Code Security Analyst

At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and security is a core part of our mission. Our team of industry-leading software security experts are true pioneers, constantly pushing the boundaries with original research and technology innovation. JFrog is a special place with a unique combination of brilliance, spirit and just all-around great people. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software”. Wouldn't it be amazing if you could join us on our journey?

JFrog Security is one of the main pillars of the JFrog offering and long-term strategy. We are pushing the boundaries of security analysis of both binaries and code, shifting left and bringing new and exciting features to both developers and DevOps. We are looking for a Code Security Analyst to join the team. As a Code Security Analyst, you will be part of the effort to develop advanced tools that analyze customers’ source code to locate security vulnerabilities.

As a Code Security Analyst at JFrog you will…

• Be a part of the team developing advanced code analysis tools
• Teach the tools we develop to catch security vulnerabilities in our customers’ source code
• Research security requirements and implement their definitions in our platform
• Develop and maintain tools for handling and analyzing the data related to code security analysis
• Extract insights from data, and leverage them for further improvement of our approach and processes
• Stay up-to-date with the latest security trends, vulnerabilities, and mitigation techniques
  
  

• To be motivated, curious and persistent
• Strong analytical and problem-solving skills with a willingness to learn and adapt
• Great communication skills
• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• Proficiency in Python
• Basic understanding of common software security vulnerabilities
• Proficiency in a number of different programming languages - an advantage
• Proficiency in secure coding practices, solid understanding of software security - an advantage
• Hands-on experience with SAST tools (e.g., Checkmarx, SonarQube, CodeQL) - an advantage
• Familiarity with AI tools - an advantage