Web Application Pentester

General Information

Press space or enter keys to toggle section visibility

Company Deloitte Business Unit Technology & Transformation Primary Location Zaventem Field of interest Technology Industry Focus Industry Agnostic Recruiter Govaerts, Julie - jugovaerts@deloitte.com

Description of the position

Press space or enter keys to toggle section visibility

Can’t wait to make an impact on the world? You’re not alone. Join us in driving progress in the working world and beyond.
Your journey with us

As a medior penetration tester, you’ll be responsible for delivering high-quality web application security assessments. You’ll work on a range of technical environments, supporting senior consultants, collaborating with clients, and mentoring junior colleagues. You have a solid understanding of offensive security and are passionate about identifying and exploiting vulnerabilities in complex applications.

Your key responsibilities are:

• Perform manual and automated penetration tests on web applications, APIs, and related infrastructure.
• Identify, exploit, and document security vulnerabilities in accordance with OWASP, NIST, and other standards.
• Develop custom exploits or proof-of-concept code where applicable.
• Analyze and present assessment results clearly to technical and non-technical stakeholders.
• Write concise, actionable, and technically accurate reports and recommendations.
• Collaborate with red team or infrastructure testing teams on hybrid assessments.
• Contribute to the continuous improvement of tools, methodologies, and internal documentation.
• Support junior team members through peer review and mentoring.
• Stay current with the latest attack techniques, tooling, and security advisories.
• Participate in client meetings, kick-offs, and debriefings.

Let’s Talk About You

• 3–6 years of hands-on experience in web application penetration testing.
• Familiarity with offensive security methodologies and common vulnerability classes (e.g., OWASP Top 10, SSRF, RCE, deserialization, logic flaws).
• Solid experience with manual testing and tools such as Burp Suite, OWASP ZAP, Postman, Nmap, etc.
• Comfortable with scripting (Python, Bash, etc.) for automation and exploitation.
• Strong understanding of HTTP(S), authentication mechanisms, session handling, input validation, etc.
• Experience in reviewing source code or conducting white-box assessments is a plus.
• Familiarity with cloud services (AWS, Azure, GCP) and associated security models is a plus.
• Able to communicate clearly in English (spoken and written); other languages a plus.
• Hold or pursuing certifications such as OSCP, eWPT, GWAPT, OSEP (OSWE or OSED is a plus).
• Eligible to work in Belgium; security clearance may be required depending on project.

Nice to haves:

• Participation in bug bounty programs or public CTFs.
• Familiarity with CI/CD security and DevSecOps principles.
• Experience with API security, especially REST.
• Experience with GraphQL.
• Experience working with clients in regulated industries (finance, healthcare, etc.).
• Experience in testing mobile applications on both iOS and Android, including reverse engineering and mobile-specific attack vectors.

Our story Everybody’s talking about it. Every organisation in every sector is concerned by it. At Deloitte, we’re shaping strategies and transforming technology to minimise Cyber Risk for organisations, and we need you to join us. You’ll build strong relationships within the Belgian Cyber practice with over 100 highly talented individuals. Our team brings together people who graduated in everything from Law, Maths, Computer Science, Cyber Security and Information Management within one team. You will help clients prevent cyber attacks and advise them on how to protect their most valuable assets
Cyber Defense & Resilience is part of the Cyber team.
Who is Deloitte?
We provide industry-leading audit and assurance, tax and legal, consulting and related services. We are committed to driving innovation across offerings to help our clients address their challenges, while giving our professionals opportunities to learn and grow in this era of transformation.
In Belgium, +5000 dedicated professionals active in +10 offices, take great pride in bringing multidisciplinary expertise to a wide variety of clients, from national and international companies, small, fast-growing and large organizations to public institutions and governmental authorities. 
Why Deloitte?
Be the true you! We foster diversity and inclusion and encourage you to bring your authentic self to work. Explore, question and collaborate while building a career that inspires and energises you.
Never stop growing!Diversity of thought makes us stronger. At Deloitte, we tailor a personalized learning experience, offering you the opportunity to grow at your own pace and achieve maximum impact.
We practice what we preach! As a Purpose-led organisation, at the heart of everything we do is a set of timeless principles and unifying values.

Life looks different for each of us, so we created a varied benefits package that you can tap into:

• My Benefits My Choice, a flexible rewards plan tailored to your lifestyle and priorities
• Sustainable transport options offered by Mobility@Deloitte
• Flexible work arrangements for all and initiatives supported by Parents@Deloitte
• Wellbeing tips and activities powered by Energise@Deloitte
• Topped off with other health benefits and insurance opportunities

Empowering our employees with flexible work arrangements remains essential in today's reality:

• Hybrid workplace: combination of home office and on-site (+10 offices in Belgium or client's premises).
• Part-time employment: all our jobs are open to part-time work under a 90% or 80% regime.

Join us to make an impact together! Apply now!