PT (24687)

Who Are We? Yael Group is a leading group of companies providing advanced technological solutions across a wide range of industries to organizations in all sectors of the economy. Job Description :Yael Cybe r, the Cyber Division of Yael Group, is looking for a Penetration Tester (Infrastructure & Application Security ) to join our team of experts !This is an exciting opportunity to lead complex and challenging projects across infrastructure, application security, and cloud environments. Join a dynamic, technology-driven environment and make a real impact on organizational cyber resilience .Responsibilities :Perform comprehensive penetration testing engagements across both infrastructure and application environments, including Web, API, and Mobile platforms .Lead and conduct security assessments and architecture/design reviews for the bank’s core systems .Identify vulnerabilities and perform security assessments in complex cloud environments (AWS, Azure) and hybrid infrastructures .Assess, attack, analyze, and evaluate the resilience of Identity and Access Management (IAM) systems, with a strong focus on Active Directory and Entra ID .Analyze findings and communicate insights to IT teams, developers, management, and regulatory stakeholders in a clear and business-oriented manner .Develop mitigation plans to address security gaps and work closely with infrastructure, networking, and development teams to implement remediation measures .Provide expert guidance and recommendations to improve the organization’s overall security posture .Requirements :Proven hands-on experience conducting both infrastructure (On-Premises) and application penetration testing engagements .Strong knowledge of penetration testing methodologies, security assessments, and threat modeling frameworks for networks and operating systems, such as MITRE ATT&CK, PTES, OSSTMM, and NIST .Deep expertise in application security testing based on leading industry standards and methodologies, including OWASP Top 10, OWASP ASVS, OWASP WSTG, and SANS CWE Top 25 .Extensive experience in attacking, analyzing, securing, and hardening Active Directory and Entra ID environments .Practical experience identifying vulnerabilities, misconfigurations, and security risks within AWS and Azure cloud environments .Strong system-wide perspective and experience conducting comprehensive infrastructure security assessments .Excellent analytical, communication, and stakeholder-management skills .Advantages :Previous experience working in banking environments or large-scale financial enterprise organizations .Relevant professional certifications such as OSCP, OSEP, or AWS/Azure cloud security certifications .