HVA Operations Personnel (Operator) - DOT (15.27)

HVA Operations Personnel (Operator) (15.27)

OCT Consulting is a business management and technology consulting firm that provides support to Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology.

The HVA Operations Personnel (Operator) serves as the penetration testing specialist for NT1 HVA Assessments, responsible for conducting technical security testing, vulnerability identification, and providing detailed technical findings to support the overall assessment process.

Essential Duties and Responsibilities

• Penetration Testing: Lead and execute the Penetration Test phase of NT1 HVA Assessments
• Rules of Engagement Compliance: Interpret and strictly follow applicable rules of engagement during all testing activities
• Technical Security Assessment: Conduct comprehensive technical security testing of identified NT1 HVA systems
• Vulnerability Analysis: Identify, analyze, and document security vulnerabilities and potential attack vectors
• Results Documentation: Provide detailed penetration test results as appendices to assessment reports
• Technical Collaboration: Work closely with Assessment Lead and Technical Lead to support overall assessment objectives
• Security Tool Utilization: Employ appropriate penetration testing tools and methodologies in accordance with CISA standards
• Risk Assessment Support: Contribute technical findings to overall risk assessments and impact statements

Required Qualifications

Experience Requirements

• Minimum 3+ years of hands-on penetration testing experience in enterprise environments
• 2+ years of experience with federal cybersecurity assessments and compliance requirements
• Demonstrated experience with NIST security controls and information assurance frameworks
• Experience supporting High Value Asset assessments or similar critical infrastructure security evaluations

Technical Skills and Expertise

• Advanced penetration testing skills with proven track record of successful security assessments
• Expertise in network security assessment, vulnerability identification, and exploit techniques
• Proficiency with industry-standard penetration testing tools and frameworks
• Knowledge of common attack vectors, security vulnerabilities, and defensive countermeasures
• Understanding of network protocols, system architectures, and security technologies
• Experience with both automated scanning tools and manual testing techniques

Security Knowledge

• Comprehensive understanding of NIST Cybersecurity Framework (CSF)
• Knowledge of Federal Information Security Modernization Act (FISMA) requirements
• Understanding of High Value Asset security requirements and assessment methodologies
• Familiarity with DHS CISA assessment standards and procedures
• Knowledge of information assurance and cybersecurity best practices

Certifications (Required)

• HVA Assessment Evaluation and Standardization (AES): Operator (OP) - 
• Security+ (CompTIA) or equivalent security certification
• Additional preferred certifications: CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), GPEN (GIAC Penetration Tester), or equivalent

Technical Proficiencies

• Proficiency with penetration testing frameworks (OWASP, NIST SP 800-115, etc.)
• Experience with vulnerability assessment and penetration testing tools
• Knowledge of scripting languages (Python, PowerShell, Bash, etc.)
• Understanding of database security assessment techniques
• Network analysis and packet capture analysis capabilities
• Web application security testing expertise

Additional Qualifications

• Strong analytical and problem-solving skills
• Excellent attention to detail and documentation abilities
• Ability to work independently and as part of a multidisciplinary team
• Effective written and oral communication skills for technical reporting
• Ability to explain complex technical findings to non-technical stakeholders
• Strong ethical standards and understanding of responsible disclosure practices

Common Requirements

Security Clearance and Background

• Must be able to obtain and maintain appropriate security clearance as required by DOT
• Successfully pass background investigation requirements
• Comply with all federal personnel security requirements

Work Environment

• Primary Location: 1200 New Jersey Ave SE, Washington, DC 20590
• Schedule: Monday through Friday, 9:00 AM to 5:00 PM Eastern Time (with COR approval for alternative schedules)
• Travel: Occasional travel may be required for assessment activities
• Remote Work: Situational telework may be approved in advance by the COR

Performance Period

• Base Period: One year from date of award
• Option Periods: Up to four additional one-year option periods
• Must maintain adequate workforce for uninterrupted performance of all assigned tasks

Pre-Employment Requirements

• All personnel must have existing prerequisite experience and credentials prior to onboarding
• Government will not bear expense of training to gain required certifications or experience
• Key personnel cannot begin work until Contracting Officer/COR provides written approval of resumes
• Must provide 30-day advance written notification before removing key personnel from the task

Professional Development

• Maintain current knowledge of evolving cybersecurity threats and assessment methodologies
• Stay current with NIST, DHS CISA, and OMB guidance and requirements
• Participate in ongoing training to maintain required certifications and qualifications

Benefits: 

OCT offers competitive compensation packages and a full suite of benefits which includes:

• Medical, Dental, and Vision insurance
• Retirement savings 401K plan provided by an industry leading provider with 3% employer contributions of the employee’s gross salary
• Paid Time Off and Standard Government Holidays
• Life Insurance, Short- and Long-Term disability benefits
• Training Benefits

Salary Range: $70K - $175,000 yearly commensurate with experience, education, etc.

About OCT Consulting

OCT Consulting LLC is a minority-owned, Small ​Disadvantaged Business (SDB) providing professional services and information technology solutions to the Federal government and commercial clients. Founded in 2013, we bring the advantage of agility in operations along with a management team with a track record of leading successful engagements at major Federal government agencies.

At OCT, we are committed to ensuring equal opportunity for all individuals, recognizing that merit and qualifications are the foundation of our hiring, promotion, and development practices. We believe in creating a work environment where every employee can thrive based on their abilities, skills, and achievements. Our practices are designed to ensure fair treatment and equal access to opportunities for all, regardless of race, ethnicity, gender, sexual orientation, age, abilities, or other personal characteristics. We are dedicated to providing career growth and professional development based on individual merit and fostering a workplace where everyone’s contributions are valued and recognized.