Senior Penetration Tester H/F/X

Description de l'entreprise

Ambitious, Reliable, Flexible, Fast & Fun: those are our 5 core values we want you to remember us by. Brainbridge was founded in 1998 as a small independent company but with a great vision. Since then, Brainbridge has grown out to be a strong and reliable ally for all your flexible staffing and IT business continuity challenges. Brainbridge staffing divisions offer both IT and Engineering staffing solutions as well as contractor payroll management on a permanent or temporary base. It's our goal to be the highest rated talent sourcing partner for every client and professional in these domains. Throughout the years we built long lasting relationships where Brainbridge made a difference. We thrive for the absolute match, technically and personally, for both parties. Due to our flexible and innovative processes, Brainbridge always finds the perfect solution for your specific sourcing need.

Description de la fonction

We are looking for a Senior Penetration Tester to execute high-impact security assessments across infrastructure, applications, cloud and critical operational technologies. The goal is to perform threat-led penetration testing aligned with DORA TLTP, identify vulnerabilities in complex environments, validate technical and business controls, and support the organization in strengthening its cyber resilience. In this role, you will apply deep offensive security expertise across IT and OT, while working closely with technical teams and stakeholders.
 
Responsibilities

• Conduct infrastructure, application, cloud, and OT/ICS penetration tests in line with DORA TLTP, using white-box, grey-box, and black-box approaches for internal and external attack scenarios.
• Perform full-spectrum testing including discovery, enumeration, vulnerability mapping, exploitation, privilege escalation, lateral movement, network-based testing, and (when authorized) DoS or host-based techniques.
• Assess Windows, Linux, Solaris, enterprise networks, cloud environments (Azure), APIs, microservices, ESB/API-gateway architectures, databases, and proprietary systems.
• Evaluate the security of SCADA/HMI systems and industrial protocols (BACnet, Modbus, OPC UA, Profinet, MQTT) across critical infrastructure.
• Validate technical and business controls, including anti-fraud measures, and deliver regulator-ready reports aligned with DORA. Collaborate with stakeholders, support remediation, and advise on improving architecture, segmentation, identity models, and secure development practices.

Requirements

• 10+ years experience in infrastructure & application pentesting, plus 5+ years in critical infrastructure (ICS/SCADA/OT).
• Expertise in network technologies (Ethernet, Wi-Fi, Fibre Channel, Bluetooth), authentication (Kerberos, NTLM, LDAP, SAML, OAuth, OpenID Connect), encryption, PKI, and defense-in-depth architecture across hybrid/cloud topologies.
• Strong skills in application testing: web apps, APIs, microservices, fat clients, middleware (ESB, API-gateway), and secure development patterns (.NET, Java).
• Deep knowledge of Azure cloud security, hybrid connectivity, identity, segmentation, microservices, and interoperability.
• Proficient in Python, Bash, PowerShell and advanced pentest tooling (Nmap, Burp Suite, Nessus, Metasploit, Wireshark).
• Experience with threat-led testing frameworks, especially DORA TLTP, including reporting to regulatory standards.
• Assets: reverse engineering (OSEE-level or similar), malware development, red teaming, EDR evasion, custom C2 development.
• Analytical, independent, communicative, discreet, and collaborative mindset.
• Languages: English, French, and Dutch.

 

Compétences linguistiques

• Anglais (atout)

  • Comprendre : Expérimenté - (C1)
  • Écrire : Expérimenté - (C1)
  • Lire : Expérimenté - (C1)
  • Parler : Expérimenté - (C1)

Envie d'en apprendre davantage sur ce métier ou sur un métier proche de celui-ci ? Parcourez toutes les informations utiles sur Panorama des métiers. Panorama des métiers