Junior Offensive Security Engineer

Summary

Join Hostinger as a Junior Offensive Security Engineer and proactively secure our products by testing new features and managing vulnerability disclosure channels. You will act as a critical link between development and security teams, validating vulnerabilities, triaging reports, and ensuring timely remediation. Contribute to the bug bounty program, collaborating with external researchers and improving product security. Responsibilities include responding to vulnerability submissions, validating reports, triaging issues, conducting security testing, creating reports, and working with engineering and product teams. You will also develop internal tooling and contribute to knowledge sharing. The role requires a good understanding of web vulnerabilities, 1+ years of experience in security testing, and solid manual testing abilities. Excellent communication and analytical skills are essential.

Requirements

• Good understanding of common web vulnerabilities (e.g., OWASP Top 10)
• 1+ years of experience in security testing, bug bounty, or vulnerability triage roles
• Solid ability to manually identify and verify security issues using tools like Burp Suite, browser dev tools, etc
• Excellent analytical and critical thinking skills; able to separate noise from high-impact issues
• Basic scripting or automation skills (e.g., Python, Bash) to support validation tasks
• Good communication skills and an ability to work across security, engineering, and product teams
• Familiarity with bug bounty platforms (HackerOne, Bugcrowd) and their workflows
• Proficiency with Linux command-line tools
• Curious mindset and a strong eagerness to learn and grow in offensive security
• Strong written English and clear documentation habits

Responsibilities

• Respond to Responsible Disclosure and HackerOne submissions from external researchers
• Validate and reproduce vulnerability reports and assess their potential impact
• Triage and escalate confirmed issues to internal product teams
• Conduct manual security testing of new features prior to release
• Maintain monthly reports summarizing submitted vulnerabilities and trends
• Test new features and services manually for common vulnerabilities (e.g., XSS, IDOR, auth issues) before deployment
• Reproduce and validate vulnerabilities submitted via the HackerOne platform
• Assess the severity and exploitability of findings and draft clear escalation tickets for internal teams
• Communicate effectively with external researchers, ensuring timely responses and status updates
• Work with engineering and product teams to understand features under development and proactively test them for security flaws
• Track open vulnerability reports and assist in verifying applied fixes
• Develop and maintain lightweight internal tooling or scripts to support testing workflows
• Create monthly metrics and insights reports on vulnerability submissions, researcher activity, and triage timelines
• Contribute to knowledge sharing by documenting findings, impact, and remediation paths

Preferred Qualifications

• Prior experience as a HackerOne program triager or as a bug bounty researcher
• Understanding of CVSS or other risk-rating methodologies
• Knowledge of CI/CD pipelines and how new features are released
• Understanding of modern authentication mechanisms (OAuth, JWT, SSO) and common pitfalls
• Ability to read code or understand source logic at a basic level (e.g., JavaScript, PHP, or Go)
• Security certifications like eJPT, OSCP (or progress toward one) are a plus, but not required

Benefits

• We provide limitless learning opportunities: access to platforms like Reforge and CoachHub, global conferences, physical and digital libraries, feedback culture, and mentoring through TesoXchange
• Advance your career with internal mobility and grow with a team eager to share knowledge and support your success
• Work on your terms: from modern offices in Kaunas and Vilnius, the comfort of home, or anywhere in the world
• Enjoy flexibility in managing your schedule and bring your ideas to life in a fast-paced, dynamic environment
• Your health comes first with insurance from Day 1, gym memberships, recharge leave, and regular health checks
• Join sports, arts, and hobby clubs or simply enjoy the balance of a lifestyle that prioritizes wellness
• Recognize hard work with company events like Summerfest & Winterfest, Town Hall, Meet the Client initiatives, team-buildings, and workations
• Enjoy access to the Žalgiris Arena VIP Lounge and celebrate life’s big moments with milestone gifts for weddings, new parenthood, and graduations