Penetration Tester – Web, Cloud & Network Security
Netherlands (Hybrid/Remote possible)
Full-time / Permanent or Freelance
We are looking for a Penetration Tester with 2–3 years of hands-on experience to join our cybersecurity team. In this role, you will focus on assessing and exploiting vulnerabilities across web applications, cloud environments, and network infrastructures. You’ll be part of a growing security team with the flexibility to work remotely or from our offices in the Netherlands.
You will help strengthen our clients' security posture by conducting ethical hacking engagements, providing actionable findings, and working alongside blue teams to improve defenses.
Perform penetration tests and security assessments on:
Web applications (OWASP Top 10, business logic flaws)
Cloud environments (AWS, Azure, GCP)
Internal and external networks
Document vulnerabilities, exploits, and findings with clear technical and business impact
Collaborate with DevOps, Cloud, and Infrastructure teams to advise on remediation steps
Contribute to red/purple team exercises if required
Stay up to date with emerging threats, vulnerabilities, and tools
Participate in post-engagement debriefs with technical and non-technical stakeholders
2–3 years of hands-on penetration testing experience
Solid understanding of web application security (e.g. XSS, SQLi, SSRF, IDOR, etc.)
Experience testing cloud platforms (AWS, Azure, or GCP)
Good grasp of networking concepts (TCP/IP, DNS, firewall, VPN, VLANs)
Familiarity with tools like Burp Suite, Nmap, Metasploit, Nikto, Gobuster, Wireshark, etc.
Basic scripting knowledge in Python, Bash, or PowerShell
Ability to write clear, concise, and professional reports
Comfortable working independently or as part of a distributed team
Certifications such as OSCP, eJPT, CRTP, PNPT, or CEH
Exposure to DevSecOps or CI/CD pipeline testing
Experience with Active Directory exploitation
Dutch language skills (not mandatory)