We’re running the software that runs the world – and we want you along for the ride. The company is a special place with a unique combination of brilliance, spirit, and great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of a critical mission.
In this role, you will work with a team of researchers and ethical hackers focused on offensive security testing, automated exploit discovery, and advanced application security research. Your work will directly influence the security posture of the company's products and help scale secure-by-design principles.
This is a hands-on technical role with a strong emphasis on offensive security, code exploitation, automation, and innovation.
Responsibilities:
• Help to reshape JFrog Product Security
• Plan and execute advanced penetration testing campaigns.
• Develop tools and frameworks for scalable security testing and fuzzing.
• Lead Security innovation by building and managing penetration testing tools \ AI Agents
• Analyze vulnerabilities, perform root cause analysis, and develop proofs of concept.
• Identify systemic product weaknesses and help define long-term mitigations.
• Collaborate with engineering teams to reproduce, triage, and fix vulnerabilities.
• Contribute to security research publications, CVE submissions, and industry knowledge sharing.
• Continuously evolve internal testing capabilities using modern tooling and AI-assisted approaches.
• 4+ year experience in Research and penetration testing.
• Strong coding skills and deep technical understanding of web, API, cloud-native, and backend technologies.
• AI and LLM Penetration testing knowldge and Experience
• Experience with penetration testing tools (Burp Suite, Metasploit, etc.) and Custom Security Tools development.
• Familiarity with modern architectures (e.g., Cloud, microservices, containers, Kubernetes).
• Familiarity with secure software architecture and typical attack vectors.
• Demonstrated ability to do security testing engagements and report technical findings effectively.
• Experience building or integrating automated PT or fuzzing pipelines is a strong advantage.
• Knowledge and hands-on experience with SSDLC tools and CI/CD pipelines,
Copyright © 2026 Grabjobs Pte.Ltd. All Rights Reserved.