Offensive Security Manager - AppSec
At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us in our journey?
We are looking for an Offensive Security Manager to join the CSO Office at JFrog and be responsible for ensuring JFrog products adhere to the stringent security requirements of our thousands of customers.
In this role, you will lead internal Penetration Tests on JFrog products, work with external researchers and bug bounty programs. You will also provide consulting services, design and implement new architectures and assess existing ones and be the focal point for identifying and solving complex security challenges.
As an Offensive Security Manager in JFrog you will...
- Lead the internal Penetration Tests program for JFrog products and services
- Implement security hygiene in software development by working closely to our RnD Engineering teams
- Continuously assess and challenge JFrog’s overall security posture to ensure optimal and up-to-date platform security in our products and systems
- Manage the mitigation of multi products vulnerability scans, penetration testing programs findings, and review vendors quality and effectiveness
- Manage JFrog bug bounty programs
- Perform code review to ensure it’s free of potential vulnerabilities and security risks.
To be an Appsec Offensive Security Manager in JFrog you need...
- 3+ years hands-on experience as a Web Pentester
- Experience as an Engineering/Team Leader in an industrial company or hitech company/Start-Up
- Strong understanding of common web application security attacks and their remediation
- Strong coding skills, preferably in Golang, Java or NodeJS - Mandatory
- Deep understanding of DevOps/CICD environments, attack vectors and mitigating controls. Familiarity with Docker/Kubernetes
- Experience with cloud environments (AWS and GCP preferred) and microservices (Docker, K8S, Service Mesh) - An Advantage