Work with the best pentesters and become senior ethical hacker & technical lead of our pentesting team
Location The Hague/Zwolle – at least 32 hours per week
One of the main goals within NFIR is to increase the resilience of organizations. To get an accurate picture of technical resilience, they can have a penetration test performed by us. As a senior ethical hacker, your goal is to uncover vulnerabilities and report on them in detail so they can be fixed before unauthorized people take advantage of them. IT security has never been more important and you get to put it to the test for a variety of interesting clients. All this you do not do alone, but together with a team of experienced, creative and skilled pentesters. Do you see yourself filling this role already? Then read on quickly.
Job Description
As a technical lead, you will be responsible for the successful execution of a pentest project, collaborate and provide direction to the team working on the pentest assignment. The projects you lead and execute are very diverse in nature. Such a project may consist of testing an IT infrastructure, web application, API or mobile application with different attack scenarios. The work also includes testing SCADA systems (OT), performing code reviews, walk-ins, and setting up phishing simulations. At NFIR it all comes by so plenty of diversity and challenge!
During an intake interview with a potential client, you and a sales colleague map out the client’s requirements. Based on this, you will make a calculation of hours and draw up a quotation together with the sales colleague. The quote confirms the discussed scope, attack scenarios and hours. When the client agrees with the quotation and the indemnification statement you will work together with the project coordinator and keep in (technical) contact with the client during the execution of the pen test. Your technical knowledge and experience will be used to perform the pen test in collaboration with one or more pen testers. You then prepare a report of the resulting findings. As technical lead, you are ultimately responsible for the content and quality of the reporting. After the delivery of the report, you and your sales colleague provide an explanation to the client during a meeting.
Because you work with both colleagues and external parties, you are able to think along in improving the working methods and processes within the pen testing department. Your role as technical lead also gives you the opportunity to be part of our Computer Emergency Response Team. Your skills can therefore also be actively used during IT security incidents to work with digital forensic investigators to determine the cause of an incident. Is this challenge for you? If so, read the job requirements below and in which organization you will end up!
Function requirements
- Giving up is not an option for you, no technical challenge is too big for you;
- Creativity is in your genes, if you don’t enter to the left, maybe to the right;
- Experience with Linux, Windows, OS X and mobile operating systems such as iOS and Android;
- You can deal very well with various tools that make your work easier, such as Kali Linux, Nessus, Metasploit;
- You are a pro at conducting OSINT research;
- Flexible and able to be open to new attack approaches, discovering new tools and able to turn feedback from colleagues into new energy to make our pentest service even better;
- You are familiar with international pen testing standards and recognize the importance of this
- You are used to preparing reports and opinions;
- Communication skills: you can explain to a non-technical customer what vulnerabilities have been found and what the possible impact could be;
- Education & Certifications: relevant HBO/WO education and at least OSCP certification (or similar);
-
Relevant work experience in a similar role;
- At least 32 hours a week;
- OSWE certification is a plus;
-
Participating in the CERT picket duty is a plus;
- Given the work, a corps heritage approval is required.
Work in a vibrant and professional team
When you join NFIR, you will join a young and energetic team composed of diverse backgrounds and areas of expertise. NFIR is a fast growing Dutch company where the passion for IT-Security is huge, but the drive to help clients is even bigger. Even in an era of working from home, that energy is palpable and new colleagues quickly feel in place. We want you to have a great time but also to develop personally. We offer plenty of training opportunities and we promise you; no day will be the same at NFIR. At NFIR, you will work in a professional and informal environment. All employees have Chief of Police approval, we hold a POB license and have ISO27001 certification. Our clients are served by the very best IT Security specialists who work competently and procedurally. A team of specialists that you can be a part of. In addition to hard work, there is also time for relaxation and fun team outings. Do you still have doubts? Read our attractive terms of employment below.
Terms of employment
NFIR maintains a competitive salary, based on completed education, certifications and experience. The secondary employment conditions are also very well organized (lease car, telephone, laptop, pension, profit-sharing scheme and various training opportunities). In addition to this, we also operate an attractive picket service scheme.
Got excited about this vacancy? Then send your CV and cover letter to Dennis Slier at vacatures@nfir.nl. For questions about this vacancy you can of course also contact us first.
* Acquisition in response to this vacancy is not appreciated.