Application Security Engineer

Summary

Join Bugcrowd as an Application Security Engineer (ASE) and contribute to the curation and management of security vulnerability submissions for global bug bounty programs. You will validate submissions, communicate with clients and researchers, and handle incident response for high-severity bugs. This role requires strong knowledge of OWASP Top Ten vulnerabilities and proficiency in at least one scripting/development language. Bugcrowd offers a unique opportunity to work on hundreds of security programs, learn cutting-edge methodologies, and collaborate with top security researchers. The position is fully remote and based in the United Kingdom.

Requirements

• Bachelor’s degree or previous security consulting experience
• Published and demonstrated passion for security assessment research
• High proficiency with Burp Suite (or any other interception proxy) and a working level of experience with other industry standard tools (nmap, sqlmap, anything included in Kali Linux)
• Ability to execute on individual projects but still contribute to the team
• Ability to complete tasks on time
• Strong organization, influencing, and communication skills

Responsibilities

• Triage and validate submissions for Bugcrowd managed programs
• Curate incoming submission data for validity, accuracy, and severity
• Communicate directly with Bugcrowd’s clients or researchers when additional information is required
• Handle Incident Response – escalating and communicating about the highest severity bugs to clients
• Possess strong knowledge of OWASP Top Ten type vulnerabilities
• Possess a strong skill set in one scripting/development language, often to assist with the design or development of tooling for improving the triage/validation process

Preferred Qualifications

Experience with various security programs (cars, IoT devices, embedded systems, mobile applications)

Benefits

Remote work, work-from-home 100% of the time