Application Security Engineer

At JFrog, we're running the software that runs the world – and we want you along for the ride. JFrog is a special place with a unique combination of brilliance, spirit, and great people. Here, if you're willing to do more, your career can take off. And since software plays a central role in everyone's lives, you'll be part of a critical mission.

Thousands of customers, including the majority of Fortune 100 companies, trust JFrog to manage, accelerate, and secure their software delivery from code to production – a concept we call "liquid software." Wouldn't it be amazing if you could join us on our journey?

The JFrog CSO Office is seeking an Application Security Engineer. In this role, you will contribute to driving security across the SDLC at scale, empowering developers, and enabling secure development through automation, process, and tooling. You'll work as part of a team of security engineers focused on SSDLC automation, vulnerability management, and proactive engagement with R&D.

This is a hands-on technical role that combines architecture, coding, and collaboration, working closely with Product, Engineering, DevOps, and Security stakeholders.

As an Application Security Engineer at JFrog ML you will...
Assist in the development of internal security tools and AI agents
Support the design and implementation of SSDLC practices and automated security controls across the CI/CD pipeline
Contribute to building and operating scalable vulnerability management frameworks across cloud-native services and SaaS products
Integrate security into Agile and DevOps processes, including threat modeling, SAST, DAST, and SCA
Develop Internal application security Tools and Automations
Partner with development and DevOps teams to embed security early and often
Contribute to secure code reviews and assist with remediation strategies
Track, triage, and report vulnerabilities across product lines
Support the adoption of secure development best practices
To be an Application Security Engineer at JFrog, you need…
Experience in AppSec And Product Security
Deep Knowledge in Application security and Vulnerabilities.
Strong coding/scripting background (e.g., Python, Go, Java, JavaScript)
Hands-on experience with CI/CD pipelines, security tools, and DevSecOps practices
Familiarity with modern architectures (e.g., Cloud, microservices, containers, Kubernetes)
Understanding of software development processes and secure coding principles.
Strong communication and collaboration skills
Penetration testing knowledge is a plus