** Open to remote within the East Coast only**
At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us in our journey?
As the Incident Response Lead, you will be the captain of the front-line defense. You won't just respond to threats; you will build the team and the infrastructure that detects them before they happen. You will lead a group of high-performing engineers to mature our Incident Response program, automate security operations, and partner with R&D and DevOps to ensure our "liquid software" remains secure.
As a Incident Response Lead in JFrog you will...
-
Incident Commander: Act as the primary escalation point for high-priority security incidents, leading the triage, containment, and post-mortem processes.
-
Drive Automation: Champion "Security as Code" by leading the development of internal tools (Python/Go) to automate monitoring and remediation.
-
Cross-Functional Partnership: Collaborate with SRE, DevOps, and Product teams to drive holistic fixes for systemic architectural vulnerabilities.
-
Evangelize Security: Build a culture of security across the organization through training, documentation, and proactive risk management.
To be a Incident Response Lead in JFrog you need...
-
Deep Technical Roots: 7+ years of industry experience in IR with a focus on Information Security principles.
-
Cloud Mastery: Proven expertise in attack and mitigation methods within complex AWS, GCP, or Azure environments.
-
Incident Response Prowess: Extensive experience in risk prioritization and managing the lifecycle of security incidents in a global production environment.
-
Technical Breadth: Mastery in at least 5 of the following:
- Endpoint Protection (EDR/XDR) & Zero Trust architecture.