Penetration Testing Lead
Washington, AR - USA
Job Summary
OCH Technologies is seeking a Penetration Testing Lead responsible for planning executing and documenting all penetration testing activities performed under this contract including network system application and aircraft cybersecurity assessments. This individual develops Rules of Engagement with system owners leads red and blue team exercises and delivers comprehensive penetration test reports that provide actionable technically sound findings and recommendations. The ideal candidate is an experienced offensive security professional who combines advanced technical expertise with the discipline sound judgment and attention to detail required to operate successfully in a highly regulated safety-critical environment.
This position supports a proposal effort and is contingent upon award customer approval and successful onboarding requirements.
Location
Hybrid Air Traffic Control System Command Center (ATCSCC) Washington DC
This position may require up to 50% travel to FAA facilities.
Core Responsibilities & Duties
- Serve as primary technical POC for all penetration testing activities including network system application aircraft cyber and specialized assessments.
- Develop Rules of Engagement (ROE) with system owners and ACG for each penetration test. Ensure all parties understand scope constraints and reporting requirements before testing begins.
- Personally lead high-complexity penetration tests in NAS and Mission Support environments. Direct testing teams during execution.
- Plan and execute red team and blue team exercises in simulated environments as directed by the FAA. Design realistic attack scenarios that test the effectiveness of NAS cybersecurity defenses.
- Document all penetration test results in Penetration Test Reports (PTRs) including attack vectors tested vulnerabilities discovered exploitation paths and recommended remediation actions.
- Assess and document impact when access is gained during testing including potential cascading effects on associated systems and network infrastructure. Report high-risk findings immediately to the FAA.
- Lead regression penetration testing to validate that previously identified vulnerabilities have been effectively remediated.
- Manage and maintain penetration testing tools and environments. All tools must be FAA-approved. No circumvention of access controls or privilege escalation outside approved ROE.
- Attend all Program Management Reviews and report on penetration testing status findings trends and upcoming test schedules.
- Develop briefings to support POAM development and remediation activities. When requested provide FAA leadership with prioritized remediation recommendations.
Responsibilities may evolve over time to support team and organizational goals but will remain consistent with the overall scope of the role.
Minimum Qualifications
Education
Bachelors degree in Cybersecurity Computer Science Information Technology Engineering Mathematics Physics or a related technical discipline from an accredited institution.
Masters degree in a related field preferred.
Experience
- Minimum of fifteen (15) years of cybersecurity experience including at least 5 years leading or supervising penetration testing teams.
- At least two (2) years of relevant experience must have been performed within the last 3 years.
- Demonstrated experience planning executing and documenting penetration testing engagements in complex multi-system environments.
- Expert-level proficiency with penetration testing tools such as Metasploit Burp Suite Nmap and related frameworks.
- Ability to conduct manual testing beyond automated tool output.
- Experience conducting manual testing and exploitation beyond automated scanner results.
- Deep understanding of NIST SP 800-115 PTES OWASP and industry-standard penetration testing methodologies.
- Experience developing and operating within formal Rules of Engagement (ROE) for penetration testing.
- Experience with red team / blue team exercises including scenario development execution and after-action reporting.
- Understanding of network exploitation across multi-vendor environments including wireless routing (Layer 3) switching (Layer 2) firewalls IDS/IPS and cloud services.
Security Clearance Requirement
Candidate must have the ability to obtain and maintain a Public Trust.
Active Secret clearance is preferred.
Certifications
Security certification such as OSCP OSCE OSWP OSWE CEH ECSA CEH Practical ECSA Practical LPT Master GCIH GPEN GWAPT GXPN GAWN or an equivalent industry-recognized credential.
Additional certifications in cyber defense incident response digital forensics or threat detection disciplines are highly preferred including CND CNDA GCIH GCIA GDAT GDSA GCED GCFA or comparable industry-recognized credentials.
Preferred Qualifications
- Prior experience testing NAS systems aviation systems or other air traffic management infrastructure.
- Experience with aircraft cyber testing including avionics flight control systems or air-ground communications systems.
- Experience testing industrial control systems (ICS) or operational technology (OT) environments.
- Experience with wireless and satellite-based communication system security testing.
- Familiarity with DoD offensive/defensive cyber operations frameworks.
- Command-and-control frameworks (Cobalt Strike Sliver Mythic) for realistic adversary simulation during red team exercises.
- Active Directory attack path analysis tools (BloodHound Impacket) for identifying lateral movement and privilege escalation paths.
- Nuclei for scalable automated vulnerability detection beyond legacy scanner coverage.
- Cloud-specific penetration testing tools (Pacu for AWS AzureHound) for cloud-hosted NAS support systems.
- Software-defined radio (SDR/HackRF) tools for testing air-to-ground and wireless communications systems that do not traverse physical networks.
- AI-driven fuzzing and adaptive attack path discovery tools for expanding attack surface coverage across complex interconnected NAS infrastructure.
Other Required Skills and Abilities
- Ability and willingness to travel and lead on-site penetration testing events at FAA facilities nationwide.
- Demonstrated ability to operate safely and effectively within mission-critical and operationally sensitive environments.
About Us: At OCH we are more than just a government contracting firm; we are innovators and leaders in providing cutting-edge IT services and cybersecurity solutions. Driven by a set of fundamental values we excel in creating secure efficient and forward-thinking solutions that empower the government agencies we work with. Our commitment to maintaining the highest standards of integrity adapting swiftly to new challenges and focusing on the people we serve ensures that we consistently exceed expectations and lead the industry in innovation and reliability.
What Defines Us:
- Integrity - We act with unwavering honesty ensuring every decision is rooted ethically.
- Adaptable - We swiftly adapt to changes seizing opportunities to innovate and lead.
- People-Focused - We prioritize relationships championing growth and mutual success.
- Accountable - We own our outcomes striving for excellence through continuous improvement.
- Collaborative - We cultivate teamwork harnessing diverse talents to forge groundbreaking solutions.
Why Join Us
Step into a role at OCH where your contributions make a tangible impact. Join a team that values creativity and initiative offering a platform to transform the landscape of government IT services. Here your work is not just a careerits a mission. Embrace the opportunity to grow innovate and excel alongside industry leaders who are as passionate about technology as they are about making a difference. Plus we offer a comprehensive benefits package designed to support your wellbeing and work-life balance including:
- Paid time off and Holidays
- Medical Dental and Vision Insurance
- Paid Parental Leave
- Short-term disability long-term disability and life insurance - Employer Paid!
- 401(k)
- Additional Voluntary Life Insurance
- Tuition Reimbursement
& More!
E-Verify Participation: OCH Technologies LLC is a participant of E-Verify to verify the identity and employment eligibility of newly hired employees.
Veterans Preference and Accessibility Statement: At OCH Technologies we deeply respect and appreciate the unique skills and experiences that veterans bring to our team. As a federal contractor we encourage qualified veterans to apply and provide preference where permitted by law. Your service and dedication are valued here.
We are committed to creating a workplace that is open welcoming and accessible to accordance with the Americans with Disabilities Act (ADA) and Section 503 of the Rehabilitation Act we provide reasonable accommodations throughout the hiring process to ensure individuals with disabilities can apply without barriers. If you need assistance or an accommodation please contact us at .
OCH Technologies LLC is proud to be an equal opportunity employer. We are committed to equal employment opportunity regardless of race color ancestry religion sex national origin sexual orientation age disability gender identity or any other protected characteristic as outlined by federal state or local laws.