PT (24687)

Who Are We?

Yael Group is a leading group of companies providing advanced technological solutions across a wide range of industries to organizations in all sectors of the economy.

Job Description

:Yael Cyber, the Cyber Division of Yael Group, is looking for a Penetration Tester (Infrastructure & Application Security) to join our team of experts

!This is an exciting opportunity to lead complex and challenging projects across infrastructure, application security, and cloud environments. Join a dynamic, technology-driven environment and make a real impact on organizational cyber resilience

.Responsibilities

• :Perform comprehensive penetration testing engagements across both infrastructure and application environments, including Web, API, and Mobile platforms
• .Lead and conduct security assessments and architecture/design reviews for the bank’s core systems
• .Identify vulnerabilities and perform security assessments in complex cloud environments (AWS, Azure) and hybrid infrastructures
• .Assess, attack, analyze, and evaluate the resilience of Identity and Access Management (IAM) systems, with a strong focus on Active Directory and Entra ID
• .Analyze findings and communicate insights to IT teams, developers, management, and regulatory stakeholders in a clear and business-oriented manner
• .Develop mitigation plans to address security gaps and work closely with infrastructure, networking, and development teams to implement remediation measures
• .Provide expert guidance and recommendations to improve the organization’s overall security posture

.Requirements

• :Proven hands-on experience conducting both infrastructure (On-Premises) and application penetration testing engagements
• .Strong knowledge of penetration testing methodologies, security assessments, and threat modeling frameworks for networks and operating systems, such as MITRE ATT&CK, PTES, OSSTMM, and NIST
• .Deep expertise in application security testing based on leading industry standards and methodologies, including OWASP Top 10, OWASP ASVS, OWASP WSTG, and SANS CWE Top 25
• .Extensive experience in attacking, analyzing, securing, and hardening Active Directory and Entra ID environments
• .Practical experience identifying vulnerabilities, misconfigurations, and security risks within AWS and Azure cloud environments
• .Strong system-wide perspective and experience conducting comprehensive infrastructure security assessments
• .Excellent analytical, communication, and stakeholder-management skills

.Advantages

• :Previous experience working in banking environments or large-scale financial enterprise organizations
• .Relevant professional certifications such as OSCP, OSEP, or AWS/Azure cloud security certifications