Web Application Penetration Tester
Back to JobsDeloitte Get Smart Job AI Coach in the appFree on iOS and Android 



Web Application Penetration Tester
Location
Zaventem
Experience
Mid
Posted
Jul 15, 2026
Apply by
August 14, 2026
Applicants
0
Early applicantEasy applyFull-timeHybrid
Job Description
Can’t wait to make an impact on the world? You’re not alone. Join us in driving progress in the working world and beyond. Your journey with usAs a medior penetration tester, you’ll be responsible for delivering high-quality web application security assessments. You’ll work on a range of technical environments, supporting senior consultants, collaborating with clients, and mentoring junior colleagues. You have a solid understanding of offensive security and are passionate about identifying and exploiting vulnerabilities in complex applications. Your key responsibilities are:Perform manual and automated penetration tests on web applications, APIs, and related infrastructure.Identify, exploit, and document security vulnerabilities in accordance with OWASP, NIST, and other standards.Develop custom exploits or proof-of-concept code where applicable.Analyze and present assessment results clearly to technical and non-technical stakeholders.Write concise, actionable, and technically accurate reports and recommendations.Collaborate with red team or infrastructure testing teams on hybrid assessments.Contribute to the continuous improvement of tools, methodologies, and internal documentation.Support junior team members through peer review and mentoring.Stay current with the latest attack techniques, tooling, and security advisories.Participate in client meetings, kick-offs, and debriefings. Let’s Talk About You 3–6 years of hands-on experience in web application penetration testing. Familiarity with offensive security methodologies and common vulnerability classes (e.g., OWASP Top 10, SSRF, RCE, deserialization, logic flaws). Solid experience with manual testing and tools such as Burp Suite, OWASP ZAP, Postman, Nmap, etc. Comfortable with scripting (Python, Bash, etc.) for automation and exploitation. Strong understanding of HTTP(S), authentication mechanisms, session handling, input validation, etc. Experience in reviewing source code or conducting white-box assessments is a plus. Familiarity with cloud services (AWS, Azure, GCP) and associated security models is a plus. Able to communicate clearly in Dutch + English (spoken and written); other languages a plus. Hold or pursuing certifications such as OSCP, eWPT, GWAPT, OSEP (OSWE or OSED is a plus). Eligible to work in Belgium; security clearance may be required depending on project. Nice to haves: Participation in bug bounty programs or public CTFs. Familiarity with CI/CD security and DevSecOps principles. Experience with API security, especially REST. Experience with GraphQL. Experience working with clients in regulated industries (finance, healthcare, etc.). Experience in testing mobile applications on both iOS and Android, including reverse engineering and mobile-specific attack vectors. Our story Everybody’s talking about it. Every organisation in every sector is concerned by it. At Deloitte, we’re shaping strategies and transforming technology to minimise Cyber Risk for organisations, and we need you to join us. You’ll build strong relationships within the Belgian Cyber practice with over 100 highly talented individuals. Our team brings together people who graduated in everything from Law, Maths, Computer Science, Cyber Security and Information Management within one team. You will help clients prevent cyber attacks and advise them on how to protect their most valuable assets Cyber Defense & Resilience is part of the Cyber team. Who is Deloitte? We provide industry-leading audit and assurance, tax and legal, consulting and related services. We are committed to driving innovation across offerings to help our clients address their challenges, while giving our professionals opportunities to learn and grow in this era of transformation. In Belgium, +5000 dedicated professionals active in +10 offices, take great pride in bringing multidisciplinary expertise to a wide variety of clients, from national and international companies, small, fast-growing and large organizations to public institutions and governmental authorities. Why Deloitte? Be the true you! We foster diversity and inclusion and encourage you to bring your authentic self to work. Explore, question and collaborate while building a career that inspires and energises you. Never stop growing! Diversity of thought makes us stronger. At Deloitte, we tailor a personalized learning experience, offering you the opportunity to grow at your own pace and achieve maximum impact. We practice what we preach! As a Purpose-led organisation, at the heart of everything we do is a set of timeless principles and unifying values. Life looks different for each of us, so we created a varied benefits package that you can tap into: My Benefits My Choice, a flexible rewards plan tailored to your lifestyle and priorities Sustainable transport options offered by Mobility@Deloitte Flexible work arrangements for all and initiatives supported by Parents & Caregivers @Deloitte Wellbeing tips and activities powered by Energise@Deloitte Topped off with other health benefits and insurance opportunities Empowering our employees with flexible work arrangements remains essential in today's reality: Hybrid workplace: combination of home office and on-site (+10 offices in Belgium or client's premises). Part-time employment: all our jobs are open to full-time or part-time work under a 90% or 80% regime. Join us to make an impact together! Apply now! #LI-JG1
Key Responsibilities
- Perform manual and automated penetration tests on web applications, APIs, and related infrastructure.
- Identify, exploit, and document security vulnerabilities in accordance with OWASP, NIST, and other standards.
- Develop custom exploits or proof-of-concept code where applicable.
- Analyze and present assessment results clearly to technical and non-technical stakeholders.
- Write concise, actionable, and technically accurate reports and recommendations.
- Collaborate with red team or infrastructure testing teams on hybrid assessments.
- Contribute to the continuous improvement of tools, methodologies, and internal documentation.
- Support junior team members through peer review and mentoring.
- Stay current with the latest attack techniques, tooling, and security advisories.
- Participate in client meetings, kick-offs, and debriefings.
Skills Required
Web application penetration testingBurp SuiteOWASP ZAPPostmanNmapPythonBashHTTP(S)Authentication mechanismsSession handlingInput validationOWASP Top 10SSRFRCEDeserializationLogic flawsCommunicationMentoringCollaborationAttention to detailSource code reviewWhite-box assessmentsAWSAzureGCPCI/CD securityDevSecOpsRESTGraphQLiOSAndroidReverse engineeringDutch language proficiency
Benefits
- Flexible rewards plan
- Sustainable transport options
- Flexible work arrangements
- Wellbeing tips and activities
- Health benefits and insurance opportunities
App exclusive · Free
Smart Job AI Coach
Your personal interview coach on every job — readiness tips, profile improvements, and role-specific prep. Available only in the Pulse Job app.
Interview readiness
See how prepared you are and what to improve for each role.
Personalized tips
Actionable suggestions based on your profile and the job.
After you apply
Keep coaching momentum from job detail through application success.
Similar roles for you
Matched using this role's title and skills. Open the job search anytime to see every listing.
Senior Associate - Cyber Security (Pentest)
PwC
Full-timeWork from Office
HanoiSenior
Senior Web Developer
Absolute Information Technologies Inc
$130,000–$160,000 / Year
Full-timeEasy applyHybrid
Buffalo2 applicants

iOS Engineer Semi Senior
Encora
Full-timeEasy applyHybrid
PeruMid

Tech Lead - Android Experience Engineering
Watu Credit
Full-timeEasy applyWork from Office
NairobiSenior

Software Engineer Trainee (iOS)
Delivery Hero
ContractEasy applyHybrid
SingaporeEntry

Software Engineer Trainee (Android)
Delivery Hero
ContractEasy applyHybrid
SingaporeEntry