Application Security Expert
In JFrog, you will have the opportunity to build the future of DevOps for some of the most innovative and successful organizations in the world, including Netflix, Amazon, LinkedIn, Yahoo, Google, SalesForce, Cisco, EA, Spotify, Twitter, Oracle, VMware, and EMC. Beyond any specific perk, what we believe matters most is creating an open and positive work environment where everyone has a voice and everyone matters.
We are seeking an application security architect to join the Security Team at JFrog.
In this role, you will provide consulting services, assess existing architectures, and design and implement new ones. You will work closely with R&D and DevOps teams and be the focal point for identifying and solving complex security challenges. Candidates will have a vast knowledge of the security space, and firm experience in designing and building the technical components that address information security and risk management in both cloud and on-premise environments.
This is a hands-on job development-focused role with the goal of ensuring JFrog products adhere to the stringent security requirements of our thousands of customers.
- Improve the applications following your findings after conducting security assessments, architecture reviews, and threat modeling of the application stack
- Demonstrate excellent judgment in prioritizing security efforts to mitigate the appropriate risks
- Maintain good security hygiene in software development by working with Engineering teams
- Evaluate architecture, design, and code to ensure they are free from potential vulnerabilities and security risks
- Manage JFrog bug bounty program
- Continuously assess and challenge JFrog’s overall security posture to ensure optimal and up-to-date platform security in our products and systems
- Train and mentor R&D about security frameworks, testing, vulnerabilities, and best practices to ensure code compliance
- Improve processes, tools, and documentation that will support production security requirements
- Work with DevOps and QA to define security monitoring, alerting, and reporting to identify actionable security intelligence
- Coordinate external vulnerability scans and penetration testing, and review vendor quality and effectiveness
- Support security and compliance evaluations, including client security questionnaires, and document and implement remediation measures
- Evaluate new technologies and standards in the security domain
Desired Skills and Experience
- 4+ years of hands-on experience in a security engineering role
- Solid experience with designing and running secured applications with SSDLC, vulnerability tracking, logical access controls, identity management, data loss prevention, intrusion detection, WAF, API protection, and DDoS prevention technologies
- Experience with standard web application security tools such as BurpSuite.
- Strong understanding of common security attacks and their remediation
- Experience with identifying, tracking, and solving security vulnerabilities in Open Source components used as third-party dependencies
- Experience with cloud environments (AWS and GCP preferred)
- Knowledge of security incident response practices and a customer-oriented approach
- Excellent problem-solving skills and the ability to work independently with a strong sense of ownership
- “Ego-less” approach and a true passion to educate others and achieve continuous improvement