Senior SecOps Engineer
At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us in our journey?
As a SecOps Engineer at JFrog, you will lead the response process regarding security threats facing the company. You will help further develop the Incident Response program that protects JFrog today and towards the future. We are looking for an experienced, highly motivated leader that embraces the opportunity to influence and evangelize security across the organization.
As a SecOps Engineer in JFrog you will...
- Drive key business KPIs
- Plan, design, build, and execute JFrog’s security engineering operations
- Perform incident triage and handling by determining scope, urgency, and potential impact thereafter identifying the specific vulnerability while recommending actions for expeditious remediation
- Partner with teams in the company to drive holistic and comprehensive fixes for systemic issues.
- Build and maintain the groups’ domain leadership with the latest technology trends related to DevSecOps Engineering
- Identify new security threats by conducting continuous monitoring, vulnerability assessments and log analysis
- Provide On-call security support as needed
To be a SecOps Engineer in JFrog you need...
- 5+ years of relevant industry experience in security, solid knowledge of information security principles and practices
- Proven experience with attack and mitigation methods in complex cloud environments (AWS/GCP/Azure)
- Proven experience with performing risk management and prioritization for leading remediation process for internal teams (e.g. SREs, DevOps, etc)
- Proven experience designing, tinkering and tailoring Vulnerability management, SaaS security posture/CASB, asset Management and device posture
- Proven experience in at least 4 of the following domains:
- Patch management
- Secure Access/Zero Trust + 802.1x
- Endpoint Protection - EDR
- Email Protection
- Security monitoring and analytics (e.g. ELK/Splunk)
- In-depth technical knowledge of IT operating systems and technologies, knowledge in securing containerized environments (Docker, K8s)
- Building security tools and processes using your preferable coding language (we mainly use Python or Go) for critical infrastructure protection, monitoring, and remediation