Security Assessment Lead
Hybrid Remote (ATCSCC) Washington, DC OR (MMAC) Oklahoma City, OK
Description

 

OCH Technologies is seeking a Security Assessment Lead to act as the technical authority for all independent risk assessments, vulnerability assessments, and analyses of alternatives conducted under this contract. The candidate will lead assessment planning, assign and mentor assessment teams, ensures assessment execution follows NIST 800-53A methodology, and is accountable for the quality and completeness of all System Security Assessment Reports (SARs) delivered.  


This position supports a proposal effort and is contingent upon award, customer approval, and successful onboarding requirements.  


Location 

Hybrid – FAA Hubs Air Traffic Control System Command Center (ATCSCC) Washington, DC OR Mike Monroney Aeronautical Center (MMAC) Oklahoma City. OK.


This position may require up to 50% travel to FAA facilities. 


Core Responsibilities & Duties 

  • Serve as primary technical POC for all security assessments, vulnerability assessments, and analyses of alternatives under the contract. 
  • Lead assessment planning and coordination at FAA facilities nationwide, including developing System Security Assessment Test Plans and managing pre- and post-assessment activities. 
  • Personally lead complex or high-visibility assessment events.  
  • Ensure all assessments use the three NIST 800-53A methods (Examine, Interview, Test) and produce compliant SARs. 
  • Develop and maintain vulnerability scanning strategies including Tactics, Techniques, and Procedures (TTPs).  
  • Evaluate and recommend scanning tools and configurations for NAS and Mission Support environments. 
  • Conduct risk translation from assessment findings and develop draft Plans of Action and Milestones (POAMs) with actionable remediation guidance. 
  • Lead regression assessment activities to validate that patches, fixes, and configuration changes mitigate previously identified vulnerabilities. 
  • Attend all Program Management Reviews and report on assessment status, deliverable timelines, and technical issues. 
  • Mentor and develop junior assessment staff.  
  • Build a team culture where analysts take ownership of their assigned systems and drive assessments to completion independently. 
  • Coordinate with NAS system owners, FAA facility staff, AIT/AIS, and ACG to schedule assessments and resolve access and logistical issues. 
  • Ensure assessment work in NAS operational environments follows safety protocols. Test methods for NAS systems may need to be conducted in lab environments due to air traffic safety constraints. 

Responsibilities may evolve over time to support team and organizational goals but will remain consistent with the overall scope of the role. 

Requirements

 

Minimum Qualifications 

Education 

Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, Mathematics, or Physics from an accredited institution. Master's degree in a related field preferred


Experience 

  • At least fifteen (15)+ years of cybersecurity experience. 
  • Minimum of five (5) years of management and supervisory responsibility leading risk and vulnerability assessment teams. 
  • At least two (2) years of relevant experience performed within the last 3 years. 
  • Demonstrated track record of successful completion of multiple independent risk assessments and vulnerability assessments on complex, multi-system environments. 
  • Deep working knowledge of NIST SP 800-53 (Rev. 4/5), NIST SP 800-53A, NIST SP 800-37 (RMF), and FIPS-199 security categorization. 
  • Hands-on experience with vulnerability assessment tools including Nessus, WebInspect, AppDetective Pro, nMap, and Tcpdump. 
  • Experience developing System Security Assessment Reports (SARs), Plans of Action and Milestones (POAMs), and assessment test plans. 
  • Experience working in Operational Technology (OT), Industrial Control Systems (ICS), or other safety-critical infrastructure environments. 

Security Clearance Requirement 

Candidate must have the ability to obtain and maintain a Public Trust

Active Secret level clearance preferred


Certifications 

Current cybersecurity certification aligned with security assessment and risk management disciplines, including CISSP, GCED, CompTIA CASP+, CISA, or an equivalent. CAP (Certified Authorization Professional) or equivalent RMF certification preferred

 

Preferred Qualifications 

  • Prior experience assessing National Airspace System (NAS) systems or other FAA Air Traffic Organization (ATO) systems. 
  • Familiarity with FAA Order 1370.82, FAA Order 1370.121, and the ATO ISCM Plan. 
  • Experience supporting FAA Assessment & Authorization (A&A) processes. 
  • Experience conducting assessments of cloud-based services and web-facing applications in federal environments. 
  • Experience supporting international assessments or telecommunications infrastructure assessments. 

Other Required Skills and Abilities 

  • Strong written and verbal communication skills with the ability to produce clear, defensible, and actionable technical documentation. 
  • Proven leadership and team development capabilities. 
  • Ability to manage multiple assessment efforts simultaneously while maintaining quality standards. 
  • Strong analytical and problem-solving skills. 
  • Ability to work effectively with government stakeholders, technical teams, and senior leadership. 

 




About Us: At OCH, we are more than just a government contracting firm; we are innovators and leaders in providing cutting-edge IT services and cybersecurity solutions. Driven by a set of fundamental values, we excel in creating secure, efficient, and forward-thinking solutions that empower the government agencies we work with. Our commitment to maintaining the highest standards of integrity, adapting swiftly to new challenges, and focusing on the people we serve ensures that we consistently exceed expectations and lead the industry in innovation and reliability. 


What Defines Us: 

  • Integrity - We act with unwavering honesty, ensuring every decision is rooted ethically. 
  • Adaptable - We swiftly adapt to changes, seizing opportunities to innovate and lead. 
  • People-Focused - We prioritize relationships, championing growth and mutual success. 
  • Accountable - We own our outcomes, striving for excellence through continuous improvement. 
  • Collaborative - We cultivate teamwork, harnessing diverse talents to forge groundbreaking solutions. 

Why Join Us? 

Step into a role at OCH where your contributions make a tangible impact. Join a team that values creativity and initiative, offering a platform to transform the landscape of government IT services. Here, your work is not just a career—it's a mission. Embrace the opportunity to grow, innovate, and excel alongside industry leaders who are as passionate about technology as they are about making a difference. Plus, we offer a comprehensive benefits package designed to support your wellbeing and work-life balance, including: 

  • Paid time off and Holidays 
  • Medical, Dental, and Vision Insurance 
  • Paid Parental Leave 
  • Short-term disability, long-term disability, and life insurance - Employer Paid! 
  • 401(k) 
  • Additional Voluntary Life Insurance 
  • Tuition Reimbursement 

& More! 


E-Verify Participation: OCH Technologies, LLC is a participant of E-Verify to verify the identity and employment eligibility of newly hired employees. 


Veteran’s Preference and Accessibility Statement: At OCH Technologies, we deeply respect and appreciate the unique skills and experiences that veterans bring to our team. As a federal contractor, we encourage qualified veterans to apply and provide preference where permitted by law. Your service and dedication are valued here. 


We are committed to creating a workplace that is open, welcoming, and accessible to everyone. In accordance with the Americans with Disabilities Act (ADA) and Section 503 of the Rehabilitation Act, we provide reasonable accommodations throughout the hiring process to ensure individuals with disabilities can apply without barriers. If you need assistance or an accommodation, please contact us at hiring@ochtec.com.  


OCH Technologies, LLC is proud to be an equal opportunity employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, disability, gender identity, or any other protected characteristic as outlined by federal, state, or local laws.