Cloud SecOps & IR Engineer

At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including 75% of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us on our journey?

As a Cloud SecOps and IR Engineer at JFrog, you will lead the response process regarding security threats facing the company. You will help further develop the Incident Response program that protects JFrog today and in the future. We are looking for an experienced, highly motivated leader who embraces the opportunity to influence and evangelize security across the organization.

As a Cloud SecOps & IR Engineer in JFrog, you will... 

• Drive key business KPIs
• Plan, design, build, and execute JFrog’s security engineering operations
• Perform incident triage and handling by determining scope, urgency, and potential impact thereafter identifying the specific vulnerability while recommending actions for quick remediation
• Partner with teams in the company to drive holistic and comprehensive fixes for systemic issues
• Build and maintain the groups’ domain leadership with the latest technology trends related to DevSecOps Engineering 
• Identify new security threats by conducting continuous monitoring, vulnerability assessments, and log analysis
• Provide on-call security support as needed

To be a Cloud SecOps & IR Engineer in JFrog you need...

• 5+ years of relevant industry experience in security, solid knowledge of information security principles and practices
• Proven experience with attack and mitigation methods in complex cloud environments (AWS/GCP/Azure)
• Proven experience with performing risk management and prioritization for leading remediation processes for internal teams (e.g. SREs, DevOps, etc.)
• Proven experience designing, tinkering, and tailoring vulnerability management,  SaaS security posture/CASB, asset management, and device posture platforms
• Proven experience in at least 4 of the following domains: Patch management, SSO/SAML, Secure Access/Zero Trust + 802.1x, Endpoint Protection - EDR \ XDR, IDM/IAM, Email Protection, Security monitoring and analytics (e.g. ELK/Splunk)
• In-depth technical knowledge of IT operating systems and technologies, knowledge in securing containerized environments (Docker, K8s)
• Building security tools and processes using your preferred coding language (we mainly use Python or Go) for critical infrastructure protection, monitoring, and remediation