Penetration Tester

Job Description:

We are seeking a skilled Penetration Tester to join our team in Amsterdam. The ideal candidate will have 6-8 years of experience in conducting comprehensive penetration tests on internal and external network infrastructures, web applications, and mobile platforms. You will play a crucial role in identifying security vulnerabilities and collaborating with development and IT teams to enhance our security posture.

Key Responsibilities:

• Perform thorough penetration testing on internal and external networks, web applications, and mobile platforms.
• Identify, document, and report security vulnerabilities with actionable remediation recommendations.
• Simulate real-world cyberattacks to assess the effectiveness of existing security measures.
• Collaborate with development and IT teams to advise on secure coding practices and system hardening.
• Maintain detailed records of testing activities, including methodologies, findings, and recommendations.
• Stay updated with emerging security threats, trends, tools, and methodologies.
• Assist in developing and executing security protocols, policies, and incident response strategies.
• Provide post-assessment support and help prioritize remediation activities.
• Support threat modeling efforts to identify potential vulnerabilities before deployment.
• Ensure alignment with company security policies, standards, and best practices to meet strategic, operational, and compliance objectives.

Essential Qualifications:

• 6-8 years of experience in penetration testing, focusing on infrastructure and application security.
• Experience in security testing cloud services and API-based technologies (e.g., IaaS, PaaS, SaaS, FaaS).
• Industry-recognized certifications such as OSCP, OSCE, CREST, QSTM, SANS/GIAC, CRTP, CRTO, or equivalent.
• Strong understanding of security standards and compliance requirements (e.g., NIST, OWASP, PCI-DSS, GDPR, CIS Benchmarks, UK NCSC guidelines).
• Knowledge of the MITRE ATT&CK Framework, including tactics, techniques, and procedures used by various APTs.
• Experience in adversary simulation scenarios, including Red Teaming and Purple Teaming exercises.
• Proficiency with tools such as Cobalt Strike, Caldera, Atomic Red Team, Pentera, Nessus, Burp Suite, OSINT, etc.
• Understanding of Artificial Intelligence and Machine Learning in the context of penetration testing.
• Familiarity with programming languages and the ability to analyze code.
• Experience with various testing standards and methodologies (e.g., OWASP, OSSTM, PTES).
• Excellent reporting skills, with a focus on identifying high-risk issues and proposing effective mitigation strategies.

Desirable Skills:

• Strong analytical thinking and problem-solving abilities.
• Excellent written and verbal communication skills.
• Eagerness to learn and grow professionally.
• High attention to detail and commitment to quality.
• Ability to work effectively in cross-functional teams using agile methodologies.
• A proactive approach to identifying and addressing security challenges.