4-5 years of proven experience in Penetration Testing/Red Team Operations.
Proven experience leading or delivering Red Team and/or adversary simulation engagements in complex enterprise environments
Deep understanding of Active Directory, hybrid identity, and cloud attack surfaces
Senior Penetration Tester/Red Team Operator at Nttlimited
Hands-on experience developing or adapting TTPs beyond what standard frameworks provide out of the box
Demonstrated ability to research abuse paths, misconfigurations, or novel vulnerabilities
Strong written and verbal communication skills, this means you can write a compelling attack narrative and present findings to a CISO without losing either audience (technical or non-technical)
Comfortable acting as a trusted technical advisor to clients and stakeholders
Strong teamwork abilities
Native proficiency in French or Dutch, with excellent verbal and written knowledge of English
Experience emulating specific real-world threat actors (APT groups, ransomware operators)
Hands-on vulnerability research or PoC development leading to CVEs or public disclosure
Contributions to open-source tooling, public research, or conference presentations (DEF CON, Black Hat, BruCon, ...)
Familiarity with regulated-sector testing frameworks (TIBER-EU, DORA, CBEST, GBEST)
Relevant certifications (CRTO, CRTE, OSED, OSEP, CCRTS or equivalent), very valued but not a prerequisite
Naturally curious, you read threat intel reports for fun and follow OffSec research because you want to
Motivated by real-world impact, not engagement count
Comfortable with ambiguity and complex environments
A low-ego collaborator who challenges ideas constructively
Committed to continuous learning and raising the bar for those around you
Flexible and you have a willingness to travel for limited periods if required
In possession of a valid driving license (category B) is required
You are eligibl
Benefits
Flexible schedule
Additional Information
Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion - it's a place where you can grow, belong and thrive.
As our Technology Consulting Services department continues to expand, we are seeking a Senior Penetration Tester/Red Team Operator to join our team.
This is a hybrid role (PT/RT) for someone who thinks like an adversary, learns and follows real-world threat actors, and cares about the quality and relevance of every engagement they touch.
You will lead and execute technical security assessments across a broad range of environments and dedicate a meaningful portion of your time to Research & Development (R&D) , developing new tooling, novel attack techniques, and advancing your own areas of deep expertise.
This is not a checkbox testing role. Our clients engage us because they want to understand how a real attacker would operate against them. Your job is to make that simulation credible, contextual, and genuinely useful to defenders.
Job Description
After an initial onboarding into NTT Data methodologies and client environments, you will be expected to:
Lead and execute technical engagements, including scoping, technical security testing, analysis, reporting, and client presentations, across:
Web, Mobile, and Desktop Applications Penetration Tests
IT Infrastructure and Network environments Penetration Tests
Active Directory and hybrid identity (AD / Entra ID) Penetration Tests
Cloud platforms (Azure, AWS, GCP, M365) Penetration Tests
Full-spectrum Red Team and Adversary Simulation operations
Design and deliver adversary simulation, including:
Developing realistic, intelligence-led attack scenarios grounded in actual threat actor TTPs
Crafting phishing and social engineering campaigns
Bypassing modern defensive controls (EDR/XDR, MFA) using low-noise techniques
Developing or adapting custom tooling for delivery, evasion, and C2
Supporting Purple Team exercises to directly improve client detection and response capabilities
Drive Research & Development, including:
Becoming a recognised expert in one or more domains of your choosing (Active Directory, cloud-native environments, web browsers, OT/ICS, containers, hardware, etc.)
Researching and responsibly disclosing previously undiscovered vulnerabilities (0-days)
Publishing research through blog posts, whitepapers, CVEs, or conference talks
Developing novel attack techniques applicable to real-world Red Team engagements
Contribute to the business and the team, including:
Supporting pre-sales by capturing client needs and translating them into commercial proposals
Mentoring and guiding junior consultants through projects and skill development
Maintaining a broad, up-to-date knowledge base across core information security domains
Communicating complex attacker behaviour clearly and accurately to both technical and non-technical stakeholders
Here's what we are looking for in candidates
Nttlimited · Diegem, Belgium