Penetration Tester

Position: Penetration Tester

Location: Brussels, Belgium

Clearance: NATO Secret active

Certification: OSWE, GWAPT, CRTO OSCP , GIAC GPEN or similar certification.

• Perform Grey Box penetration testing in isolated, non-production environments (pre-prod, development, or equivalent) unless explicit authorization is granted for production access.
• Conduct testing in alignment with the OWASP Application Security Verification Standard (ASVS).
• Assess security controls including authentication, access control, session management, input validation, business logic, API security, cryptography, logging, and configuration/file access.
• Adhere to clearly defined scope boundaries, including approved URLs, APIs, systems, account types, and privilege levels.
• Follow agreed permitted and prohibited testing techniques, with defined escalation and incident reporting procedures.
• Provide a detailed findings report with CVSS scoring for all identified vulnerabilities.
• Include step-by-step proof of concept, supported by screenshots, logs, or payloads as evidence.
• Deliver root cause analysis, business impact assessment, and remediation guidance aligned with OWASP ASVS and secure coding principles.
• Demonstrate proficiency with security testing tools such as Burp Suite, Nmap, SQLMap, and similar industry-standard tools.

Thank you

Rajesh