Website:
cybernovatech.ca
Job details:
Penetration Tester (Remote — India)
Cybernova Technologies Inc. | Ontario, Canada
https://cybernovatech.ca/
About Cybernova Technologies
Cybernova Technologies is a Canadian IT services and cybersecurity company based in Ontario, Canada. We provide managed IT services, cybersecurity audits, and vulnerability assessments to small and mid-sized businesses across North America. We are building out our cybersecurity practice and looking for a skilled Penetration Tester based in India to join as our first dedicated security team member.
This is a ground-floor opportunity. You will be the sole pen tester delivering Network VAPT engagements for our clients. If the results are strong, we plan to scale the team around you.
Role Overview
You will independently plan, execute, and report on Network Vulnerability Assessment and Penetration Testing (VAPT) engagements for our clients. This includes external and internal infrastructure testing, from reconnaissance through exploitation through final report delivery.
You will work directly with the Managing Director and be responsible for the full VAPT lifecycle:
- Scoping engagements with the project lead
- Reconnaissance and information gathering
- Vulnerability identification using both automated and manual techniques
- Exploitation, privilege escalation, and data exfiltration (where in scope)
- Writing detailed technical reports with proof-of-concept screenshots, impact analysis, and remediation recommendations
- Retesting after client remediation to confirm fixes
Key Responsibilities
- Conduct Network VAPT (external and internal) following OSSTMM, PTES, and NIST frameworks
- Perform black-box, grey-box, and white-box penetration testing
- Identify and exploit vulnerabilities across network devices, servers, firewalls, routers, switches, and endpoints
- Test for common network vulnerabilities including but not limited to: SMB misconfigurations, anonymous FTP, default credentials, SNMP weaknesses, SSL/TLS issues (POODLE, Sweet32, RC4), and RPC vulnerabilities
- Produce clear, professional reports suitable for both technical and business audiences
- Communicate findings and remediation guidance to clients when required
- Maintain confidentiality of all client data and engagement details
Required Qualifications
- 3 to 5 years of hands-on penetration testing experience (not just vulnerability scanning)
- CEH (Certified Ethical Hacker) certification — minimum requirement
- Proficiency with: Nessus, Nmap, Metasploit, Burp Suite, SMBClient, RPCClient
- Strong understanding of TCP/IP, DNS, DHCP, SNMP, SMB, FTP, SSH, and common network protocols
- Ability to write detailed technical reports in clear, professional English with proof-of-concept documentation
- Experience working independently and managing your own timelines
Preferred Qualifications
- OSCP (Offensive Security Certified Professional) — strongly preferred
- Experience with web application penetration testing (OWASP Top 10)
- Familiarity with cloud security assessments (AWS or Azure)
- Experience with compliance frameworks: PIPEDA, SOC 2, ISO 27001, PCI-DSS, NIST CSF
- Previous experience working with international clients or remote teams
Tools You Should Know
Nessus, Nmap, Metasploit Framework, Burp Suite, Wireshark, SMBClient, RPCClient, Advanced IP Scanner, Nikto, Dirb/Gobuster, SQLMap, Hydra, John the Ripper
Work Arrangement
- Remote — based anywhere in India
- Monthly retainer (contractor) to start, with transition to full-time based on project volume
- Flexible hours with some overlap required during North American Eastern Time business hours for client coordination
- Reporting directly to the Managing Director
What We Offer
- Be the founding member of our cybersecurity delivery team
- Direct involvement in client engagements from day one — no bench time
- Clear growth path: as projects scale, you grow into a team lead role
- Work with North American clients on real-world security assessments
- Competitive compensation based on experience
To Apply
Send your resume along with:
1. One sample VAPT report you have authored (redacted for confidentiality)
2. List of certifications held
3. Your expected monthly compensation (INR)
Email: careers@cybernovatech.ca
Subject line: Penetration Tester Application — [Your Name]
Click on Apply to know more.