Web Application Penetration Testing
Ampcus Inc. is a certified global provider of a broad range of Technology and Business consulting services. We are in search of a highly motivated candidate to join our talented Team. Job Title: Web Application Penetration Testing Location: Chantilly, VA. Position Overview:
- We are seeking an experienced and results-driven Penetration Tester to support them in performing comprehensive web application security assessments as part of the Web Application Penetration Testing opportunity.
- The ideal candidate will have a deep understanding of web application security, vulnerability assessment, and threat exploitation methodologies. This role requires a professional who can think like an attacker, assess systems holistically, and provide actionable insights that enhance the security posture of critical government systems.
Key Responsibilities:
- Conduct web application, API, and network penetration tests to identify and validate security vulnerabilities.
- Perform grey-box and black-box testing following NIST SP 800-115 and OWASP Testing Framework methodologies.
- Evaluate authentication mechanisms, session management, access controls, and data handling practices for security flaws.
- Execute vulnerability exploitation and proof-of-concept validation to demonstrate real-world risk impact.
- Document findings with technical precision and provide clear remediation recommendations to stakeholders.
- Collaborate with internal security engineers and client teams to verify vulnerability fixes and perform retesting.
- Prepare and deliver comprehensive technical and executive-level reports that align with the COV Information Security Standard (SEC530).
- Support secure configuration reviews and compliance with applicable state and federal cybersecurity standards.
Required Minimum Qualifications:
- Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field (or equivalent experience).
- Preferably 7 years of experience in penetration testing or ethical hacking, with a strong focus on web applications and APIs.
- In-depth knowledge of web technologies, networking protocols, authentication systems, and encryption standards.
- Strong understanding of secure development practices (SDLC) and common vulnerabilities (OWASP Top 10).
- Excellent analytical, documentation, and communication skills.
Preferred Certifications:
- CEH (Certified Ethical Hacker) - Required.
- OSCP (Offensive Security Certified Professional) - Preferred.
- CompTIA Security / CySA / GPEN / GWAPT - Desirable.
Desired Attributes:
- Critical thinkers with the ability to simulate real-world attacks creatively and effectively.
- Detail-oriented with strong problem-solving and analytical skills.
- Proactive, self-motivated, and able to manage multiple testing assignments.
- Collaborative and professional, with the ability to work effectively in client-facing environments.
- Strong commitment to confidentiality, ethical standards, and data security compliance.
Ampcus is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veterans or individuals with disabilities.