In JFrog, you will have the opportunity to build the future of DevOps for some of the most innovative and successful organizations in the world, including Netflix, Amazon, LinkedIn, Yahoo, Google, SalesForce, Cisco, EA, Spotify, Twitter, Oracle, VMware, and EMC. Beyond any specific perk, what we believe matters most is creating an open and positive work environment where everyone has a voice, and everyone matters.
SecOps Engineer is a hands-on role in a dynamic and fast-paced environment. In this role, you will lead the response to security threats facing the company. You will help further develop the incident response program that protects JFrog today and tomorrow. An ideal candidate is an experienced, highly motivated leader that embraces the opportunity to influence and evangelize security across the organization.
- Drive key business KPIs.
- Plan, design, build and execute JFrog’s security engineering operation
- Perform incident triage and handling by determining scope, urgency, and potential impact thereafter identifying the specific vulnerability and recommending actions for expeditious remediation
- Partner across the company to drive holistic and comprehensive fixes for systemic issues.
- Influence the vision and roadmap of JFrog Security.
- Build and maintain the groups’ domain leadership with the latest technology trends related to DevSecOps Engineering
- Identify new security threats by conducting continual monitoring, vulnerability assessments and log analysis
Desired Skills and Experience
- 5+ years of relevant industry experience in security, solid knowledge of information security principles and practices.
- Proven experience with incident response (IR), attacks and mitigation methods, with experience in a complex cloud environments (AWS/GCP/Azure)
- Build security tools and processes using Python or Go for critical infrastructure protection, monitoring and remediation.
- Proven experience with designing and implementing automations (e.g. SOAR) for incident response processes
- In-depth understanding & proven experience in security monitoring and analytics (ELK etc) and intrusion detection, Incident response, and forensics; Development of security tools, automation, or frameworks.
- In-depth technical knowledge of IT operating systems and technologies, knowledge in securing containerized environments (Docker, K8s)
- Experience of CI/CD and development pipeline technologies - An advantage
- Experience of IaaS (e.g. Terraform) - An advantage
- Excellent interpersonal skills, and effective written and verbal communication skills
- On-call security support as needed
- English as a 2nd language.