Back to search
Atos Linkedin · Posted 24d ago

Cybersecurity Offensive Specialist Senior

Brussels

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Nature of Services


This mission aims to strengthen the IT security posture of a European institution by delivering advanced monitoring, detection, and incident response capabilities. The Cybersecurity Offensive Specialist will play a key role in proactively identifying vulnerabilities, security misconfigurations, and weaknesses in system and application design, contributing to a more resilient and secure environment.

The role requires strong technical expertise in penetration testing across Windows environments, applications, and infrastructures, combined with a broad understanding of cybersecurity principles and offensive security methodologies.

Working closely within the Security Operations Center (SOC), the specialist will collaborate with defensive teams to share threat intelligence, validate security controls, and address identified weaknesses. The position combines hands-on penetration testing and vulnerability assessment with purple-team collaboration, supporting the continuous improvement of the organization’s overall cybersecurity maturity.


Description of Tasks


The external service provider will perform the following tasks:

1. Conduct Penetration Tests

  • Perform comprehensive penetration tests on on-premise Windows/Linux systems and infrastructures, identifying vulnerabilities and providing actionable mitigation recommendations.
  • Conduct web application penetration testing to identify vulnerabilities in web applications and APIs.
  • Perform network penetration testing to identify weaknesses in network devices, protocols, and architectures.

2. Collaborate with the SOC Team

  • Design, refine, and validate cybersecurity detection use cases.
  • Develop and implement threat hunting strategies to proactively identify threats and vulnerabilities.
  • Participate in regular coordination meetings to align on security initiatives and share knowledge.
  • Support incident response activities with offensive security expertise.

3. Tactical Simulations and Adversary Emulation

  • Use Atomic Red Team for tactical simulations replicating real-world attack scenarios.
  • Use MITRE Caldera for automated adversary emulation and advanced threat simulations.
  • Leverage offensive security tools such as Metasploit and Burp Suite for penetration testing and assessments.

4. Perform Cloud Penetration Testing

  • Conduct cloud penetration testing, with a strong focus on AWS environments.
  • Assess other cloud platforms such as Microsoft Azure and Google Cloud Platform where required.
  • Identify vulnerabilities across storage, compute, and database services.

5. Reporting and Communication

  • Prepare detailed technical and executive reports on findings and recommendations.
  • Maintain documentation of methodologies, tools, and testing results.
  • Communicate complex technical concepts clearly to technical and non-technical stakeholders.

6. Stay Up-to-Date with Industry Developments

  • Monitor the latest cybersecurity trends, attack techniques, and tooling.
  • Participate in conferences, online communities, and industry forums.
  • Research and assess new offensive security tools for integration into workflows.

7. Vulnerability Management

  • Identify, assess, and prioritize vulnerabilities based on business and technical risk.

8. Knowledge Sharing and Training

  • Provide training and mentoring on penetration testing methodologies, tools, and techniques.
  • Share expertise with SOC and other teams to improve response capabilities.
  • Deliver workshops and presentations on cybersecurity best practices, threat intelligence, and emerging threats.


Specific Knowledge, Skills and Expertise

Technical Tooling Requirements

  • Active Directory: BloodHound, Kerberos attacks, delegation attacks, SCCM, DPAPI, MSSQL, domain trust exploitation.
  • Command & Control: Cobalt Strike, Mythic, Metasploit, Sliver, Covenant, Empire.
  • Payload Generation: Donut, Shellter, MacroPack, ShellcodePack.
  • Binary Exploitation: Stack/heap overflows, kernel exploitation, type confusion, format string vulnerabilities, ROP, SEH overwrite, Egghunter shellcode, multistage shellcode, ARM exploitation, browser sandbox escapes.
  • Reverse Engineering: IDA Pro, Ghidra, x64dbg, Immunity Debugger, GDB, PEDA, GEF, pwndbg, pwntools, BinDiff, WinDBG.
  • Fuzzing: Sulley, BooFuzz, AFL, WinAFL, Honggfuzz, DynamoRIO, Frida, Scapy.
  • Network Attacks: Nmap, Unicornscan, Masscan, Loki, Ettercap, Bettercap, Cain.
  • Tactical Simulation: MITRE Caldera, Atomic Red Team.
  • AI Security
  • Mobile Security: Experience with one-click and zero-click RCE exploitation on mobile devices.

Programming & Automation

  • Strong scripting and automation capabilities in PowerShell, Python, Ruby, and Bash.
  • Strong understanding of network protocols, encryption techniques, and endpoint security solutions.

Experience

  • Proven track record in successful penetration testing projects, including cloud-based assessments.
  • Experience working within or alongside a SOC, particularly in developing and testing detection use cases.
  • Experience conducting offensive operations in classified environments.
  • Experience with physical penetration testing.
  • Experience working within EU institutions is highly desirable.
  • Experience organizing workshops, training sessions, and technical talks.


Certifications

Relevant certifications are highly desirable, including:

OSCP, ECES, GWAPT, CRTO/CRTL, GMOB, GPEN, GCPN, GXPN, CCSP.

Mandatory certifications:

  • GXPN
  • GMOB

Non-Technical Skills

Given the international and collaborative nature of the environment, candidates should demonstrate:

  • Ability to integrate quickly into an international and multicultural environment.
  • Strong team collaboration and self-starting capabilities.
  • Ability to participate effectively in multilingual meetings.
  • Ability to manage multiple large-scale projects simultaneously.
  • Ability to establish trusted relationships with stakeholders and partner organizations.
  • Excellent teamwork and interpersonal skills.
  • High degree of discretion, confidentiality, and integrity.

Ideal Candidate Profile

  • Strong English communication and collaboration skills.
  • Excellent analytical and problem-solving capabilities, with strong attention to detail.
  • Teaching or mentoring experience is considered an asset, particularly for knowledge transfer and team enablement.

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent