Web Penetration Tester

At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us in our journey?

We are looking for an experienced white hat penetration tester / security researcher to join the JFrog Security team to focus on researching web applications and cloud services. As a web penetration tester, you will perform research and penetration tests on proprietary software, open-source software and real-world infrastructures. Research conclusions will be used to fuel the JFrog Xray security scanner and JFrog publications. As part of the JFrog security team, you will be one step ahead of the industry as you encounter and tackle the latest and greatest vulnerabilities while providing valuable reports to allow our customers to protect themselves. Here are some externally-published vulnerabilities that serve as inspiration for the research scope in this position:

• Azure proprietary service RCE

• Azure proprietary service infoleak
• AWS Log4Shell privilege escalation
• Containerd breakout

 As a Web Penetration Tester in JFrog you will... 

• Audit 1st and 3rd party software for vulnerabilities
• Help the open-source community by responsibly disclosing and providing patches to found issues
• Develop PoC exploits for zero-day and public software vulnerabilities
• Produce technical reports on zero-day issues and other security-related hot topics

 To be a Web Penetration Tester Researcher in JFrog you need... 

• 3+ years with non-binary code exploitation (ex. Webapp or backend pentesting)
• Vulnerability research experience in any of the following languages: Python, Node.JS, Golang, Java
• Experience in writing technical documents
• Advantage - 1+ year of experience performing binary code exploitation and reverse engineering
• Advantage - DevSecOps experience