We are looking for a penetration tester. Most of the work is in or around Brussels. Some of the work will have to be done remotely. Employee or subcontractor.
You'll get a lot of opportunities to hack stuff. Actually, you'll be trying to break stuff most of your working time. Except when you are writing reports. Or trying to make stuff work, before you can start breaking it. Most of the work are web application tests, but other stuff as well, from hardware hacking to custom client-server applications.
Obviously, you get a salary, and other perks, such as a laptop, cell phone, a paid Internet connection at home, hospitalisation insurance, etc. Pay and benefits are discussable, so if, for example, you always dreamt of getting your bonuses in cream toffees, that can be arranged.
We are looking for penetration testers with a broad knowledge in IT security domain, but if you happen to specialise in some area this is ok as well. For web application penetration testers we are looking for:
- Security. Uhm, I don't know exactly how to describe it. You know and love security. If you are asked what XSS is, you can talk for half an hour. You can exploit an SQL injection where automated tools fail (okay, at least sometimes). You can explain why an invalid SSL certificate on a server is a bad thing.
- Human interface. You can write a report that people won't mind reading. You can talk to people and explain security to them. You can think about security in terms of business impact. You can speak and write in English (uhm, and read and listen too). Dutch and French in addition to English are also welcome.
- Certificates. Nice to have.
For more network-oriented penetration testers we are looking for:
- Excellent knowledge of networking - link level, TCP/IP, application level. You know how to capture network traffic and you know what to do with it once you captured it. Experience in system/network administration is a plus.
- Familiarity with Windows and Unix/Linux. You can use them, you can install and configure them, you understand the security models.
- Programming. You can script. Perl, python, ruby, shell, whatever you like. The more the better. At least you should be able to read and fix Perl/shell scripts.
Also, if you are good in Java and willing to help with development of MagicTree, it is a plus. If you don't know what is MagicTree, it is a minus.
Looks good? Send your CV to firstname.lastname@example.org with [Job] in the subject.