Ampcus
Cyber Security Analyst
Ampcus, Chantilly, Virginia, United States, 22021
Ampcus Cyber Inc, a leading global pioneer in Cybersecurity committed to securing businesses against evolving cyber threats, headquartered in Chantilly, VA is looking for a Cybersecurity Specialist to join our Team working from our Corporate Chantilly office.
Job Responsibilities:Perform recon on applications and networksPerform penetration testing and system exploitation against desktops, servers, applications, operating systems, and security systems to gain root and administrator access for highly specialized network systemsPerform internal and external pentest against systems to determine vulnerabilities and offer mitigation strategiesPerform reconnaissance, privilege escalation persistence, lateral movement, and payload generation against information systemsAnalyze vulnerabilities, delivering clear and coherent written reporting, identifying network risks, and providing mitigation recommendationsConduct penetration and malicious user testing in Cloud environments, including Amazon Web Services (AWS), Azure, and on-premise systemsTranslate systems and applications into security test plans, performing hands-on security testing and leveraging adversarial tacticsMust be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp, Metasploit, and the Social Engineering Toolkit.Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryptionAbility to assist with researching and evaluating security policies and guidanceAbility to train other team members on security conceptsExcellent communication skills
Required Skills
4-5 years of experience in related fieldDemonstrated real-world experience performing grey and black box penetration testing.Must be proficient in exploiting common web application vulnerabilities like XSS, CSRF, Command Injection, SQLi, single sign-on bypass, etc.Must be proficient in any of the following: PowerShell Empire, Metasploit Framework, Cobalt Strike, Burp Suite, Canvas, Kali Linux, A/V evasion methodologies, Exploit Dev.Must have solid working experience and knowledge of Windows operating systems (incl. Active Directory), Linux operating systems; VMware ESXi or similar; mobile platforms are a plus.Solid understanding of networking, TCP/IP, virtualization and cloud architecture.Strong familiarity with some of the following: OWASP top 10, DoD and NSA Vulnerability and Penetration Testing Standards.Knowledge of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, SQLi, MiTM, covert channels, secure tunneling and open-source exfiltration techniques.Experience with Linux, Windows, wireless, and virtual platformsKnowledge of information security policies and guidanceProactive interest in emerging technologies and techniques related to penetration testing
Preferred Skills and Qualifications
Experience with IOT device is a plusCertifications such as CEH or OSCPMalware analysis or digital computer forensics experience is a plusScripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming is a plus
Job Responsibilities:Perform recon on applications and networksPerform penetration testing and system exploitation against desktops, servers, applications, operating systems, and security systems to gain root and administrator access for highly specialized network systemsPerform internal and external pentest against systems to determine vulnerabilities and offer mitigation strategiesPerform reconnaissance, privilege escalation persistence, lateral movement, and payload generation against information systemsAnalyze vulnerabilities, delivering clear and coherent written reporting, identifying network risks, and providing mitigation recommendationsConduct penetration and malicious user testing in Cloud environments, including Amazon Web Services (AWS), Azure, and on-premise systemsTranslate systems and applications into security test plans, performing hands-on security testing and leveraging adversarial tacticsMust be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp, Metasploit, and the Social Engineering Toolkit.Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryptionAbility to assist with researching and evaluating security policies and guidanceAbility to train other team members on security conceptsExcellent communication skills
Required Skills
4-5 years of experience in related fieldDemonstrated real-world experience performing grey and black box penetration testing.Must be proficient in exploiting common web application vulnerabilities like XSS, CSRF, Command Injection, SQLi, single sign-on bypass, etc.Must be proficient in any of the following: PowerShell Empire, Metasploit Framework, Cobalt Strike, Burp Suite, Canvas, Kali Linux, A/V evasion methodologies, Exploit Dev.Must have solid working experience and knowledge of Windows operating systems (incl. Active Directory), Linux operating systems; VMware ESXi or similar; mobile platforms are a plus.Solid understanding of networking, TCP/IP, virtualization and cloud architecture.Strong familiarity with some of the following: OWASP top 10, DoD and NSA Vulnerability and Penetration Testing Standards.Knowledge of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, SQLi, MiTM, covert channels, secure tunneling and open-source exfiltration techniques.Experience with Linux, Windows, wireless, and virtual platformsKnowledge of information security policies and guidanceProactive interest in emerging technologies and techniques related to penetration testing
Preferred Skills and Qualifications
Experience with IOT device is a plusCertifications such as CEH or OSCPMalware analysis or digital computer forensics experience is a plusScripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming is a plus