Required Security Clearance : NATO SECRET
SCOPE OF WORK The Senior Penetration Tester will operate under the guidance of the Team Lead in the Penetration Testing Section, conducting comprehensive penetration testing and security assessments across NATO networks and systems. Key activities include:
Perform web, infrastructure, and application-level penetration testing, covering COTS and NOTS/GOTS software.
Participate in kick‑off meetings with stakeholders to identify testing requirements.
Follow documented procedures, workflows, and best‑practice methodologies defined by technical leads.
Attend team meetings and collaborate with internal and external stakeholders as required.
Write technical reports in fluent English, adhering to defined templates and reporting tools.
Brief both executive and technical audiences, including flag‑officer level, on security findings and outcomes.
If new vulnerabilities are discovered in COTS software, initiate the Responsible Disclosure Process and coordinate follow‑up with vendors.
Coordinate proactively with the Technical Lead to ensure collaboration across the testing team.
Stay current with technological developments relevant to penetration testing.
Perform additional duties as may be required.
SKILL, KNOWLEDGE & EXPERIENCE Mandatory Experience and Education
Bachelor of Science in a technical subject with substantial IT content and at least 3 years post‑related experience; alternatively, at least 10 years of progressive experience in the relevant duties may compensate for no degree.
At least 3 years of extensive experience in web application penetration testing.
At least 3 years of extensive experience in IT infrastructure penetration testing.
At least 3 years of experience in network security architecture design.
At least 3 years of experience in assessing security vulnerabilities within operating systems, software, protocols, and networks.
At least 3 years of experience in researching and evaluating security products and technologies.
Knowledge of UNIX and Windows system and network administration.
At least 3 years of experience using recognized penetration testing tools, techniques, and methodologies.
Proficiency in Python, Go, PowerShell, or shell scripting (bash, ksh, csh).
Technical knowledge of system and network security, authentication and security protocols, cryptography, application security, and malware protection.
Ability to evaluate risks and formulate mitigation plans.
Proven capability to brief senior executives on security findings.
Proven ability to write clear, structured technical reports for diverse audiences.
Desirable Experience and Education Professional certifications: OSCP, OSCE, OSWE, GPEN, CREST Certified Web Application Tester, GXPN, GWAPT, or equivalent.
Familiarity with risk analysis methodologies.
Experience working in an international environment with military and civilian components.
Knowledge of NATO organization, internal structure, and relationships.
Language Proficiency Fluency in one of the two official NATO languages (written and spoken); knowledge of the other language is desirable. Most work is conducted in English.
Contract Type This is a Deliverables‑based contract.
#J-18808-Ljbffr