Senior Application Security Engineer

At JFrog, we’re running the software that runs the world – and we want you along for the ride. JFrog is a special place with a unique combination of brilliance, spirit, and great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of a critical mission. Thousands of customers, including the majority of Fortune 100 companies, trust JFrog to manage, accelerate, and secure their software delivery from code to production – a concept we call “liquid software.” Wouldn't it be amazing if you could join us on our journey?

The JFrog CSO Office is seeking an Application Security Engineer. In this role, you will contribute to driving security across the SDLC at scale, empowering developers, and enabling secure development through automation, process, and tooling. You’ll work as part of a team of security engineers focused on SSDLC automation, vulnerability management, and proactive engagement with R&D. This is a hands-on technical role that combines architecture, coding, and collaboration, working closely with Product, Engineering, DevOps, and Security stakeholders.

As an Application Security Engineer at JFrog you will...

• Assist in the development of internal security tools and AI agents
• Support the design and implementation of SSDLC practices and automated security controls across the CI/CD pipeline
• Contribute to building and operating scalable vulnerability management frameworks across cloud-native services and SaaS products
• Integrate security into Agile and DevOps processes, including threat modeling, SAST, DAST, and SCA
• Develop Internal application security Tools and Automations
• Partner with development and DevOps teams to embed security early and often
• Contribute to secure code reviews and assist with remediation strategies
• Track, triage, and report vulnerabilities across product lines
• Support the adoption of secure development best practices
  
  

• Experience in AppSec And Product Security
• Deep Knowledge in Application security and Vulnerabilities.
• Strong coding/scripting background (e.g., Python, Go, Java, JavaScript)
• Hands-on experience with CI/CD pipelines, security tools, and DevSecOps practices
• Familiarity with modern architectures (e.g., Cloud, microservices, containers, Kubernetes)
• Understanding of software development processes and secure coding principles.
• Strong communication and collaboration skills
• Penetration testing knowledge is a plus
• Familiarity with machine learning and AI concepts applied to security (e.g., anomaly detection, predictive analytics) is a strong advantage