessments.
- Develop Rules of Engagement (ROE) with system owners and ACG for each penetration test. Ensure all parties understand scope, constraints, and reporting requirements before testing begins.
- Personally lead high‑complexity penetration tests in NAS and Mission Support environments. Direct testing teams during execution.
- Plan and execute red team and blue team exercises in simulated environments as directed by the FAA. Design realistic attack scenarios that test the effectiveness of NAS cybersecurity defenses.
- Document all penetration test results in Penetration Test Reports (PTRs) including attack vectors tested, vulnerabilities discovered, exploitation paths, and recommended remediation actions.
- Assess and document impact when access is gained during testing, including potential cascading effects on associated systems and network infrastructure. Report high‑risk findings immediately to the FAA.
- Lead regression penetration testing to validate that previously identified vulnerabilities have been effectively remediated.
- Manage and maintain penetration testing tools and environments. All tools must be FAA‑approved. No circumvention of access controls or privilege escalation outside approved ROE.
- Attend all Program Management Reviews and report on penetration testing status, findings trends, and upcoming test schedules.
- Develop briefings to support POAM development and remediation activities. When requested, provide FAA leadership with prioritized remediation recommendations.
Responsibilities may evolve over time to support team and organizational goals but will remain consistent with the overall scope of the role.
RequirementsMinimum Qualifications Education
Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, Mathematics, Physics, or a related technical discipline from an accredited institution.
Master's degree in a related field preferred.
Experience- Minimum of fifteen (15) years of cybersecurity experience, including at least 5 years leading or supervising penetration testing teams.
- At least two (2) years of relevant experience must have been performed within the last 3 years.
- Demonstrated experience planning, executing, and documenting penetration testing engagements in complex, multi‑system environments.
- Expert‑level proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, and related frameworks.
- Ability to conduct manual testing beyond automated tool output.
- Experience conducting manual testing and exploitation beyond automated scanner results.
- Deep understanding of NIST SP 800‑115, PTES, OWASP, and industry‑standard penetration testing methodologies.
- Experience developing and operating within formal Rules of Engagement (ROE) for penetration testing.
- Experience with red team / blue team exercises including scenario development, execution, and after‑action reporting.
- Understanding of network exploitation across multi‑vendor environments including wireless, routing (Layer
…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).