Raise the bar for Security Engineering at Frappe by improving code and infra that powers thousands of sites.
What you will be working on
Triaging, patching and disclosing issues reported by community researchers and our third-party security consultants.
You will be primarily working on securing the following Frappe products:
Frappe Framework (Our low-code web framework)
Frappe Cloud (Our infrastructure/platform)
ERPNext (Our flagship product)
Frappe HR
And other products in collaboration with product owners.
Continuous code audits and pentesting for discovering and preventing security vulnerabilities.
Ensuring compliance with ISO 27000 and working towards future compliance needs (like SOC 2)
What we are looking for
Someone with strong technical knowledge in Python, SQL and JavaScript.
2-3 years of experience in the field of web development.
You should be passionate about deeply understanding how things work and how to make them better.
You should love tinkering and poking holes in systems.
Ability to discover AND patch SQLi, XSS, command-injection, authentication and authorization/ACL flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
Strong communication and collaboration skills to work with other Frappe engineers and external stakeholders.
Prior code audit experience is a big plus. We are a 100% open-source company, so you'll be inspecting code much more than doing black-box pen-testing.
Prior exposure to security engineering will be a huge plus but it's not a mandatory requirement.
Salary Range
This is a mid-level position.
The salary range for this position is INR 14-18 LPA.
