ResponsibilitiesLead and execute technical engagements, including scoping, technical security testing, analysis, reporting, and client presentations.Perform penetration tests across the following domains:Web, Mobile, and Desktop ApplicationsIT Infrastructure and Network EnvironmentsActive Directory and Hybrid Identity (AD / Entra ID)Cloud Platforms (Azure, AWS, GCP, M365)Full‑Spectrum Red Team and Adversary Simulation operationsDesign and deliver adversary simulations:Develop realistic, intelligence‑led attack scenarios grounded in actual threat‑actor TTPs.Craft phishing and social engineering campaigns.Bypass modern defensive controls (EDR/XDR, MFA) using low‑noise techniques.Develop or adapt custom tooling for delivery, evasion, and C2.Support Purple Team exercises to improve client detection and response capabilities.Drive Research & Development:Become a recognised expert in one or more domains (Active Directory, cloud‑native environments, web browsers, OT/ICS, containers, hardware, etc.).Research and responsibly disclose previously undiscovered vulnerabilities (0‑days).Publish research through blog posts, whitepapers, CVEs, or conference talks.Develop novel attack techniques applicable to real‑world Red Team engagements.Contribute to the business and the team:Support pre‑sales by capturing client needs and translating them into commercial proposals.Mentor and guide junior consultants through projects and skill development.Maintain an up‑to‑date knowledge base across core information security domains.Communicate complex attacker behaviour clearly and accurately to both technical and non‑technical stakeholders.QualificationsMust have:4‑5 years of proven experience in Penetration Testing or Red Team Operations.Experience leading or delivering Red Team and/or adversary simulation engagements in complex enterprise environments.Deep understanding of Active Directory, hybrid identity, and cloud attack surfaces.Hands‑on experience developing or adapting TTPs beyond standard frameworks.Demonstrated ability to research abuse paths, misconfigurations, or novel vulnerabilities.Strong written and verbal communication skills; ability to write a compelling attack narrative and present findings to a CISO or technical audience.Comfortable acting as a trusted technical advisor to clients and stakeholders.Strong teamwork abilities.Native proficiency in French or Dutch, with excellent verbal and written knowledge of English.In possession of a valid driving license (category B).Eligible and prepared to obtain NATO security clearance.Nice to have:Experience emulating specific real‑world threat actors (APT groups, ransomware operators).Hands‑on vulnerability research or PoC development leading to CVEs or public disclosure.Contributions to open‑source tooling, public research, or conference presentations (DEF CON, Black Hat, BruCon, etc.).Familiarity with regulated‑sector testing frameworks (TIBER‑EU, DORA, CBEST, GBEST).Relevant certifications (CRTO, CRTE, OSED, OSEP, CCRTS, or equivalent).Candidate ProfileNaturally curious; reads threat intel reports and follows OffSec research for fun.Motivated by real‑world impact, not engagement count.Comfortable with ambiguity and complex environments.Low‑ego collaborator who challenges ideas constructively.Committed to continuous learning and raising the bar for those around you.Flexible and willing to travel for limited periods if required.BenefitsContract of unlimited duration.Annual bonus.Lunch vouchers.Forfaitary compensation for professional costs.Company car or mobility budget.Hospitalisation insurance and ambulant care at premium level.Group and disability insurance.Possibility to order a lease bike.31 days of holiday plus seniority days.Data and voice subscription + contribution for a smartphone device.Contribution for internet at home.Contribution for IT equipment.Private use of NTT laptop.Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, color, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category.
#J-18808-Ljbffr