Penetration Tester / Security Engineer (m/f)

ARHS Group, part of Accenture, is looking for a Penetration Tester / Security Engineer (m/f) to join our Security Team in Luxembourg.

If you enjoy identifying vulnerabilities, assessing application and infrastructure security, and staying up to date with the latest attack techniques, we'd be happy to meet you. You'll work on a variety of security projects while collaborating with experienced security professionals in an international environment.

THE WORK:

• Perform automated and manual penetration testing of web and mobile applications, as well as cloud and on-premises infrastructures.
• Contribute to the continuous improvement of secure software development practices and promote security throughout the development lifecycle.
• Identify security weaknesses and propose mitigation strategies or secure architectural improvements.
• Analyze customer security requirements and recommend appropriate technical solutions.
• Evaluate and improve penetration testing methodologies and security processes.
• Prepare clear and concise technical reports with findings and recommendations.
• Collaborate with developers and security engineers to improve the overall security posture of applications and infrastructures.
• Share knowledge, contribute to team learning, and drive continuous improvement initiatives.

Our roles require in-person time to encourage collaboration, learning, and relationship-building with colleagues and communities. As an employer, we will be as flexible as possible to support your specific work/life needs.

HERE'S WHAT YOU'LL NEED:

• Master's degree in Computer Science, Information Security, or a related field is preferred.
• Minimum 2 years of experience in penetration testing or application security.
• Experience performing internal penetration tests and/or participating in Red Team exercises.
• Good knowledge of penetration testing tools such as Burp Suite Professional, Nmap, Metasploit, Nessus, and Kali Linux.
• Good understanding of:
• OWASP Top 10
• MITRE ATT&CK
• DevSecOps and Secure SDLC principles
• OSI/TCP networking concepts
• Cloud security principles (AWS/Azure)
  • Familiarity with one or more programming or scripting languages such as Java, C/C++, PHP, or Python.
  • Strong analytical, problem-solving, and communication skills.
  • Curiosity, creativity, and willingness to continuously learn new technologies and attack techniques.
  • Experience working in Agile environments.
  • Fluency in English (written and spoken).

BONUS POINTS IF YOU HAVE:

• Experience developing custom exploits or participating in bug bounty platforms such as HackerOne, Hack The Box, or TryHackMe.
• Previous experience as a software developer.
• One or more of the following certifications:
• OSCP
• OSWE
• eCPPTv2
• CHFI
• GIAC GPEN
• AWS Certified Security – Specialty
• Azure Security Engineer Associate