Job Description Summary

This role leads a team that delivers traditional web application penetration testing, Defense-in-Depth assessments extending beyond the web layer, and Red Team engagements ranging from focused control validations to long-term adversary emulation exercises, including both stealth and overt operations.The Director will shape an automation-first and intelligence-driven offensive security program, leveraging AI-enabled operations, testing orchestration, attack simulation, data-driven prioritization, and continuous validation techniques to improve scale, speed, consistency, and measurable risk reduction. This role will ensure offensive security services evolve from point-in-time testing toward a continuous assurance model that validates security posture across enterprise, product, and emerging technology environments.

Job Description

Roles and Responsibilities

People leadership & talent development: Hire, lead, coach, and retain an expert team; establish goals, role clarity, performance expectations, and development plans; build succession and continuity.

Strategic oversight: Define and execute the offensive security strategy, including an automation-first and AI-enabled operating model that scales penetration testing, adversary emulation, and continuous security validation across IT, cloud, product, OT, and AI/ML environments. Drive roadmap priorities across talent, tooling, process standardization, service maturity, and measurable risk reduction.

Service ownership & delivery oversight: Own end-to-end engagement delivery for web application penetration testing, Defense-in-Depth assessments, and Red Team operations, including intake, scope definition, scheduling, quality review, and executive/stakeholder communications.

Red Team program leadership: Direct stealth and overt engagements; establish rules of engagement, testing safety controls, deconfliction, and coordination with detection and incident response teams.

Defense-in-Depth coverage across environments: Ensure assessments address application, infrastructure, identity, cloud, product/software, and OT considerations (as applicable), balancing thoroughness with operational reliability. Vendor management: Manage vendor relationship(s) supporting Red Team activities, including SOW/SLAs, onboarding/offboarding, service quality, and cost management.

Tooling & contract ownership: Own the offensive security tool portfolio and contracts (for example, Nessus, AttackForge), including renewals, license management, usage optimization, secure operations, and capability roadmap. Partnership & remediation outcomes: Partner with vulnerability management, product security, engineering, and infrastructure teams to ensure findings are actionable, prioritized, tracked, and re-tested as appropriate.

Standards, governance, and reporting: Define and maintain assessment methodologies, reporting standards, and measurable KPIs (coverage, cycle time, remediation progress, repeat findings, and detection/control validation).

Basic Qualifications

• Bachelor’s degree from accredited university or college with minimum of 8 years of professional experience OR Associates degree with minimum of 11 years of professional experience OR High School Diploma with minimum of 13 years of professional experience

• Minimum of 5 years of specific experience in offensive security, penetration testing, and/or Red Team operations

• Demonstrated people leadership experience leading and developing technical teams (including performance management and talent development).

• Demonstrated experience overseeing penetration testing services, including web application testing and broader multi-layer (Defense-in-Depth) assessments.

• Demonstrated experience leading Red Team engagements, including safe execution, stakeholder alignment, and high-quality reporting.

• Experience managing third-party vendors/consultants supporting security delivery.

Preferred Qualifications

• Experience assessing or leading engagements in OT and/or embedded/on-product environments, including uptime- and safety-sensitive contexts.

• Experience maturing an offensive security program using repeatable playbooks, automation, governance, and metrics.

• Experience owning or administering offensive security tooling and engagement management platforms (for example, AttackForge, Nessus), including budget/contract accountability.

• Purple-team experience partnering with detection engineering/SOC to validate telemetry, tune detections, and demonstrate defensive improvements.

• Relevant certifications (desired, not required): OSCP/OSWE/OSCE, GPEN/GXPN, GCIH, CISSP, or equivalent demonstrated expertise.

 

This role requires access to U.S. export-controlled information. Therefore, employment will be contingent upon the ability to prove that you meet the status of a U.S. Person as one of the following: U.S. lawful permanent resident, U.S. Citizen, have been granted asylee or refugee status (i.e., a protected individual under the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3)).

Additional Information

GE Aerospace offers a great work environment, professional development, challenging careers, and competitive compensation. GE Aerospace is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

GE Aerospace will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).

Relocation Assistance Provided: No