We are looking for a highly experienced Senior Penetration Tester with expertise in both infrastructure and application security testing. You’ll work on diverse penetration testing assignments, from Windows/Linux systems and APIs to microservices, cloud, and ICS/SCADA environments. Your mission: identify vulnerabilities, detect design flaws, and validate both technical and business controls in complex and critical infrastructures.
This is a senior role for a trusted professional who thrives on challenging environments and brings deep expertise across offensive security, cloud, and secure application development.
What You’ll Do
- Perform penetration testing on infrastructure, applications, and APIs, covering on-prem, cloud, and hybrid environments.
- Execute scenarios in white-box, grey-box, and black-box modes (internal and external perspectives).
- Assess Windows, Linux, Solaris, and cloud systems (Microsoft stack, hybrid topologies).
- Evaluate microservices, enterprise service bus architectures, APIs, and middleware.
- Pen test proprietary and industrial systems, including ICS and SCADA.
- Identify vulnerabilities, design flaws, and business process weaknesses (e.g. fraud prevention measures).
- Apply a broad range of techniques: from cautious reconnaissance to aggressive exploitation, always within approved scope.
- Document and report findings in a clear, professional way, with actionable remediation advice.
- Collaborate with security, architecture, and development teams to raise overall cyber resilience.
What are we looking for?
- 10+ years of experience in penetration testing / red teaming (banking or critical infrastructure preferred).
- 5+ years of experience in testing critical infrastructures (ICS/SCADA, proprietary protocols).
- Strong expertise in:
- Network technologies & protocols (Ethernet, Wi-Fi, Bluetooth, Fibre Channel).
- Authentication and encryption mechanisms.
- Cloud architecture & security (Azure, hybrid topologies, interconnectivity).
- Secure application development and programming (Java, .NET, scripting in Python, Bash, PowerShell).
- Reverse engineering, malware analysis, evasion techniques.
- Database systems (SQL Server, Oracle), middleware (application servers, ESBs, ETL).
- Defence-in-depth security principles.
Experienced in network and host-based testing, API testing, and microservices.
Familiar with red teaming, custom C2, and EDR evasion techniques (major plus).
Languages
- Dutch – Full professional proficiency
- English – Full professional proficiency
- French – Full professional proficiency
Certifications & Security Clearance
- OSEE or similar certification (advanced binary exploitation & reverse engineering) is a major plus.
- NATO or equivalent security clearance is an advantage.
What do we offer?
Location: Brussels (hybrid)
Start date: 1 February 2026
End date: 31 January 2027 (12 months, full-time)
Daily rate: 1200
Contract: Freelance or Permanent
)
