Penetration Tester

Penetration Tester (Freelance)

We are seeking a proactive and highly skilled Penetration Tester to identify and exploit security weaknesses before they can be leveraged by adversaries. This role is essential for validating the technical defenses of a large-scale project and providing clear, actionable remediation paths.

Project Overview

• Role:Penetration Tester
• Type: Freelance / Contractor
• Duration: Long-term project
• Start Date: July 2026
• Capacity: 3 days per week
• Location: Onsite in Belgium or Luxembourg (EU Nationality Required)

Role Scope & Responsibilities

As the Lead Penetration Tester, you will act as an ethical adversary to rigorously test the resilience of ICT systems and infrastructure.

• Active Penetration Testing: Lead and execute end-to-end penetration tests across web applications, network infrastructure, and cloud environments.
• Vulnerability Management: Perform comprehensive vulnerability assessments to identify, categorize, and prioritize security flaws.
• Authority Support: Act as the technical lead and liaison for security scans requested or conducted by competent national or EU authorities.
• Exploitation & Validation: Safely demonstrate the impact of discovered vulnerabilities through controlled exploitation to justify remediation efforts.
• Remediation Advisory: Work closely with development and infrastructure teams to provide technical guidance on fixing identified security gaps.

Key Deliverables

1. Vulnerability Assessment Results Report: A high-level overview of discovered flaws, including CVSS scoring and automated tool outputs.
2. Penetration Testing Report: A detailed, narrative-driven report including executive summaries, technical exploit chains, and specific remediation steps.

Required Qualifications & Skills

Mandatory Requirements:

• Experience: Proven track record in conducting network and application-level penetration tests in complex, high-security environments.

Relevant Certifications (minimum one):

• ISACA CSX-P (Cybersecurity Audit Certificate Program)
• CompTIA Security+
• OffSec certifications (OSCP, OSEP) or SANS GIAC (GPEN, GXPN) are highly desirable.

Technical & Soft Skills:

• Expertise with industry-standard tools (Metasploit, Burp Suite, Nmap, Kali Linux).
• Strong understanding of web protocols, scripting (Python/Bash), and operating system internals.
• Ability to explain complex technical vulnerabilities to non-technical stakeholders in terms of business risk.