At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and security is a core part of our mission. Our team of industry-leading software security experts are true pioneers, constantly pushing the boundaries with original research and technology innovation. JFrog is a special place with a unique combination of brilliance, spirit and just all-around great people. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us in our journey?
We are looking for an experienced security researcher to join the team. As a researcher, you will perform security research on open and closed-source projects, both in web technologies and low-level technologies. Define how to find any detected security issues in an automated manner and occasionally develop code for that purpose and for internal research purposes.
As a Security Researcher in JFrog you will...
- Research binary images, which can range from low-level embedded firmwares to modern container images. Analyze the security posture of these images from all aspects (configuration, public vulnerabilities and zero-day vulnerabilities)
- Research for common pitfalls in 3rd-party software (high and low-level technologies)
- Define how to automatically find vulnerabilities and security issues, develop code and implement proof-of-concepts of automated vulnerability detection
- Create security/ threat analysis reports and other relevant customer and public-facing documentation on researched images
- Deliver concise technical research and insights to customers and other teams in order to improve JFrog's products and capabilities
- Implement proof-of-concepts for attacks on researched images
To be a Security Researcher in JFrog you need...
- 2+ years of experience with binary code analysis and reverse engineering
- 2+ years of programming experience in all of the following: C, Python
- Experience with Cloud Native and DevOps technologies - An advantage
- Experience with software exploitation and penetration testing - An advantage
- Experience with automation of binary analysis (ex. IDAPython) - An advantage