Job Description

We are looking for an experienced Penetration Tester (m/f/x) with a broad skillset who can perform the following assessments:

• Internal & External Infrastructure Penetration Tests
• Web Application Penetration Tests
• Red Team Assessments
• Social Engineering Assessments
• Optional: Physical Penetration Tests
• Optional: Mobile Application Penetration Tests
• Any other custom offensive security projects requested by our clients.

You will report the findings of these assessments (potential exploitation, risks, and consequences) through a pentest/red team report, along with recommendations for remediation. You can explain these to both technical and non-technical audiences. Depending on the type of project, you will work independently or in a team.

Between projects, you will dedicate time to research or work on setting up and improving infrastructure and custom tools that can be used in future assessments. Additionally, you will regularly share insights and security research on the dedicated red team blog.

Your Profile

• You hold a Bachelor's or Master's degree in an ICT-related field or equivalent experience.
• You have several years of experience as a penetration tester and are eager to deepen your expertise.
• You possess in-depth knowledge of networks, operating systems, and web applications.
• You understand that penetration testing is more than just running automated scanners and point-and-click exploits. You rely on your knowledge, methodology, and out-of-the-box thinking to create added value.
• You are flexible in your working methods and not dependent on a few tools. You understand how the tools and scripts you use work under the hood and can adapt them as needed.
• Certifications related to penetration testing (OSCP, OCEP, eCPPTv2, eCPTX, PNPT, GPEN, CRTE, CARTE, etc.) are a plus, but not essential if technical knowledge can be demonstrated through other means.
• You have strong communication skills and can clearly explain the risks and consequences of vulnerabilities.
• Besides identifying and exploiting vulnerabilities, you can also clearly describe what clients can do to resolve and prevent these issues in the future.
• You can express yourself fluently in both spoken and written Dutch and English.
• Extra plus if you're experienced in social engineering and/or web application pentests.

Offer

• A challenging role within a dynamic scale-up organization. Spotit has been around for 10 years and has a global customer base in 80 countries.
• We value a healthy work-life balance, which is ensured through flexible working hours and remote working options.
• We offer a competitive salary and an IT-worthy package of benefits (representative company car with fuel card, hospitalization insurance, group insurance, mobile phone subscription, meal vouchers, eco-vouchers, etc.).
• Dedicated training time to invest in your professional development.
• Spotit is open to various collaboration options (permanent contract or freelancer).
• You will join a dedicated and collegial team of professionals. Every Friday at 16:00, we have Beer O'Clock, along with regular team events to celebrate our successes.