Cyber Security Analyst

• Perform recon on applications and networks
• Perform penetration testing and system exploitation against desktops, servers, applications, operating systems, and security systems to gain root and administrator access for highly specialized network systems
• Perform internal and external pentest against systems to determine vulnerabilities and offer mitigation strategies
• Perform reconnaissance, privilege escalation persistence, lateral movement, and payload generation against information systems
• Analyze vulnerabilities, delivering clear and coherent written reporting, identifying network risks, and providing mitigation recommendations
• Conduct penetration and malicious user testing in Cloud environments, including Amazon Web Services (AWS), Azure, and on-premise systems
• Translate systems and applications into security test plans, performing hands-on security testing and leveraging adversarial tactics
• Must be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp, Metasploit, and the Social Engineering Toolkit.
• Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption
• Ability to assist with researching and evaluating security policies and guidance
• Ability to train other team members on security concepts
• Excellent communication skills

• 4-5 years of experience in related field
• Demonstrated real-world experience performing grey and black box penetration testing.
• Must be proficient in exploiting common web application vulnerabilities like XSS, CSRF, Command Injection, SQLi, single sign-on bypass, etc.
• Must be proficient in any of the following: PowerShell Empire, Metasploit Framework, Cobalt Strike, Burp Suite, Canvas, Kali Linux, A/V evasion methodologies, Exploit Dev.
• Must have solid working experience and knowledge of Windows operating systems (incl. Active Directory), Linux operating systems; VMware ESXi or similar; mobile platforms are a plus.
• Solid understanding of networking, TCP/IP, virtualization and cloud architecture.
• Strong familiarity with some of the following: OWASP top 10, DoD and NSA Vulnerability and Penetration Testing Standards.
• Knowledge of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, SQLi, MiTM, covert channels, secure tunneling and open-source exfiltration techniques.
• Experience with Linux, Windows, wireless, and virtual platforms
• Knowledge of information security policies and guidance
• Proactive interest in emerging technologies and techniques related to penetration testing

Preferred Skills and Qualifications

• Experience with IOT device is a plus
• Certifications such as CEH or OSCP
• Malware analysis or digital computer forensics experience is a plus
• Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming is a plus

Ampcus Cyber Inc, a leading global pioneer in Cybersecurity committed to securing businesses against evolving cyber threats, headquartered in Chantilly, VA is looking for a Cybersecurity Specialist to join our Team working from our Corporate Chantilly office.