Penetration Tester

Penetration Tester – NATO Project (Brussels | Hybrid | SC Clearance)

Start Date: August 22nd 2025

Initial Contract: Until December 31, 2025 (Possible option for 2026 + option for 2027 + option for 2028)

Clearance: MUST Hold Current an active UK SC or NATO clearance

Rate: €600-€620 per day

Outside IR35

Please be aware, this role will require you to be 80% of the time onsite. 4 or 5 days a week in Mons, Belgium.

NATO is committed to ensuring the security and defence of its member nations through collaborative efforts and innovative solutions. The organization fosters a culture of inclusivity, teamwork, and respect for diversity.

ABOUT THE ROLE

The Penetration Tester will be responsible for providing comprehensive penetration testing services for web, infrastructure, and application levels, ensuring compliance with NATO policies and directives.

WHAT WILL YOU DO?

• Provide Web, infrastructure and application level penetration testing, including but not limited to COTS software, following clearly defined methodologies.
• Participate in kick-off meetings with stakeholders and technical points of contact in order to identify requirements for testing.
• Follow the documented procedures and workflows outlined by the technical leads.
• Write technical reports in fluent English, following defined templates and Reporting Tools.
• Brief at both executive and technical levels on security reports and testing outcome, including at flag officer level.
• Provide security design reviews to ensure compliance with NATO policies and directives.
• Stay abreast of technological developments relevant to the area of work.
• Participate in daily status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via digital means using conference call capabilities.
• For each sprint, report the outcome of his/her work during the sprint, development achievements during the sprint.
• At the end of the project, provide a Project Closure Report that is summarizing the activities during the period of performance at high level.

WHAT DO YOU NEED TO BE SUCCESFUL?

• Extensive knowledge and experience (at least 3 years) in the following areas:
• Web application penetration testing
• IT infrastructure penetration testing
• Network security architecture design
• Assessing security vulnerabilities within OS, software, protocols & networks
• Researching and evaluating security products & technologies
• Knowledge in system and network administration of UNIX and Windows systems
• Use of penetration testing tools, techniques, and recognized testing methodologies
• Scripting skills in at least one of the following: Python, Go, PowerShell, shell (bash, ksh, csh)
• Technical knowledge in system and network security, authentication and security protocols, cryptography, application security, as well as, malware infection techniques and protection technologies.
• Ability to evaluate risks, formulate reports and mitigation plans.
• NICE TO HAVE, BUT NOT ESSENTIAL?
• Bachelor of Science (BSc) degree in IT and 3 years post-related experience.
• Professional qualifications: OSCP, OSCE, OSWE, GPEN, CREST Certified Web Application Tester, GXPN, GWAPT or equivalent
• Familiarity with risk analysis methodologies.
• Prior experience of working in an international environment comprising both military and civilian elements.
• Experience of Agile work
• Knowledge of NATO organization, internal structure and resultant relationships.