[5102] Security Testing Specialist (TSEC)

Location: Luxembourg, Onsite
Requirements: Hybrid model – at least 2 days per week on-site
Estimated Hours per Profile: 660
Start Date: As defined in the service request (tentatively Q2 2025)
Working Hours: 8 hours/day, 5 days/week
Language: English (working language), French is an asset

Responsibilities
The Security Testing Specialist will be responsible for:
• Planning and conducting security assessments and penetration tests.
• Executing and automating vulnerability scans and reporting.
• Analysing risks and performing root-cause analysis for detected vulnerabilities.
• Supporting the secure development lifecycle by identifying security flaws early.
• Generating test plans, scripts, and final reports with clear, actionable findings.
• Contributing to security architecture evaluations and compliance testing.

Technical Skills and Tools
Mandatory:
• Penetration testing tools: Burp Suite, OWASP ZAP, Metasploit, etc.
• Scripting: Python, Bash, PowerShell
• Vulnerability scanners: Nessus, Qualys, OpenVAS
• OS knowledge: Linux and Windows
• Web and API security: REST, SOAP, JSON, XML
• Understanding of OWASP Top 10, Secure SDLC, DevSecOps

Desirable:
• Knowledge of cloud security controls (Azure, AWS, GCP)
• Experience with SIEMs and log analysis
• Familiarity with compliance frameworks: ISO 27001, NIST, CIS

Qualifications and Experience
• Minimum 5 years of experience in cybersecurity testing
• University degree in IT, engineering, or equivalent experience
• Certifications such as OSCP, CEH, GIAC, CISSP are advantageous
• Strong reporting and documentation skills in English
• Experience in European Institutions or large public-sector IT environments is a plus

Deliverables
• Security testing strategy and test cases
• Periodic penetration testing reports
• Security gap analysis and remediation guidance
• Scripts for test automation and log analysis
• Documentation of findings and evidence in line with EU IT standards

Evaluation Metrics
• Timeliness and completeness of deliverables
• Accuracy and severity classification of vulnerabilities
• Quality and clarity of documentation
• Adherence to applicable security and compliance standards
• Responsiveness and collaboration with internal teams