Mission Terms
As part of its activities, ORES is looking for a Penetration and Intrusion Testing Expert.
This is a full-time mission estimated to last ~10 days and will start as soon as possible.
Part of the mission can, in consultation with the manager, be performed remotely, but a presence at the Gosselies site for a minimum of 2 days per week is mandatory. Additional on-site days may occasionally be requested from the consultant, depending on the service's needs. As the Gosselies site is not easily accessible by public transport, having a driver's license and a vehicle will be preferable for commuting.

Mission Context
You will be part of the Information Security Office team.

Main tasks:
As part of the migration project to Windows 11, a new system image and several new laptop models must be validated before deployment in production.
The aim of the penetration test is to assess the security robustness of the Windows image, associated hardware configurations, and native protection mechanisms (TPM, Secure Boot, BIOS/UEFI hardening, Defender, etc.).
This test aims to provide a level of assurance that the deployed endpoints meet internal security requirements and limit the risk of privilege escalation, local compromise, or secret extraction.

Target machines:
- 1x T16 migration windows 10 -> windows 11
- 1x T16 Windows 11
- 1x Dell Pro 16 Plus Windows 11

Windows 11 Image
- System configuration (GPO, baselines, hardening).
- Defender / antivirus / EDR settings.
- Local attack surface (rights, services, configurations).
- Encryption (BitLocker).
- Boot process (Secure Boot, UEFI Lockdown).
- Internal versioning and packaging.
- Etc…

Hardware
- Activation and robustness of TPM 2.0.
- UEFI/BIOS security (passwords, disabling ports/external boot).
- Interface testing (USB, Thunderbolt).
- Verification of BitLocker key deletion mode via hardware events.
- Etc…

Connectivity
- Testing in connected / non-connected mode.
- MDM posture – onboarded machine (Intune)

Recommended tests
- Security configuration analysis (Windows 11 baseline).
- Local privilege escalation test (non-destructive).
- Bypass of security policies (Defender, SmartScreen, SRP/Applocker).
- Verification of secrets protection (LSA Protection, Credential Guard…).
- Analysis of isolation mechanisms (sandboxing, AppContainer).
- Verification of local network hardening (firewall, open services).
- Testing of hardware protections (Secure Boot, TPM misuse).
- Non-intrusive persistence attempts.
- Etc...

Profile sought
The required technical skills and associated seniority levels are listed in the skills section of Connecting Expertise.

From a "soft skills" perspective, the consultant is expected to be/have:
- Autonomous
- Good communicator
- Flexible
- Able to explain technical points to the Business
- Good ability to write summary documents
- Able to assess the severity of discovered vulnerabilities
- Able to synthesize and communicate both to the Business and to a technical team

As the position requires administrative rights or access to information classified as confidential, it is considered high risk for ORES's information systems. Consequently, and in compliance with ISO27001, we are required to conduct a background check by contacting at least one reference provided for any candidate selected for the mission. If your candidate is selected for an interview, you will be asked to provide us with the contact details of one or more previous managers at the end client (recent experience) for reference checks. Providing these references constitutes agreement by the candidate and the mentioned person(s). This data will be deleted after 2.5 years following the end of the collaboration or after a maximum of one and a half years if the recruitment process is not successful.