Requirement: Penetration Tester
Location: Mons, BELGIUM
Full Time On-Site: Yes
Time On-Site: 100%
Not to Exceed Rate: 103 EUR
Total Scope of the request (hours): 1460
Required Start Date: 23 February 2026
Required Security Clearance: NATO SECRET
Please do NOT
apply for any NATO contract positions unless you meet ALL the following criteria:
- Current National or NATO SECRET clearance
- Nationality of one of the NATO member countries
- Current work visa for the specific location if applying for an in-country position
Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.
Duties & Role:
The duties of the individual mainly focus on:
Skill, Knowledge & Experience:
The duties of the individual mainly focus on:
- Lead and/or be part of the Red/Blue Team during NATO military exercises;
- Provide Web, infrastructure and application level penetration testing;
- Provide security design reviews to ensure compliance with NATO policies and directives;
- Provide security consultancy and advice to projects, plans, and other entities;
- Build and sustain effective communications with different stakeholders; specifically, the NCIA Configuration Control Board, Security Accreditation Boards, NATO Security Accreditation Authorities, and NCI Agency organization units supporting accreditation processes.
- Brief at both executive and technical levels on security reports and testing outcome, including at flag officer level;
- In co-ordination with the Head of the Penetration testing Cell, ensure proactive collaboration and coordination with internal and external stakeholders.
Skill, Knowledge & Experience:
- The candidate must have a currently active NATO SECRET security clearance
- Extensive knowledge and experience (more than 3 years) in web application penetration testing;
- Extensive knowledge and experience (more than 3 years) in IT infrastructure penetration testing;
- Extensive knowledge and experience (more than 3 years) network security architecture design;
- Extensive knowledge and experience (more than 3 years) in assessing security vulnerabilities within OS, software, protocols & networks;
- Extensive knowledge and experience (more than 3 years) in researching and evaluating security products & technologies;
- Knowledge in system and network administration of UNIX and Windows systems;
- Extensive knowledge and experience (more than 3 years) in use of penetration testing tools, techniques, and recognized testing methodologies;
- Scripting skills in at least one of the following: Perl, Python, Ruby, shell (bash, ksh, csh);
- Technical knowledge in system and network security, authentication and security protocols, cryptography, application security, as well as, malware infection techniques and protection technologies.
- Ability to evaluate risks and formulate mitigation plans;
- Proven ability to write clear and structured technical reports including executive summary, technical findings and remediation plan for several different audiences.