Logo
Ampcus

Ampcus is hiring: Cyber Security Analyst in Chantilly

Ampcus, Chantilly, VA, United States


Ampcus Cyber Inc, a leading global pioneer in Cybersecurity committed to securing businesses against evolving cyber threats, headquartered in Chantilly, VA is looking for a Cybersecurity Specialist to join our Team working from our Corporate Chantilly office. Job Responsibilities: Perform recon on applications and networks Perform penetration testing and system exploitation against desktops, servers, applications, operating systems, and security systems to gain root and administrator access for highly specialized network systems Perform internal and external pentest against systems to determine vulnerabilities and offer mitigation strategies Perform reconnaissance, privilege escalation persistence, lateral movement, and payload generation against information systems Analyze vulnerabilities, delivering clear and coherent written reporting, identifying network risks, and providing mitigation recommendations Conduct penetration and malicious user testing in Cloud environments, including Amazon Web Services (AWS), Azure, and on-premise systems Translate systems and applications into security test plans, performing hands-on security testing and leveraging adversarial tactics Must be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp, Metasploit, and the Social Engineering Toolkit. Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption Ability to assist with researching and evaluating security policies and guidance Ability to train other team members on security concepts Excellent communication skills Required Skills 4-5 years of experience in related field Demonstrated real-world experience performing grey and black box penetration testing. Must be proficient in exploiting common web application vulnerabilities like XSS, CSRF, Command Injection, SQLi, single sign-on bypass, etc. Must be proficient in any of the following: PowerShell Empire, Metasploit Framework, Cobalt Strike, Burp Suite, Canvas, Kali Linux, A/V evasion methodologies, Exploit Dev. Must have solid working experience and knowledge of Windows operating systems (incl. Active Directory), Linux operating systems; VMware ESXi or similar; mobile platforms are a plus. Solid understanding of networking, TCP/IP, virtualization and cloud architecture. Strong familiarity with some of the following: OWASP top 10, DoD and NSA Vulnerability and Penetration Testing Standards. Knowledge of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, SQLi, MiTM, covert channels, secure tunneling and open-source exfiltration techniques. Experience with Linux, Windows, wireless, and virtual platforms Knowledge of information security policies and guidance Proactive interest in emerging technologies and techniques related to penetration testing Preferred Skills and Qualifications Experience with IOT device is a plus Certifications such as CEH or OSCP Malware analysis or digital computer forensics experience is a plus Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming is a plus