Previously proposed candidates were non-compliant for the following reason: The profile does not demonstrate clear, independently verifiable experience aligning with the minimum requirement of 3 years in hands-on penetration testing.

Deadline Date: Friday 11 April 2025

Requirement: Penetration Tester

Location: Mons, BE 

Full Time On-Site: Yes

Time On-Site: 100%

Total Scope of the request (hours): 836

Required Start Date: 26 May 2025

End Contract Date: 31 December 2025

Required Security Clearance: NATO SECRET

Specific Working Conditions:   Normal Office Conditions. No travel is foreseen for this position. Post is required to be on site in Mons full time.

Duties and Role

• Lead and/or be part of the Red/Blue Team during NATO military exercises;
• Provide Web, infrastructure and application level penetration testing;
• Provide security design reviews to ensure compliance with NATO policies and directives;
• Provide security consultancy and advice to projects, plans, and other entities;
• Build and sustain effective communications with different stakeholders; specifically, the NCIA Configuration Control Board, Security Accreditation Boards, NATO Security Accreditation
• Authorities, and NCI Agency organization units supporting accreditation processes.
• Brief at both executive and technical levels on security reports and testing outcome, including at flag officer level;
• In co-ordination with the Head of the Penetration testing Cell, ensure proactive collaboration and coordination with internal and external stakeholders.

The required skillset for the contracted individual is extensive knowledge and experience (more than 3 years) in the following areas:

• Web application penetration testing;
• IT infrastructure penetration testing;
• Network security architecture design;
• Assessing security vulnerabilities within OS, software, protocols & networks;
• Researching and evaluating security products & technologies;
• Knowledge in system and network administration of UNIX and Windows systems;
• Use of penetration testing tools, techniques, and recognized testing methodologies;
• Scripting skills in at least one of the following: Perl, Python, Ruby, shell (bash, ksh, csh);
• Technical knowledge in system and network security, authentication and security protocols, cryptography, application security, as well as, malware infection techniques and protection technologies;
• Ability to evaluate risks and formulate mitigation plans;
• Proven ability to write clear and structured technical reports including executive summary, technical findings and remediation plan for several different audiences.
• NATO SECRET security clearance