Application Security Architect
We are seeking an application security architect to join the Security Team at JFrog.
In this role, you will provide consulting services, assess existing architectures, and design and implement new ones. You will work closely with R&D and DevOps teams and be the focal point for identifying and solving complex security challenges. Candidates will have vast knowledge of the security space, and firm experience in designing and building the technical components that address information security and risk management in both cloud and on-premise environments.
This is a hands-on job development-focused role with the goal of ensuring JFrog products adhere to the stringent security requirements of our thousands of customers.
- Maintain good security hygiene in software development by working with Engineering teams
- Evaluate architecture, design and code to ensure they are free from potential vulnerabilities and security risks
- Manage JFrog bug bounty program
- Continuously assess and challenge JFrog’s overall security posture to ensure optimal and up-to-date platform security in our products and systems
- Train and mentor R&D about security frameworks, testing, vulnerabilities and best practices to ensure code compliance
- Improve processes, tools, and documentation that will support production security requirements
- Work with DevOps and QA to define security monitoring, alerting, and reporting to identify actionable security intelligence
- Coordinate external vulnerability scans and penetration testing, and review vendor quality and effectiveness
- Support security and compliance evaluations, including client security questionnaires, and document and implement remediation measures
- Evaluate new technologies and standards in the security domain
- 4+ years of hands-on experience in a security engineering role
- Solid experience with designing and running secured applications with: SSDLC, vulnerability tracking, logical access controls, identity management, data loss prevention, intrusion detection, WAF, API Protection and DDoS prevention technologies
- Strong understanding of common security attacks and their remediation
- Experience with identifying, tracking and solving security vulnerabilities in Open Source components used as third-party dependencies
- Experience with cloud environments (AWS and GCP preferred)
- Knowledge of security incident response practices and a customer-oriented approach
- Excellent problem solving skills and the ability to work independently with a strong sense of ownership
- “Ego-less” approach and a true passion to educate others and achieve continuous improvement