[6003] Penetration testing service - NPCL Support

Client: NATO (NCIA)
Start date: Negotiable
Clearance: NATO Secret
Location: Mons (Onsite)

Skills:

• Web application penetration testing
• IT infrastructure penetration testing
• Network security architecture design
• Assessing security vulnerabilities within OS, software, protocols & networks
• Researching and evaluating security products & technologies
• Knowledge in system and network administration of UNIX and Windows systems
• Use of penetration testing tools, techniques, and recognized testing methodologies
• Scripting skills in at least one of the following: Python, Go, PowerShell, shell (bash, ksh, csh)
• Technical knowledge in system and network security, authentication and security protocols, cryptography, application security, as well as, malware infection techniques and protection technologies
• Ability to evaluate risks and formulate mitigation plans
• Proven ability to brief at executive level on security findings, reports and testing outcome
• Proven ability to write clear and structured technical reports including executive summary, technical findings and remediation plan for several different audiences
• Professional qualifications: OSCP, OSCE, OSWE, GPEN, CREST Certified Web Application Tester, GXPN, GWAPT or equivalent
• Familiarity with risk analysis methodologies
• Prior experience of working in an international environment comprising both military and civilian elements
• Prior experience of working in an international environment comprising both military and civilian elements
• Knowledge of NATO organization, internal structure and resultant relationships


Activities:

• Provide Web, infrastructure and application-level penetration testing, including but not limited to COTS software and NOTS/GOTS software (NATO/Government off the Shelf), following clearly defined methodologies
• Participate in kick-off meetings with stakeholders and technical points of contact in order to identify requirements for testing
• Follow the documented procedures and workflows outlined by the technical leads
• Brief at both executive and technical levels on security reports and testing outcome, including at flag officer level
• In case of new vulnerabilities detected for COTS software, follow the Responsible Disclosure Process and follow-up with vendors and stakeholders
• In co-ordination with the Technical Lead of the Penetration testing team, ensure proactive collaboration and coordination with internal and external stakeholders