Product Security Analyst

Summary

Join HackerOne's Technical Services team as a Security Analyst and gain hands-on experience evaluating vulnerability reports from the world's best hackers. You will collaborate with hackers, compose technical summaries, ensure clear communication, and proactively solve issues. This role requires excellent communication, technical knowledge (including OWASP Top 10 and security testing tools), and experience with vulnerability disclosure and bug bounty. The position is remote and based in the US or Canada, offering flexibility in time and location. Compensation includes equity and falls within specified salary bands depending on tier.

Requirements

• Proven experience with vulnerability disclosure and bug bounty (experience managing a bug bounty program is a plus but not required)
• Hands-on experience doing security testing or ethical hacking on web and mobile applications
• Strong technical knowledge of OWASP top 10
• Comfortable using security testing tools including Burpsuite
• Excellent written and verbal communication skills
• Experience using frameworks such as CVSS
• Self-motivated and able to manage your time and energy output while maintaining a consistent and sustainable operational rhythm
• English fluency
• Must be based remotely in US or Canada

Responsibilities

• Evaluate assigned vulnerability reports submitted by hackers to determine the validity, risk and severity to HackerOne customers
• Collaborate with hackers to address missing information from reports as well as educate the HackerOne community members when reports are invalid
• Compose a technical summary for each valid report that includes clear and concise details regarding the impact, steps to reproduce and remediation advice
• Ensure clear and efficient communication between hackers and customers
• Proactively identify and solve issues, as well as accept and quickly respond to delegated work; as we are distributed, being able to win as a team to solve problems is critical to our success
• Assess vulnerability findings and determine whether the submission is valid based on program policies, scope and impact
• Independently reproduce reported vulnerabilities in a test environment and compose a technical summary for valid findings

Preferred Qualifications

Experience managing a bug bounty program

Benefits

• $116K – $131K • Offers Equity
• $105K – $118K • Offers Equity
• $99K – $112K • Offers Equity
• CA$80K – CA$90K • Offers Equity
• Remote work, flexible hours