Lead Penetration Tester
About The Position
The Senior Penetration Tester supports the FAA Office of Information Security & Privacy Service (AIS) Cybersecurity Operations program. This role is responsible for executing authorized penetration testing activities across FAA/DOT systems and networks, documenting processes and procedures, producing required reports and deliverables, and supporting Red/Blue Team and incident response exercises from an offensive perspective. The position operates within a controlled federal environment requiring strict adherence to Rules of Engagement (RoE), written authorizations, evidence handling requirements, and coordination with system owners, SOC analysts, and government stakeholders.
Requirements
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience).
- 5+ years of hands-on penetration testing experience in enterprise environments.
- Demonstrated experience operating under formal Rules of Engagement and written authorization processes.
- Experience producing detailed technical assessment reports and executive-level summaries.
- Strong understanding of network, web application, and system security vulnerabilities and exploitation techniques.
- Experience supporting federal or regulated environments with strict documentation and compliance requirements.
- Strong written and verbal communication skills with the ability to brief technical and non-technical stakeholders.
Nice To Haves
- Experience supporting federal cybersecurity programs (FAA, DOT, DoD, or similar).
- Experience participating in Red/Blue Team exercises and incident response simulations.
- Familiarity with NIST 800-115 and other federal security testing guidance.
- Relevant certifications such as OSCP, GPEN, CEH, CISSP, or similar.
- Experience assessing cloud or hybrid environments.
Responsibilities
- Conduct authorized penetration testing activities against FAA/DOT systems and networks in accordance with approved scope and Rules of Engagement.
- Perform no-knowledge and/or limited-knowledge assessments under Government supervision.
- Document, maintain, and update penetration testing processes and procedures.
- Develop Penetration Testing Project Management Plans outlining targets, schedules, staffing assignments, and status.
- Produce comprehensive Penetration Testing Reports of Findings including executive summaries, methodologies, vulnerabilities identified, risk impacts, and remediation recommendations.
- Generate weekly status reports in accordance with government-required format and timelines.
- Capture, retain, and manage logs and artifacts of all manual and automated testing activities for audit and forensic purposes.
- Coordinate with system owners and SOC teams to validate findings and support remediation efforts.
- Support Red/Blue Team exercises and incident response plan (IRP) exercises, including attack scenario development, execution, and post-exercise analysis.
- Evaluate and support integration or operational use of penetration testing tools as authorized.
Benefits
- Competitive compensation package and benefits.
- Professional development and certification opportunities.
- Collaborative and supportive team environment.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
