Job Description

We are looking for an experienced Penetration Tester (m/f/x) with a broad skillset who can perform the following assessments:

• Internal & External Infrastructure Penetration Tests
• Web Application Penetration Tests
• Red Team Assessments
• Social Engineering Assessments
• Optional: Physical Penetration Tests
• Optional: Mobile Application Penetration Tests
• Any other custom offensive security projects requested by our clients.

You will report the findings of these assessments (potential exploitation, risks, and consequences) through a pentest/red team report, along with recommendations for remediation. You can explain these to both technical and non-technical audiences. Depending on the type of project, you will work independently or in a team.

Between projects, you will dedicate time to research or work on setting up and improving infrastructure and custom tools that can be used in future assessments. Additionally, you will regularly share insights and security research on the dedicated red team blog.

A day in the life of a Penetration Tester at spotit

Your morning kicks off with an external infrastructure test for a new client. As you explore their systems, you uncover vulnerabilities, documenting your findings for the final report. Before lunch, you switch gears to a web application test, zeroing in on a potential exploit in the authentication flow.

In the afternoon, it’s time for a red team assessment. Collaborating with your team, you simulate real-world attacks, testing the client’s detection and response capabilities. Later, you meet with another client to present findings from a recent project, explaining technical risks and actionable fixes in clear terms.

Wrapping up the day, you focus on research—tweaking a custom tool or preparing a new post for spotit’s red team blog. Every day is unique, blending technical challenges, collaboration, and the opportunity to make a tangible impact.

Curious what else a Penetration Tester does at spotit? Check out this presentation by Keanu (Offensive Security Lead), talking about 'the almost perfect phish'.

Your Profile

• You hold a Bachelor's or Master's degree in an ICT-related field or equivalent experience.
• You have several years of experience as a penetration tester and are eager to deepen your expertise.
• You possess in-depth knowledge of networks, operating systems, and web applications.
• You understand that penetration testing is more than just running automated scanners and point-and-click exploits. You rely on your knowledge, methodology, and out-of-the-box thinking to create added value.
• You are flexible in your working methods and not dependent on a few tools. You understand how the tools and scripts you use work under the hood and can adapt them as needed.
• Certifications related to penetration testing (OSCP, OCEP, eCPPTv2, eCPTX, PNPT, GPEN, CRTE, CARTE, etc.) are a plus, but not essential if technical knowledge can be demonstrated through other means.
• You have strong communication skills and can clearly explain the risks and consequences of vulnerabilities.
• Besides identifying and exploiting vulnerabilities, you can also clearly describe what clients can do to resolve and prevent these issues in the future.
• You can express yourself fluently in both spoken and written Dutch and English.
• Extra plus if you're experienced in social engineering and/or web application pentests.

"Every day is a new puzzle—finding the cracks before the bad guys do is what makes this job exciting!" - Reda, Penetration Tester

Offer

• A challenging role within a dynamic scale-up organization. Spotit has been around for 10 years and has a global customer base in 80 countries.
• We value a healthy work-life balance, which is ensured through flexible working hours and remote working options.
• We offer a competitive salary and an IT-worthy package of benefits (representative company car with fuel card, hospitalization insurance, group insurance, mobile phone subscription, meal vouchers, eco-vouchers, etc.).
• Dedicated training time to invest in your professional development.
• Spotit is open to various collaboration options (permanent contract or freelancer).
• You will join a dedicated and collegial team of professionals. Every Friday at 16:00, we have Beer O'Clock, along with regular team events to celebrate our successes.