Security Research Team Lead

At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate – and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production – a concept we call “liquid software.” Wouldn't it be amazing if you could join us on our journey?

JFrog Security is one of the main pillars of the JFrog offering and long-term strategy. We are pushing the boundaries of security analysis for both binaries and code, shifting left and bringing new and exciting features to both developers and DevOps. We are looking for a Security Researcher to lead our research team. As a research team lead, you will perform security research on open-source projects in both web and low-level technologies, define how to identify exploitable security issues in an automated manner and develop code for that purpose, publish your findings on new vulnerabilities, and manage a team of highly-trained researchers.

As a Security Research Team Lead at JFrog you will... 

• Research CVEs and one-day vulnerabilities from various coding languages and technologies, including PoC development
• Define how to find exploitable vulnerabilities automatically & develop code that identifies the instances where a vulnerability is exploitable
• Perform security research on various open-source technologies, frameworks, and libraries
• Publish your findings about the research subjects mentioned above

To be a Security Research Team Lead at JFrog you need...

• Vulnerability research experience in any of the following languages: Python, Node.js, Java, C, Go
• 2+ years of code exploitation experience (ex. penetration testing in backend environments or web applications or binary exploitation)
• 1+ years of team leading experience
• 3+ years of Python programming experience
• Experience in writing technical reports
• Advantage – experience in binary reverse engineering

To learn more about the activities of our Security Research team, please visit the links below: 

• https://jfrog.com/blog/cve-2025-29927-next-js-authorization-bypass/
• https://jfrog.com/blog/curl-and-libcurl-uaf-cve-2024-6197/
• https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/ (Found in the team while analyzing an incomplete CVE fix)
• https://jfrog.com/blog/cups-attack-zero-day-vulnerability-all-you-need-to-know/
• https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/