Red Teamer/Pentester (m/f/d)

Pwc Luxembourg is hiring a Red Teamer/Pentester Consultant (m/f/d). What if it was you? 

Your mission:

Have you ever wanted to think and operate like a real attacker, but on the right side of the law? Do you want to test the security of critical organisations, in real life? Do you want to join a team where R&D, hands-on work, and knowledge sharing are part of the core values?

As a Junior/Senior Offensive Security Consultant, you will help our clients by emulating real attackers and uncovering weaknesses before they can be exploited in the wild. You will work with leading organisations across Luxembourg and beyond, including Banks, European Institutions, local bodies, and major actors in the financial and operational sectors.

From targeted penetration tests to advanced Red Team operations, you will contribute to engagements that are technically challenging, varied, and meaningful. This is hands-on work, not a role limited to polished presentations and theoretical recommendations. We do not just produce fancy PowerPoint slides. We assess real environments, test realistic attack paths, uncover what truly matters, and help clients strengthen their security posture in a practical way. Whether you are building your experience or already bringing strong offensive capabilities, you will have room to grow, specialise, and make a visible impact.

You will join a team of experienced, dedicated, and passionate professionals who take offensive security seriously. Research, experimentation, knowledge sharing, and continuous progression are part of the day-to-day work here. The next talk, article, tool, or CVE could come from you.

Want to move faster in the process? Solve this mini challenge:

=QSb6hXflJGbqg3ftpCbkpSQNlUSVtFXbVlRTtESVJESGVVTf5lQI9VTVxlK/1GfgpiYzRieglmSrRmZ+9GajhnfkInZk9nK7tGZqI2ckoHYppUbo9ne8hmfkg3a8hWbrRmKmI2ckoHYpp0ZttGewh3c6RCewxXYkBnKmI2ckoHYpp0akhXftxXb4lGJrhGc8xmKzxHZwhnKrRmeqIGaGpyKstGa81GZzJWbk9mfrhmW

Be a part of our team where you will:  

• Work on diverse offensive security engagements covering web apps, internal infrastructure, Active Directory, phishing/vishing, physical intrusion, Red Team and Purple Team exercises, and advanced assessments in modern environments.
• Produce sharp, actionable deliverables for technical teams and executive stakeholders.
• Support proposal writing, scoping, and the design of tailored technical engagements.
• Help improve our labs, tooling, knowledge base, and offensive capabilities.
• Contribute to a culture of continuous learning through mentoring, technical exchanges, and shared research.
• Collaborate with local and global colleagues across our cybersecurity network.
• Evolve in a high-performing team that values trust, flexibility, and balance.
• Be part of a team where R&D is not marketing language but a real part of the job. We invest time in hands-on research, practical experimentation, reproducing emerging attacks, and refining attacker tradecraft.
• Join colleagues who attend and contribute to leading cybersecurity events including DEF CON, Hack.lu, leHACK, BruCON, Black Alps, and BSides Luxembourg, and who publish and share their expertise with the wider community. In 2025, four team members presented internal research at Hack.lu. The next one could be you!

Let’s talk about you. If you …

• Have a strong academic background in Computer Science, Cybersecurity, Network Engineering, Offensive Security, or a related field.
• Are technically curious and driven to understand how systems fail and how attackers operate.
• Enjoy learning by doing and want to sharpen your offensive skills in real-world assignments.
• Can communicate clearly and professionally in English, both verbally and in writing.
• Value ethics, discretion, and professionalism.
• Thrive both autonomously and as part of a strong team.
• Bring experience according to your level, from strong potential and first hands-on exposure for junior candidates to proven offensive security experience for senior profiles.

In addition, it’s a plus if you…

• Have prior experience in offensive security, cybersecurity consulting, or hands-on security testing.
• Hold recognised certifications such as OSCP, OSEE, GPEN, GXPN, CRTO, CRTL, or equivalent.
• Have shared knowledge with the community through talks, blogs, tools, open source, research, or CVEs.
• Have an interest in offensive R&D and staying close to the evolution of attacker techniques.
• Know the Luxembourg market and/or its regulatory environment.