Sokol Çavdarbasha
Offensive Security Researcher
Peja
Summary
Penetration Tester with 5+ years of hands-on experience in offensive security, specializing in web application and infrastructure testing. Proven track record reporting critical vulnerabilities to Google, Microsoft, BMW Group, American Express and other fortune 500 companies. Ranked in the Top 10 on BMW Group's bug bounty leaderboard. Skilled in real-world attack simulations, IDOR, RCE, and Active Directory exploitation. Strong in writing clear, actionable reports for technical and non-technical team.
Overview
5
5
years of professional experience
2025
2025
years of post-secondary education
4
4
Certifications
2
2
Languages
Work History
Cybersecurity Engineer
Beriflapp
09.2023 - Current
- Conduct comprehensive security audits to identify vulnerabilities across client infrastructures
- Implement and optimize security protocols to safeguard sensitive data
- Collaborate with cross-functional teams to ensure compliance with industry standards
- Delivered staff training sessions on best practices for maintaining digital security and phishing attempts.
- Monitored network traffic for suspicious activity, employing advanced tools for real-time threat detection.
- Tested security incident response playbooks to verify best practices in issue identification and solution delivery.
- Oversaw penetration testing projects to evaluate the effectiveness of security measures and identify improvement areas.
- Used ethical hacking techniques to identify potential entry points for cyber threats.
- Contributed to the creation of security awareness, promoting a culture of cyber resilience.
- Led vulnerability assessment projects, critical issues for immediate resolution.
- Managed security assessments for cloud-based services, ensuring compliance with industry standards.
- Sustained optimal sender score on two IPs, enhancing inbox delivery and corresponding metrics while improving delivery metrics from 45% to 78%.
Security Researcher
Intigriti
03.2022 - Current
- Used a variety of penetration testing tools and software, including N map, and Burp Suite, to conduct thorough assessments.
- Collaborated with IT teams to remediate vulnerabilities, enhancing overall network and system security.
- Conducted comprehensive vulnerability assessments and penetration testing to identify security weaknesses within IT infrastructure.
- Facilitated risk assessment processes, quantifying potential impacts and issues based on severity.
- Found a critical vulnerability that could expose 120.000 users personal informations.
Security Researcher
HackerOne
03.2020 - Current
- Discovered and reported critical vulnerabilities, preventing potential breaches in systems of Fortune 500 companies
- Delivered detailed reports with actionable remediation plans, ensuring rapid resolution of security gaps
- Achieved public acknowledgments from organizations like Microsoft, Google, and Starbucks for exceptional work
- Collaborated with IT teams to remediate vulnerabilities, enhancing overall network and system security.
- Utilised a variety of penetration testing tools and software, including Metasploit, Nmap, and Burp Suite, to conduct thorough assessments.
- Conducted comprehensive vulnerability assessments and penetration testing to identify security weaknesses within IT infrastructure.
- Worked closely with developers to integrate security measures into the software development lifecycle, reducing potential vulnerabilities.
Education
Bachelor's - Cybersecurity, Computer and Information Sciences
AAB College
Prishtina09.2024
Skills
Penetration Testing
Ethical Hacking
Application Security
Web Application Security
Vulnerability Scanning
Exploitation
Nmap
Burp Suite
OWASP Top 10
Secure Coding Practices
Strong Communication
Technical Reporting
Critical thinking skills
Security awareness
Scripting languages
Attention to Detail
Reporting and presentation
Web application testing
JavaScript knowledge
Certification
Cybersecurity Engineer Certificate (Beriflapp)
Accomplishments
- Microsoft, Discovered an unrestricted file upload vulnerability leading to stored XSS, https://medium.com/@cavdarbashas/unrestricted-file-upload-lead-to-stored-xss-at-microsoft-main-domain-baa9cadac6bd
- Google, Identified and reported a stored XSS vulnerability in Google Books, https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36
- Acknowledgments from Microsoft, Google, Red Hat, BMW Group, AmericanExpress, Disney, Toyota, Sony, IBM, LinkeDin, Starbucks for improving security infrastructure.
Languages
English - C1
Albanian - Fluent
Timeline
OSCP (Offensive Security Certified Professional) - In progress, exam planned for Dec 2025
12-2025
Cybersecurity Engineer
Beriflapp
09.2023 - Current
Security Researcher
Intigriti
03.2022 - Current
Security Researcher
HackerOne
03.2020 - Current
Bachelor's - Cybersecurity, Computer and Information Sciences
AAB College
Similar Profiles
Saud AlessaSaud Alessa
Cybersecurity Engineer at Edarat GroupCybersecurity Engineer at Edarat Group
Manuel Enrique ColottiManuel Enrique Colotti
Cybersecurity Engineer at Airbus Defense And SpaceCybersecurity Engineer at Airbus Defense And Space
Jessica DuncanJessica Duncan
Cybersecurity Engineer at Nikola CorporationCybersecurity Engineer at Nikola Corporation
Razvan NituRazvan Nitu
Senior Information Security Engineer at Orange ServicesSenior Information Security Engineer at Orange Services
Namsad ArshaqueNamsad Arshaque
FRONT-END DEVELOPMENT DOMAIN INTERN at FRESTON ANALYTICSFRONT-END DEVELOPMENT DOMAIN INTERN at FRESTON ANALYTICS