At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us in our journey?
We are looking for an experienced white hat vulnerability researcher to join the JFrog Security team to focus on researching cloud services and web applications. As a vulnerability researcher, you will perform research and penetration tests on proprietary/open-source software and real-world infrastructures. Research conclusions will be used to fuel the JFrog Xray security scanner and JFrog publications.
As part of the JFrog security team, you will be one step ahead of the industry as you encounter and tackle the latest and greatest vulnerabilities while providing valuable reports to allow our customers to protect themselves.
Here are some externally-published vulnerabilities that serve as inspiration for the research scope in this position:
Azure proprietary service RCE
- Azure proprietary service infoleak
- AWS Log4Shell privilege escalation
- Containerd breakout
As a Cloud Vulnerability Researcher in JFrog you will...
- Audit 1st and 3rd party software for vulnerabilities
- Help the open-source community by responsibly disclosing and providing patches to found issues
- Develop PoC exploits for zero-day and public software vulnerabilities
- Produce technical reports on zero-day issues and other security-related hot topics
To be a Cloud Vulnerability Researcher in JFrog you need...
- 3+ years with non-binary code exploitation (ex. Webapp or backend pentesting)
- 1+ year of experience performing binary code exploitation and reverse engineering
- Experience in writing technical documents
- Vulnerability research experience in the following languages: Python, Node.JS, - Golang, Java- An Advantage
- DevSecOps experience -An Advantage