** Open to remote within the PST & EST time zone** At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us in our journey? As a Security Solution Architect at JFrog, you will be a high-impact technical practitioner and the definitive domain expert in Application Security (AppSec) and software supply chain security. You are a strategic "force multiplier" for our Strategic customers’ Solutions Engineering organization, leveraging deep technical roots to bridge the gap between developer-centric workflows, IT security teams, and executive risk management. You will serve as the technical authority that internal teams and external customers "pull" into their most complex and critical security opportunities. As a Security Solution Architect in JFrog you will... - Architect Enterprise Application Security: Lead the design of high-level , enterprise-grade DevSecOps architectures, ensuring JFrog’s security capabilities provide a "Future State" blueprint for our most strategic customers. - Provide product in-depth Leadership: Serve as the primary technical authority for deep-dive customer sessions, demonstrating "under-the-hood" knowledge of application security, binary-level analysis, ML/AI security, and the intricacies of the modern software supply chain. - Drive Executive & Technical Command: Navigate seamlessly between deep-dive technical remediation whiteboarding with Security Engineers and high-level strategic ROI and value presentations for CISOs, security & engineering leaders. - Lead the Field-to-Product Innovation Loop: Systematically capture field use cases and technical gaps to work closely with Product and Engineering, ensuring our roadmap evolves based on real-world enterprise data. - Execute Competitive Strategy: Lead & master the technical displacement of legacy and modern AppSec players by developing "Win Themes" that highlight JFrog’s unique ability to secure the entire lifecycle. - Scale Through Cross-Functional Enablement: Mentor the broader Solutions Engineering team to raise the organization's collective "Security IQ" by creating reusable architectural patterns, discovery playbooks and demos. - Optimize Post-Sales Adoption: Partner with Customer Success to analyze how customers operationalize our security products, identifying friction points to improve long-term retention and the "Technical Win". To be a Security Solution Architect in JFrog you need... - 10+ Years of AppSec & Enterprise Pedigree: Extensive background in Application Security and software supply chain, with a proven history of navigating Fortune 500 environments. - Strategic Security Governance: 5–7+ years of experience partnering with IT and governance teams to deploy scalable, robust security programs. - Engineering DNA: Deeply rooted in the SDLC; expert at integrating security into the developer workflow without sacrificing delivery velocity. Sales Rigor & Methodology: 5–7+ years of Enterprise technical sales experience, leveraging MEDDPICC/Challenger to lead high-stakes Proof of Value (PoV) engagements. - Modern Technical Depth: Expert knowledge of DevSecOps, AI, and cloud-native ecosystems, including Kubernetes and CI/CD orchestration. - The "Frog" Mindset: A self-starting collaborator who leads with curiosity and humility to bridge internal silos and build lasting trust. WHAT JFROG CAN OFFER… - Open to remote work for candidates outside a reasonable commuting distance to the Sunnyvale or Atlanta office. - At JFrog, base salary is only one component of our compensation package. - This position has a base salary range between $190,000 to $250,000. Base salary will be based on your skills, qualifications, experience and location. - Additionally, this role may be eligible for discretionary bonuses or commission payments. - This position also includes an equity package of restricted stock units (RSU). In addition, JFrog employees are eligible to participate in our Employee Stock Purchase Plan. - JFrog provides employees comprehensive benefits including medical, dental, vision, retirement, wellness and much more! JFrog is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status or any other category protected by law.

