Application Security Team Lead

At JFrog, we’re ​​running the software that runs the world – and we want you along for the ride. JFrog is a special place with a unique combination of brilliance, spirit, and great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of a critical mission.Thousands of customers, including the majority of Fortune 100 companies, trust JFrog to manage, accelerate, and secure their software delivery from code to production – a concept we call “liquid software.” Wouldn't it be amazing if you could join us on our journey?

The JFrog CSO Office is seeking an Application Security Team Lead. In this role, you will manage an application security team that focuses on building and running tools to secure the JFrog application landscape at scale, as well as conducting vulnerability research. You will work closely with the R&D and DevOps teams and serve as the focal point for identifying and resolving complex security challenges. This is a hands-on Team Lead position, a development-focused role that ensures JFrog products adhere to the stringent security requirements of our thousands of customers.

As an Application Security Team Lead at JFrog, you will…

• Build, lead, and mentor a team of AppSec Engineers
• Lead the development of Internal Security tools and AI agents
• Design and implement SSDLC practices and automated security controls across the CI/CD pipeline
• Build and operate scalable vulnerability management frameworks across cloud-native services and SaaS products
• Integrate security into Agile and DevOps processes, including threat modeling, SAST, DAST, and SCA
• Partner with development and DevOps teams to embed security early and often
• Contribute to secure code reviews and assist with remediation strategies
• Track, triage, and report vulnerabilities across product lines
• Provide technical leadership and drive adoption of secure development best practices
• Define and measure AppSec KPIs and drive continuous improvement

To be an Application Security Team Lead at JFrog, you need…

• Proven experience leading AppSec or Product Security teams
• Deep Knowledge in Application Security and Vulnerabilities
• Strong coding/scripting background (e.g., Python, Go, Java, JavaScript)
• Hands-on experience with CI/CD pipelines, security tools, and DevSecOps practices
• Familiarity with modern architectures (e.g., Cloud, microservices, containers, Kubernetes)
• Deep understanding of software development processes and secure coding principles
• Penetration testing knowledge is a plus
• Strong communication and collaboration skills