CareersGet in Touch
Back to Careers

Web and Infrastructure Penetration Tester

Tel AvivFull Time

We are

We are a cloud and security services company composed of technical experts with extensive hands-on experience. We act as trusted advisors to our clients, offering independent, objective and custom-tailored consultation. Our team is dedicated to helping customers through every stage of their cloud and cybersecurity journey, from strategic planning and design to implementation and ongoing operations.

About the position

We are seeking a skilled and motivated Penetration Tester with solid hands-on experience in web application, infrastructure, and mobile application security testing. The successful candidate will perform security assessments, identify vulnerabilities, and provide actionable recommendations to improve our security posture. You will work with development, operations, and security teams to support secure system design and remediation.

Responsibilities

  • Plan and execute penetration tests on web applications, networks, servers, cloud environments, APIs and mobile applications.
  • Conduct internal and external infrastructure testing including network services, host-based security, firewalls, VPNs, and segmentation.
  • Perform authenticated and unauthenticated web application assessments such as logic flaws, injection vulnerabilities, insecure authentication, and access control issues.
  • Test iOS and Android applications for common mobile security weaknesses.
  • Use manual testing techniques supported by industry tools to discover security weaknesses.
  • Produce high-quality, detailed, and accurate test reports with reproduction steps and risk-based remediation guidance.
  • Collaborate with stakeholders to scope engagements and define testing requirements.
  • Participate in threat modeling and security design reviews.
  • Stay current with emerging vulnerabilities, exploits, tools, and techniques.

Qualifications

  • 2+ years of experience performing hands-on penetration testing.
  • Proven experience testing web applications and infrastructure.
  • Penetration Testing certification required. OSCP or GPEN certification is an advantage.
  • Solid understanding of web technologies (HTTP, JavaScript, REST APIs) and mobile platforms.
  • Familiarity with secure coding practices and common frameworks.
  • Experience with common security testing tools such as Burp Suite, Nmap, Metasploit, OWASP ZAP, mobile testing tools, and vulnerability scanners.
  • Strong knowledge of vulnerability classes and exploit techniques.
  • Demonstrated ability to document findings clearly and communicate technical issues effectively.
  • Experience performing tests in compliance-driven environments such as finance, healthcare, or defense is a strong advantage.