Senior Application Security Researcher

At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit, and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us on our journey?

The JFrog CSO Security team is looking for a Senior Application Security Researcher. In this role, you will perform vulnerability research, assess existing architectures, and build and run tools to secure the JFrog application landscape at scale. You will work closely with R&D and DevOps teams and be the focal point for identifying and solving complex security challenges. This is a hands-on, development-focused role with the goal of ensuring JFrog products adhere to the stringent security requirements of our thousands of customers.

As a Senior Application Security Researcher at JFrog you will…

• Continuously assess and challenge JFrog’s overall security posture to ensure optimal and up-to-date platform security in our products and systems
• Evaluate architecture, design, and code to ensure they are free from potential vulnerabilities and security risks
• Train and mentor developers about security frameworks, testing, vulnerabilities, and best practices to ensure code compliance
• Evaluate new technologies and standards in the application security domain
• Plan and lead cross-company efforts with the R&D that will improve JFrog’s security posture
  
  

To be a Senior Application Security Researcher at JFrog you need…

• 4+ years of hands-on experience in an application security role
• Experience with Web Penetration Testing (Hands On) - Mandatory
• Strong coding skills, preferably in Java, Golang, and JavaScript - Mandatory
• Experience with cloud environments - an advantage
• Experience with microservices (Docker, K8S, Service Mesh) - an advantage
• Excellent problem-solving skills and the ability to work independently with a strong sense of ownership
• Good communication skills and a true passion to educate others and achieve continuous improvement