Role Description We are seeking a Senior IT Security Engineer to lead and support the development, implementation, and operation of secure authentication and identity solutions across cloud and web platforms. The role requires expertise in: - Java Spring Boot - Angular - Microservices - AWS - Authentication protocols (SAML, OpenID Connect) - DevOps practices - Operational lifecycle management The ideal candidate will have strong leadership experience, a hands-on technical background, and a focus on delivering secure, scalable, and reliable IT solutions within a fast-paced, agile, and global team environment. Qualifications - Expert JAVA EE development knowledge - Knowledge of authentication solutions, SAML, OpenID Connect, API Gateway - Expert knowledge in the areas of web and cloud technologies - Expertise in agile development and DevOps - Knowledge of current IT architectures, manufacturers, and trends - Strong sense of reliability, being available to support after-hours as required - Proven experience in a strong leadership capacity - Strong technical background with solid skills in Java Spring Boot, Angular, SQL, Kafka, MQ, AWS, execution of Linux commands - Strong operational management capabilities including incident management and troubleshooting, operational processes, and lifecycle management Requirements - Authentication Protocols: Knowledge in IT security features such as authentication protocols - Software Development Excellence: Strong technical background with focus on Java development skills and support - Effective Communicator: Exceptional leadership and communication abilities, facilitating clear dialogue across teams - Incident Management Expert: Skilled in managing incidents and troubleshooting technical issues promptly - Strategic Planner: Excellent planning and organizational skills, adept at navigating complex projects - Lifecycle Management: Knowledgeable in operational processes and lifecycle management to ensure optimal performance - Mentorship and Development: Committed to mentoring and developing team members, fostering growth and enhancing team dynamics - Strong troubleshooting skills with the following technical skills: - Java Spring Boot - Angular (Typescript and JavaScript) - Kafka & JMS (MQ) - SQL (Oracle, Postgres) - Cloud infrastructure (AWS) - RESTful and SOAP services - Design and development of Microservices - Git - CI/CD pipelines - Maven, Docker - Jira, Confluence - Payara/Glassfish - Linux Commands - Apache - WebLogic - Jenkins - Nexus Duties & Responsibilities - Understand the business requirements, preparing AS-IS, and TO-BE documents and get sign-off from users for functional and/or technical design document(s) - Preparation of system/technical documentation (as per ISO standards) - Proactively propose solutions to improve the support of (new) business processes - Review and present proposed system solution to IT Project Manager / Leader and User Management or System owner (PDO) - Executing the required changes through configuration - Develop system solutions in line with quality and delivery requirements - Interact with consultants of other modules for Integration requirements - Preparing test data and documentation, Conducting Unit tests, Regression tests, System Integration security tests including recording of results and change management (transport) activities - Preparing User manuals and conducting training to business process owners (PDO) - Planning of go live milestones, planning, preparation and execution of migration, cutover and Go-Live as well as post Go-Live support activities - Interaction with clients through meetings, calls and emails - Support the troubleshooting, resolving and closing of Production Support tickets (Incidents & Problems tickets) within defined SLA’s (Service Level Agreements) - User interface transactional solutions - Analyse and scope End-user authorisation roles - Update and maintain documentation as an existing system’s functionality is changed - Ability and willingness to coach and give training to fellow colleagues and users when required - Execution according to the Agile Methodology and attending of all team meetings, including Stand-ups, Sprint Review, Sprint Retrospectives, Sprint Planning meetings etc. - Meet with end users and gather requirements - Daily use of the Agile Tool Chain, as per the updates required by the respective feature team(s) Desired Experience & Qualification - IT Degree / Diploma / Equivalent experience - Experience in leading teams - Minimum of 5-7 years IT working experience - ITIL process knowledge and work experience (Required) Interested?

• Monitor security events and alerting via our security tooling, including MSSP, SIEM, AI, and CSPM tooling, to identify and triage potential threats • Design, develop, implement, and maintain high-fidelity detection rules and alerts within SIEM and other security platforms (e.g., EDR, Cloud Security tools) based on threat intelligence, MITRE ATT&CK framework, and identified risks • Own the continuous tuning and optimization of existing detection logic to reduce false positives and improve detection efficacy • Respond to issues identified by our Cribl employees • Act as a security incident response lead, including leveraging and improving detection capabilities during investigations • Design, build, and manage security playbooks, incorporating detection engineering best practices • Conduct security assessments of corporate assets through vulnerability testing, threat hunts, and purple team activities, with a focus on identifying detection gaps and opportunities • Perform both internal and external security reviews of corporate properties e.g., the corporate website and enterprise applications • Lead security incident response tabletop exercises • Continue to evolve and champion the use of Cribl products in our security tech stack to enhance detection, analysis, and response capabilities • Collaborate with threat intelligence teams to integrate new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) into detection strategies • Partner cross-functionally with Product Security, IT, and Legal teams to strengthen overall security posture • This position will require stand-by, on-call, or off-hours duties

• Design, implement, and maintain controls in AWS (IAM, KMS, VPC, GuardDuty, Security Hub, Detective, CloudTrail/CloudWatch), network, endpoint, email, data security, vulnerability, and identity domains. • Define SLOs for control availability, latency, coverage, and drift; implement telemetry to continuously measure those SLOs. • Partner with infrastructure, platform, and application teams to build IaC modules (Terraform/CloudFormation) and platform automations (e.g., Python/Lambda, Step Functions) to enforce guardrails (account vending, baseline hardening, logging enablement, key policies, SCPs) using Git. • Implement break‑glass patterns and least‑privilege workflows that are auditable and reversible. • Engineer data pathways (e.g., CloudTrail, VPC Flow, ECS audit, identity logs) into SIEM/MDR tooling; ensure completeness, timeliness, and schema quality. • Translate Detection and Response Lead feedback on false positives/gaps into logging or control adjustments. • Own scanners/integrations, asset coverage, tagging standards, and develop risk‑based remediation pipelines (ticketing, auto‑remediation for low‑risk classes). • Partner with owners to remove friction (pre‑approved windows, canaries, rollbacks). • Engineer least‑privilege patterns, permission boundaries, conditional access, and automated key/secret lifecycle (rotation, discovery, usage attestations). • Provide ready‑to‑consume roles/policies to teams. • Maintain runbooks, design docs, and reusable modules; ensure changes are versioned, peer‑reviewed, and test‑. • Participate in control‑health and platform on‑call (e.g., logging ingestion failures, drift, outages). • Escalate security events to the Detection & Response Lead/MDR.