Application Security Researcher - Pen Tester
At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us in our journey?
We are seeking an Application Security Researcher to join the Security Team at JFrog and be responsible for ensuring JFrog products adhere to the stringent security requirements of our thousands of customers.
In this role, you will run internal Penetration Tests on JFrog products and services, work with external researchers, and bug bounty programs. You will also provide consulting services, assess existing architectures, design and implement new ones and be the focal point for identifying and solving complex security challenges.
As an Application Security Researcher - Pen Tester in JFrog you will...
- Implement good security hygiene in software development by working with RnD Engineering teams
- Review code to ensure they are free from potential vulnerabilities and security risks.
- Execute internal Penetration Tests for JFrog products and services
- Continuously assess and challenge JFrog’s overall security posture to ensure optimal and up-to-date platform security in our products and systems
- Manage the mitigation of external vulnerability scans and penetration testing, and review vendor quality and effectiveness
- Triage the Bug Bounty Project reports and work with external researchers
To be an Application Security Researcher - Pen Tester in JFrog you need...
- 3+ years hands-on experience as a Web Pentester or Application Security Engineering role
- Strong understanding of common web application security attacks and their remediation
- Coding skills, preferably in Golang, Java, NodeJS
- Experience with cloud environments (AWS and GCP preferred). An Advantage
- Experience with microservices (Docker, K8S, Service Mesh). An Advantage
- A true passion for educating others and achieve continuous improvement