דרושים » אבטחת מידע וסייבר » חברה הממוקמת במרכז הארץ מחפשת מומחה בדיקות חדירה (Penetration Testing) מנוסה להצטרף לצוות שלה

Our Advanced Security Center is a global leader in information security services. As part of Ernst & Young's worldwide network, we are in Tel Aviv. Among our clients, you will find global companies, US governments, technology companies, financial institutions, utility companies, blue-chip firms, and many others.

Our employees are at the forefront of the information security field, with best practices in penetration testing, thorough research, homegrown tools, and more.
We provide an extensive training program that enables programmers, infrastructure, and network engineers to transition into the security profession and develop a long-lasting career path.

Job Description:
The work involves simulating attack scenarios against various applications, infrastructure, and network solutions on a wide range of platforms and technologies.
In addition to penetration testing and forensic services, we also offer consulting services, secure design and development services, and training.

We are looking for a senior web Penetration Tester to join our team. You need to be independent, attentive to details, organized, eager to learn new things, and like to research and solve problems.

Requirements:
At least 4+ years of experience in web penetration testing or bug hunting.
Strong hands-on knowledge of tools used for penetration testing and network analysis.
Experience with application security analysis including reverse engineering and API penetration testing.
Experience with static analysis of Android and Windows application using tools such as JADX and IDA Pro.
Experience with dynamic analysis tools (x64DBG, Frida, etc.).
Experience writing scripts and tools using Python.

Conduct penetration testing on applications and network environments to identify vulnerabilities and security gaps.
Develop and document testing plans and penetration test reports with clear findings and recommendations.
Perform reconnaissance and network surveys to assess target environments.
Research security tools, exploits, and emerging threats, contributing to blogs and knowledge-sharing initiatives.
Analyze vulnerabilities, exploit weaknesses, and escalate access where applicable.
Assist in malware analysis and breach investigations to support incident response efforts.
Stay up to date with the latest attack techniques, tools, countermeasures, and technologies.
Mentor new team members and contribute to the development of tools, templates, and methodologies for penetration testing.

We're seeking innovative cybersecurity professionals to lead our advanced threat assessment program. In this role, you'll spearhead continuous internal security evaluations and coordinate with elite external partners to execute comprehensive penetration testing strategies. Your expertise will be crucial in identifying potential vulnerabilities and guiding both internal and external teams to explore the full spectrum of our attack surface. This position requires a deep understanding of application security offensive security techniques, coupled with the ability to strategically direct resources for maximum impact. Ideal candidates will possess a passion for uncovering system weaknesses, a talent for thinking like an adversary, and the skills to translate technical findings into actionable intelligence. Join us in crafting a robust, proactive security posture that stays ahead of emerging threats and keeps our defenses at the cutting edge of cybersecurity.
The successful candidate will thrive in a fast-paced environment where energy, drive, and a collaborative approach are key to success. And of course, a passion for bug hunting.
Your Impact
Conduct penetration tests against our products including appliances, applications, cloud services, and APIs
Engage with business owners in pre-engagement activities including scope definition, environment setup and scheduling
Prepare and deliver technical reports to business owners and InfoSec partners
Assist, as a subject matter expert, in remediation planning and execution
Perform security assessments, root-cause analysis and corrective measures as required
Occasionally plan and manage engagements to be executed by external partners when needed
Assist in the management of application security programs like continuous scanning, bug bounty, secure development lifecycle and others
Stay current on exploitation and post-exploitation techniques and incorporate them into the penetration testing arsenalunting.

We are looking for an experienced Vulnerability Researcher to lead our world-class vulnerability research team.
As a Vulnerability Researcher Team Lead, you will perform research and responsible disclosure on the latest open-source software, working with your team to find flaws in the most popular components today. The position requires proven experience in vulnerability research, both on web applications and native applications.
As a Vulnerability Researcher Team Lead you will...
Research zero-day vulnerabilities in open-source projects and popular web applications
Manage a team of senior researchers, setting the teams research targets and methodologies
Manage the coordinated disclosure process for vulnerabilities identified by the team
Write & review technical blogposts for vulnerabilities identified by the team
Speak in the most important global security conferences about vulnerabilities identified by the team.

We are looking for a Threat Detection Engineer.
This role combines a blend of skill sets including security operations & incident response, data analytics, risk management, software development, and threat research. If you enjoy researching cloud security issues and developing detection content as code, all in a fast-paced environment with broad collaboration across a diverse team, this role is for you.