Përshkrimi

Novus is an IT company, working with clients on information security, risk management, infrastructure, and compliance-related projects. We are expanding our cybersecurity team and are looking for motivated professionals who want to grow in the security field.

Detyrat

Tasks and responsibilities.

Plan, scope, and execute penetration tests on web applications, APIs, network infrastructure, cloud environments, mobile applications and wireless networks for Novus clients.
Conduct vulnerability assessments and validate findings through manual exploitation to eliminate false positives and demonstrate real-world business impact.
Perform red team engagements, social engineering campaigns (phishing, vishing), and adversary simulation exercises aligned with MITRE ATT&CK and TIBER-EU frameworks.
Test compliance with industry standards and regulatory requirements (PCI DSS, ISO/IEC 27001, DORA, NIS2, BaFin/BAIT) and produce evidence to support client audits.
Develop, maintain, and improve internal testing methodologies, tooling, scripts, and playbooks based on OWASP, OSSTMM, NIST SP 800-115, and PTES.
Prepare clear, professional penetration testing reports with executive summaries, detailed technical findings, risk ratings (CVSS), reproduction steps, and prioritized remediation guidance.
Present findings and remediation plans to Novus clients’ technical teams and management, including post-engagement debriefs and retesting of remediated issues.
Evaluate offensive security tools and technologies to identify the most suitable solutions for Novus client’s.
Prepare technical proposals within their area of expertise and assist in evaluating client requirements and scoping engagements.
Work closely together with Novus team to identify and propose new technology solutions, service offerings, and project opportunities in offensive security.
Take part in group meetings, presentations, workshops, and other events where he/she can provide additional expertise and contribute to Novus reputation and service excellence.
Assist other Novus staff members on project deliverables in fields where he/she is an expert, including incident response support and threat hunting engagements
Stay up to date with the latest cybersecurity threats, attack techniques, exploits, CVEs, and defensive technologies. Continuously enhance his/her knowledge through new training and related field certifications, which are crucial for Novus partnership development.
Prepare professional documentation of projects that he/she is involved in, ensuring confidentiality, chain of custody, and secure handling of client data and findings.

Relevant certifications, projects, GitHub profiles, portfolios, or security write-ups are considered an advantage.

Të dhënat personale të kandidatëve do të trajtohen dhe ruhen në përputhje me Ligjin nr. 124/2024 për mbrojtjen e të dhënave personale.

Detyrat

Tasks and responsibilities.

Plan, scope, and execute penetration tests on web applications, APIs, network infrastructure, cloud environments, mobile applications and wireless networks for Novus clients.

Conduct vulnerability assessments and validate findings through manual exploitation to eliminate false positives and demonstrate real-world business impact.

Perform red team engagements, social engineering campaigns (phishing, vishing), and adversary simulation exercises aligned with MITRE ATT&CK and TIBER-EU frameworks.

Test compliance with industry standards and regulatory requirements (PCI DSS, ISO/IEC 27001, DORA, NIS2, BaFin/BAIT) and produce evidence to support client audits.

Develop, maintain, and improve internal testing methodologies, tooling, scripts, and playbooks based on OWASP, OSSTMM, NIST SP 800-115, and PTES.

Prepare clear, professional penetration testing reports with executive summaries, detailed technical findings, risk ratings (CVSS), reproduction steps, and prioritized remediation guidance.

Present findings and remediation plans to Novus clients’ technical teams and management, including post-engagement debriefs and retesting of remediated issues.

Evaluate offensive security tools and technologies to identify the most suitable solutions for Novus client’s.

Prepare technical proposals within their area of expertise and assist in evaluating client requirements and scoping engagements.

Work closely together with Novus team to identify and propose new technology solutions, service offerings, and project opportunities in offensive security.

Take part in group meetings, presentations, workshops, and other events where he/she can provide additional expertise and contribute to Novus reputation and service excellence.

Assist other Novus staff members on project deliverables in fields where he/she is an expert, including incident response support and threat hunting engagements

Stay up to date with the latest cybersecurity threats, attack techniques, exploits, CVEs, and defensive technologies. Continuously enhance his/her knowledge through new training and related field certifications, which are crucial for Novus partnership development.

Prepare professional documentation of projects that he/she is involved in, ensuring confidentiality, chain of custody, and secure handling of client data and findings.

Relevant certifications, projects, GitHub profiles, portfolios, or security write-ups are considered an advantage.

Të dhënat personale të kandidatëve do të trajtohen dhe ruhen në përputhje me Ligjin nr. 124/2024 për mbrojtjen e të dhënave personale.

Penetration Tester

Përshkrimi

Detyrat

Penetration Tester

Përshkrimi

Detyrat