Remote Product Security Analyst

Summary

Join our Technical Services team as a Security Analyst and gain hands-on technical experience while delivering high-impact vulnerabilities to top bug bounty programs.

Requirements

• Proven experience with vulnerability disclosure and bug bounty (experience managing a bug bounty program is a plus but not required)
• Hands-on experience doing security testing or ethical hacking on web and mobile applications
• Strong technical knowledge of OWASP top 10
• Comfortable using security testing tools including Burpsuite
• Excellent written and verbal communication skills
• Experience using frameworks such as CVSS
• Self-motivated and able to manage your time and energy output while maintaining a consistent and sustainable operational rhythm
• English fluency

Responsibilities

• Evaluate assigned vulnerability reports submitted by hackers to determine the validity, risk and severity to HackerOne customers
• Collaborate with hackers to address missing information from reports as well as educate the HackerOne community members when reports are invalid
• Compose a technical summary for each valid report that includes clear and concise details regarding the impact, steps to reproduce and remediation advice
• Ensure clear and efficient communication between hackers and customers
• Proactively identify and solve issues, as well as accept and quickly respond to delegated work; as we are distributed, being able to win as a team to solve problems is critical to our success
• Assess vulnerability findings and determine whether the submission is valid based on program policies, scope and impact
• Independently reproduce reported vulnerabilities in a test environment and compose a technical summary for valid findings

Benefits

Remote work, flexible hours