innovate — and security is a core part of our mission. Our team of industry-
leading software security experts are true pioneers, constantly pushing the
boundaries with original research and technology innovation. JFrog is a
special place with a unique combination of brilliance, spirit and just all-
around great people. Thousands of customers, including the majority of the
Fortune 100, trust JFrog to manage, accelerate, and secure their software
delivery from code to production — a concept we call “liquid software.”
Wouldn't it be amazing if you could join us in our journey?
We are looking for an experienced security researcher to join the team. As a
researcher, you will perform security research on open and closed-source
projects, both in web technologies and low-level technologies. Define how to
find any detected security issues in an automated manner and occasionally
develop code for that purpose and for internal research purposes.
As a Security Researcher in JFrog you will…
* Research binary images, which can range from low-level embedded firmwares to modern container images. Analyze the security posture of these images from all aspects (configuration, public vulnerabilities and zero-day vulnerabilities)
* Research for common pitfalls in 3rd-party software (high and low-level technologies)
* Define how to automatically find vulnerabilities and security issues, develop code and implement proof-of-concepts of automated vulnerability detection
* Create security/ threat analysis reports and other relevant customer and public-facing documentation on researched images
* Deliver concise technical research and insights to customers and other teams in order to improve JFrog's products and capabilities
* Implement proof-of-concepts for attacks on researched images
To be a Security Researcher in JFrog you need…
* 2+ years of experience with binary code analysis and reverse engineering
* 2+ years of programming experience in all of the following: C, Python
* Experience with Cloud Native and DevOps technologies – An advantage
* Experience with software exploitation and penetration testing – An advantage
* Experience with automation of binary analysis (ex. IDAPython) – An advantage