Security Researcher

At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and security is a core part of our mission. Our team of industry-leading software security experts are true pioneers, constantly pushing the boundaries with original research and technology innovation. JFrog is a special place with a unique combination of brilliance, spirit and just all-around great people. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us in our journey?

JFrog Security is one of the main pillars of the JFrog offering and long-term strategy. We are pushing the boundaries of security analysis of both binaries and code, shifting left and bringing new and exciting features to both developers and DevOps. We are looking for a Security Researcher to join the team. As a researcher, you will perform security research on open-source projects in both web and low-level technologies. You will define how to identify exploitable security issues in an automated manner and develop code for that purpose.

As a Security Researcher at JFrog you will...

• Research CVEs and 1-day vulnerabilities in various programming languages and ecosystems
• Define how to automatically find exploitable vulnerabilities & develop code that identifies the instances where a vulnerability is exploitable
• Perform security research on various open-source technologies, frameworks, and libraries
• Write technical reports regarding all research subjects mentioned above
  
  

• At least 3 years of experience as a Security Researcher
• Vulnerability research experience in any of the following languages: Python, Node.JS, Java, C
• Experience with code exploitation (for example, Penetration testing in backend environments or web applications, or binary exploitation)
• Programming experience in Python
• Experience in writing technical reports
• Experience in binary reverse engineering - an advantage
• DevOps experience - an advantage