Ampcus Cyber Inc, a leading global pioneer in Cybersecurity committed to securing businesses against evolving cyber threats, headquartered in Chantilly, VA is looking for a Cybersecurity Specialist to join our Team working from our Corporate Chantilly office.
Job Responsibilities: - Perform recon on applications and networks
- Perform penetration testing and system exploitation against desktops, servers, applications, operating systems, and security systems to gain root and administrator access for highly specialized network systems
- Perform internal and external pentest against systems to determine vulnerabilities and offer mitigation strategies
- Perform reconnaissance, privilege escalation persistence, lateral movement, and payload generation against information systems
- Analyze vulnerabilities, delivering clear and coherent written reporting, identifying network risks, and providing mitigation recommendations
- Conduct penetration and malicious user testing in Cloud environments, including Amazon Web Services (AWS), Azure, and on-premise systems
- Translate systems and applications into security test plans, performing hands-on security testing and leveraging adversarial tactics
- Must be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp, Metasploit, and the Social Engineering Toolkit.
- Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption
- Ability to assist with researching and evaluating security policies and guidance
- Ability to train other team members on security concepts
- Excellent communication skills
Required Skills - 4-5 years of experience in related field
- Demonstrated real-world experience performing grey and black box penetration testing.
- Must be proficient in exploiting common web application vulnerabilities like XSS, CSRF, Command Injection, SQLi, single sign-on bypass, etc.
- Must be proficient in any of the following: PowerShell Empire, Metasploit Framework, Cobalt Strike, Burp Suite, Canvas, Kali Linux, A/V evasion methodologies, Exploit Dev.
- Must have solid working experience and knowledge of Windows operating systems (incl. Active Directory), Linux operating systems; VMware ESXi or similar; mobile platforms are a plus.
- Solid understanding of networking, TCP/IP, virtualization and cloud architecture.
- Strong familiarity with some of the following: OWASP top 10, DoD and NSA Vulnerability and Penetration Testing Standards.
- Knowledge of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, SQLi, MiTM, covert channels, secure tunneling and open-source exfiltration techniques.
- Experience with Linux, Windows, wireless, and virtual platforms
- Knowledge of information security policies and guidance
- Proactive interest in emerging technologies and techniques related to penetration testing
Preferred Skills and Qualifications - Experience with IOT device is a plus
- Certifications such as CEH or OSCP
- Malware analysis or digital computer forensics experience is a plus
- Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming is a plus