Offensive Security Certified Expert

Join the Team as Offensive Security Certified Expert (European Commission)

Location: Brussels, Belgium (Hybrid)

Client: European Commission

About the Client

The Client provides high quality corporate solutions/information systems for the fight against fraud, enabling the successful implementation of EU policies and the Commission's Digital Transformation.

Amongst the solutions provided there's a set of anti-fraud applications build and operated by one of the Unit of the Client on a common technical infrastructure, whose aim is the timely and secure exchange of fraud-related information between the competent authorities in the Member States, EU Institutions, International Organizations and other partners external to the EU.

Your Role

As an Offensive Security Certified Expert, these are the main tasks that you'll be responsible for:

• Perform a white-box penetration test of the AFIS application, using full access to source code, documentation, system configuration, and user accounts with varying privilege levels.
• Design and execute authenticated attack scenarios for multiple predefined user roles, focusing on privilege escalation, horizontal access abuse, and misuse of authenticated functionalities.
• Apply a structured penetration testing methodology, based on PTES (Penetration Testing Execution Standard) or an equivalent industry-accepted approach, ensuring completeness and repeatability of the test process.
• Conduct all tests in alignment with the OWASP Testing Checklist, covering the required categories such as authentication, authorization, session management, input validation, error handling, and business logic testing.
• Analyze identified vulnerabilities, exploitation paths, and systemic weaknesses, and evaluate their impact, likelihood, and relevance to the AFIS security posture.
• Document all findings in a comprehensive PDF report, including technical descriptions, reproduction steps, risk severity ratings, affected components, and recommended remediation actions.
• Provide guidance to the AFIS team on remediation approaches, mitigation strategies, and secure alternatives for high-risk issues.

What You'll Bring

Technical Skills:

• Great experience in offensive security testing of Web Applications and Infrastructure technologies on a relevant technology stack (Java, Linux, Oracle/Postgres)
• Deep understanding of penetration testing methodologies such as PTES, OWASP Testing Guide, NIST SP , and ISSAF.
• Extensive knowledge of OWASP Top 10, OWASP ASVS, CWE, and common vulnerability classes.
• Knowledge of secure software development practices and common coding pitfalls.
• Knowledge of network protocols, encryption, TLS, certificates, and secure communication patterns.
• Strong understanding of application data flows, business logic, and trust boundaries.
• Expertise in exploit development concepts, payload crafting, and evasion techniques (where applicable in a white-box context).
• Knowledge of logging and monitoring mechanisms, audit trails, and security-relevant events.
• Good knowledge of Java, Spring Boot, React, Python
• Knowledge of identity and access management technologies affecting authenticated scenarios.
• Experience with issue tracking platforms, specifically Gitlab, for accurate defect reporting.
• Understanding of the AFIS application architecture (once documentation is provided).
• Ability to perform white-box testing, including code-assisted analysis and configuration review.
• Expertise in authenticated testing, including session manipulation, impersonation, and privilege escalation attempts.
• Skills in dynamic analysis, static analysis, and manual testing techniques.
• Proficiency in using penetration testing tools, such as: o Burp Suite Pro o OWASP ZAP o Postman / API testing tools o Browser DevTools o Source code review tools (static analyzers when available)
• Ability to create and execute realistic attack chains based on combined vulnerabilities.

Education & Certifications:

• Master's degree in a related field
• Offensive Security Certified Professional (OSCP)

Languages:

• Excellent knowledge of English and French - Level C1/C2
• Good knowledge of Dutch - Level B1 (asset)

Soft Skills:

• Autonomous
• Strong organisational and time-management skills.
• Excellent verbal communication.
• Attention to details.
• Good problem-solving skills

What's in It for You?

• You will have the opportunity to work in an international and multi-cultural environment
• You will be able to work for interesting European projects that is managed by European Commission
• Whether you're applying as a freelancer or looking for an employee contract, we offer attractive compensation and benefits packages, tailored to your experience level

Ready to Join?

If you're excited to work in a role where you'll grow professionally and make an impact from day one - we'd love to hear from you

Who We Are - NTT DATA

NTT DATA - a part of NTT Group - is a trusted global innovator of IT and business services headquartered in Tokyo. We help clients transform through consulting, industry solutions, business process services, IT modernization and managed services. NTT DATA enables clients, as well as society, to move confidently into the digital future. We are committed to our clients' long-term success and combine global reach with local client attention to serve them in over 50 countries. Visit us