C002544 Penetration Tester (NS) - TUE 21 Mar RELAUNCH

Deadline Date: Tuesday 21 March 2023

Requirement: Penetration Tester

Location: Mons, BE

Full time on-site: Yes

Time On-Site: 100%

NATO Grade: A/100

Total Scope of the request (hours): 1254

Required Start Date: 17 April 2023

End Contract Date: 31 December 2023

Required Security Clearance: NATO SECRET

Duties and Role:

The duties of the individual mainly focus on:

• Lead and/or be part of the Red/Blue Team during NATO military exercises;
• Provide Web, infrastructure and application level penetration testing;
• Provide security design reviews to ensure compliance with NATO policies and directives;
• Provide security consultancy and advice to projects, plans, and other entities;
• Build and sustain effective communications with different stakeholders; specifically, the NCIA Configuration Control Board, Security Accreditation Boards, NATO Security Accreditation Authorities, and NCI Agency organization units supporting accreditation processes.
• Brief at both executive and technical levels on security reports and testing outcome, including at flag officer level;
• In co-ordination with the Head of the Penetration testing Cell, ensure proactive collaboration and coordination with internal and external stakeholders.

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance

The required skillset for the contracted individual is extensive knowledge and experience (more than 3 years) in the following areas:

• Web application penetration testing;
• IT infrastructure penetration testing;
• Network security architecture design;
• Assessing security vulnerabilities within OS, software, protocols & networks;
• Researching and evaluating security products & technologies;
• Knowledge in system and network administration of UNIX and Windows systems;
• Use of penetration testing tools, techniques, and recognized testing methodologies;
• Scripting skills in at least one of the following: Perl, Python, Ruby, shell (bash, ksh, csh);
• Technical knowledge in system and network security, authentication and security protocols, cryptography, application security, as well as, malware infection techniques and protection technologies;
• Ability to evaluate risks and formulate mitigation plans;
• Proven ability to write clear and structured technical reports including executive summary, technical findings and remediation plan for several different audiences.