Penetration Tester (Freelance)
We are seeking a proactive and highly skilled Penetration Tester to identify and exploit security weaknesses before they can be leveraged by adversaries. This role is essential for validating the technical defenses of a large-scale project and providing clear, actionable remediation paths.
Project Overview
* Role:Penetration Tester
* Type: Freelance / Contractor
* Duration: Long-term project
* Start Date: July 2026
* Capacity: 3 days per week
* Location: Onsite in Belgium or Luxembourg (EU Nationality Required)
Role Scope & Responsibilities
As the Lead Penetration Tester, you will act as an ethical adversary to rigorously test the resilience of ICT systems and infrastructure.
* Active Penetration Testing: Lead and execute end-to-end penetration tests across web applications, network infrastructure, and cloud environments.
* Vulnerability Management: Perform comprehensive vulnerability assessments to identify, categorize, and prioritize security flaws.
* Authority Support: Act as the technical lead and liaison for security scans requested or conducted by competent national or EU authorities.
* Exploitation & Validation: Safely demonstrate the impact of discovered vulnerabilities through controlled exploitation to justify remediation efforts.
* Remediation Advisory: Work closely with development and infrastructure teams to provide technical guidance on fixing identified security gaps.
Key Deliverables
* Vulnerability Assessment Results Report: A high-level overview of discovered flaws, including CVSS scoring and automated tool outputs.
* Penetration Testing Report: A detailed, narrative-driven report including executive summaries, technical exploit chains, and specific remediation steps.
Required Qualifications & Skills
Mandatory Requirements:
* Experience: Proven track record in conducting network and application-level penetration tests in complex, high-security environments.
Relevant Certifications (minimum one):
* ISACA CSX-P (Cybersecurity Audit Certificate Program)
* CompTIA Security+
* OffSec certifications (OSCP, OSEP) or SANS GIAC (GPEN, GXPN) are highly desirable.
Technical & Soft Skills:
* Expertise with industry-standard tools (Metasploit, Burp Suite, Nmap, Kali Linux).
* Strong understanding of web protocols, scripting (Python/Bash), and operating system internals.
* Ability to explain complex technical vulnerabilities to non-technical stakeholders in terms of business risk.