Application & Infrastructure Security Consultant (24687)

Who we are:

Yael Group is a leading technology solutions provider in the Israeli market, delivering advanced and innovative IT services to organizations across diverse industries.

Job Description:

• Performing comprehensive penetration testing – combined infrastructure and application (Web, API, Mobile).

• Leading and conducting security assessments and infrastructure reviews (Architecture & Design Reviews) for the bank’s core systems.

• Identifying vulnerabilities and conducting assessments in complex cloud environments (AWS, Azure) and hybrid environments.

• Attacking, analyzing, and assessing the resilience of identity and access management systems, with a focus on Active Directory and Entra ID.

• Analyzing findings and communicating insights to IT teams, development teams, managers, and regulatory bodies – in a clear and precise manner while understanding the business impact.

• Building mitigation plans to address security gaps and working closely with infrastructure, networking, and development teams in the bank to implement them.

Job Requirements:

• Proven hands-on experience in performing both infrastructure (On-Prem) and application penetration testing.

• Proficiency in attack methodologies, assessments, and threat modeling for network infrastructures and operating systems (such as: MITRE ATT&CK, PTES, OSSTMM, NIST).

• In-depth knowledge in application security testing based on leading global methodologies and standards (such as: OWASP Top 10, OWASP ASVS / WSTG, and SANS CWE Top 25).

• Deep experience and knowledge in attacking, analyzing, and hardening Active Directory and Entra ID environments.

• Practical experience in identifying vulnerabilities, misconfigurations, and conducting assessments in cloud environments (AWS, Azure).

• Strong system-level perspective and experience conducting comprehensive infrastructure assessments.

• Advantage: Prior familiarity with banking environments or complex financial enterprise organizations.

• Advantage: Relevant professional certifications (such as OSCP, OSEP, or AWS/Azure cloud certifications).