Penetration Tester

🔵 Capitole keeps growing and we want to do it with you!

We are looking for an experienced external Senior Penetration Tester Consultant, to support the Cybersecurity & IT team within the company. The external consultant operates independently and provides specialised expertise in assessing, identifying, and remediating vulnerabilities across internal, external, and cloud infrastructure, ensuring company’s cybersecurity posture meets the highest standards.

Scope of Work

• Provide senior-level penetration testing and cybersecurity advisory support to the IT/Cybersecurity team (non‑hierarchical, advisory only).
• Conduct independent annual penetration tests across internal networks, external-facing infrastructure, and cloud platforms (Azure, AWS, IBM).
• Identify and evaluate potential attack vectors, misconfigurations, and vulnerabilities, with attention to high-risk systems and sensitive data.
• Develop actionable recommendations and mitigation strategies aligned with company’s security objectives.
• Perform optional ad-hoc assessments on restricted scopes as needed throughout the year.
• Facilitate review sessions and workshops with stakeholders, providing guidance on detection gaps and security improvements.
• Deliver reports and executive summaries in English suitable for both technical teams and senior leadership.

Deliverables

• Documented findings for internal, external, and cloud penetration tests.
• Detailed XLSX report including list of findings, recommendations, severity, and CVSSv4 scoring.
• PDF reports with technical details and an “Executive Summary” for senior management and partners.
• Recommendations for security controls, configuration improvements, and risk mitigation.
• Optional “re-assessment” or retest reports as agreed.
• Knowledge transfer and guidance for internal cybersecurity personnel.

Required Expertise

• Proven experience in penetration testing across internal networks, external infrastructure, and cloud environments.
• Deep knowledge of security assessment methodologies, vulnerability analysis, and attack simulation (Purple Team approach preferred).
• Experience working independently in a complex international environment.
• Strong stakeholder communication skills and ability to translate technical findings for executive audiences.
• Relevant security certifications (e.g., OSCP, CISSP, CEH) highly desirable.
• Consultant nationality must be from a NATO member country, EU/EEA/EFTA, Ukraine, or select Indo-Pacific NATO partners (Australia, Japan, South Korea, New Zealand).

Model

• Hybrid, with on-site presence required for internal network testing in the “Maison de l’innovation” building (Amsterdam), while external and cloud assessments can be performed remotely.