Skip to content

Main menu. Press enter or space keys to expands and escape key to collapse

Algemene Informatie

Bedrijf
Deloitte
Business Unit
Technology & Transformation
Locatie
Zaventem
Interesseveld
Technology
Industry Focus
Industry Agnostic
Recruiter
Govaerts, Julie - jugovaerts@deloitte.com

Positiebeschrijving

Your journey with us

As a medior penetration tester, you’ll be responsible for delivering high-quality web application security assessments. You’ll work on a range of technical environments, supporting senior consultants, collaborating with clients, and mentoring junior colleagues. You have a solid understanding of offensive security and are passionate about identifying and exploiting vulnerabilities in complex applications.

Your key responsibilities are:
  • Perform manual and automated penetration tests on web applications, APIs, and related infrastructure.
  • Identify, exploit, and document security vulnerabilities in accordance with OWASP, NIST, and other standards.
  • Develop custom exploits or proof-of-concept code where applicable.
  • Analyze and present assessment results clearly to technical and non-technical stakeholders.
  • Write concise, actionable, and technically accurate reports and recommendations.
  • Collaborate with red team or infrastructure testing teams on hybrid assessments.
  • Contribute to the continuous improvement of tools, methodologies, and internal documentation.
  • Support junior team members through peer review and mentoring.
  • Stay current with the latest attack techniques, tooling, and security advisories.
  • Participate in client meetings, kick-offs, and debriefings.
Let’s Talk About You
  • 3–6 years of hands-on experience in web application penetration testing.
  • Familiarity with offensive security methodologies and common vulnerability classes (e.g., OWASP Top 10, SSRF, RCE, deserialization, logic flaws).
  • Solid experience with manual testing and tools such as Burp Suite, OWASP ZAP, Postman, Nmap, etc.
  • Comfortable with scripting (Python, Bash, etc.) for automation and exploitation.
  • Strong understanding of HTTP(S), authentication mechanisms, session handling, input validation, etc.
  • Experience in reviewing source code or conducting white-box assessments is a plus.
  • Familiarity with cloud services (AWS, Azure, GCP) and associated security models is a plus.
  • Able to communicate clearly in English (spoken and written); other languages a plus.
  • Hold or pursuing certifications such as OSCP, eWPT, GWAPT, OSEP (OSWE or OSED is a plus).
  • Eligible to work in Belgium; security clearance may be required depending on project.
Nice to haves:
  • Participation in bug bounty programs or public CTFs.
  • Familiarity with CI/CD security and DevSecOps principles.
  • Experience with API security, especially REST.
  • Experience with GraphQL.
  • Experience working with clients in regulated industries (finance, healthcare, etc.).
  • Experience in testing mobile applications on both iOS and Android, including reverse engineering and mobile-specific attack vectors.
Everybody’s talking about it. Every organisation in every sector is concerned by it. At Deloitte, we’re shaping strategies and transforming technology to minimise Cyber Risk for organisations, and we need you to join us. You’ll build strong relationships within the Belgian Cyber practice with over 100 highly talented individuals. Our team brings together people who graduated in everything from Law, Maths, Computer Science, Cyber Security and Information Management within one team. You will help clients prevent cyber attacks and advise them on how to protect their most valuable assets
Cyber Defense & Resilience is part of the Cyber team.