Job Description

About Northwave

Defending the digital frontier is our mission.

At Northwave, 275 cybersecurity specialists transform how organisations approach digital safety. From our HQ in Utrecht, along with offices in Germany, Sweden, and Belgium.

Northwave combines ethical hacking expertise with behavioral psychology insights and cutting-edge security management at the highest level. We respond to threats and anticipate them, providing 24/7 managed security services and tailored solutions for each client's journey.

By joining Northwave, you’ll become part of an organisation where innovation drives results, whether your talents lie in technical penetration testing or strategic client partnerships. Here, your expertise will grow and help shape the future of digital security across industries, leaving a lasting impact.

Our Red Team

Our Red Team lives for hacking. With challenging penetration tests and red team exercises, we ensure that our clients are optimally protected. We work closely with Northwave's Blue Team, Threat Intelligence, and CERT to make our clients more resilient. We are proud of our role as a TIBER and ART provider and our impact in the Benelux, DACH region, and Nordics.

The Role

As a seasoned Red Team Operator, you will work on clever attack scenarios to test and strengthen our clients. You will train Blue Teams during Purple Teaming workshops and present results to all levels of the organization, from technicians to CEOs. Thanks to our diverse expertise, you will have the opportunity to discover new vulnerabilities and share unique tactics on (inter)national platforms.

How we achieve this

Everything starts with an intake: what are the crown jewels? Together, we develop realistic attack scenarios and document agreements in a Rules of Engagement document. Then we immediately get to work with techniques such as OSINT, malware building, spear phishing, and exploiting vulnerabilities.

Requirements

What we offer

• Competitive salary, paid on the 25th, with annual review and 8% holiday allowance

• Pension through Nationale Nederlanden, Northwave contributes 50%, including partner pension

• 25 vacation days plus all Dutch national holidays

• Generous special leave for marriage, birth, bereavement, care and parental leave

• Lease car based on salary scale (electric welcome), or choose €0.23/km plus 50% of the lease budget as mobility allowance

• MacBook, phone and accessories fully provided

• €200 net annual allowance for flexible and remote working

• Alleo budget for sports, wellness and leisure of your choice

• Learning budget from €700 to €1,200 per year, up to €4,500 for longer programmes

• Referral bonus when you bring in a great new colleague

• Hybrid working from a modern office in Utrecht

• Personal growth through the Role Model and FeedForward cycle, your ambitions and development front and centre

What you bring

• Several years of hands-on experience in penetration testing and/or red teaming
• Proven experience working within the TIBER and/or ART frameworks
• Ability to design realistic attack scenarios that deliver clear business value
• Strong knowledge of modern attacker TTPs and a habit of staying continuously up to date
• Solid experience with Active Directory environments and working knowledge of Entra ID
• Excellent OPSEC skills and sound judgement on when and how to apply pressure during engagements
• Ability to clearly explain complex technical findings to both technical teams and executive stakeholders
• A collaborative mindset and motivation to share knowledge within the Red Team and the wider security community
• A relevant technical background (Bachelor or Master level) and/or certifications such as OSCP, OSEP, CRTO, or willingness to obtain them

Interested in building systems that are used under real pressure, not in theory? Contact Youri Roelofs at youri.roelofs@northwave-cybersecurity.com