Product Security Analyst

Summary

Join HackerOne's Triage Events team as a Security Analyst for Live Hacking Events. Gain hands-on experience evaluating vulnerability reports from top hackers, collaborating to understand complex vulnerabilities, and ensuring clear communication. You will reproduce vulnerabilities, write technical summaries, and thrive in a collaborative environment. This remote position, based in Washington, D.C. or London, UK, requires excellent communication, strong technical skills, and experience in security testing. Occasional in-person meetings are required. The role offers competitive compensation and a comprehensive benefits package.

Requirements

• 3+ years of experience doing security testing or ethical hacking on web and mobile applications
• Proven experience with vulnerability disclosure and bug bounty (experience managing a bug bounty program is a plus but not required)
• Strong technical knowledge of OWASP top 10
• Comfortable using security testing tools including Burpsuite
• Excellent written and verbal communication skills
• Experience using frameworks such as CVSS
• Ability and willingness to travel globally at least 3-5 times a year
• Self-motivated and able to manage your time and energy output while maintaining a consistent and sustainable operational rhythm
• English fluency

Responsibilities

• Evaluate vulnerability reports submitted by hackers to determine the validity, risk and severity to HackerOne customers
• Collaborate with hackers to understand complex chained vulnerabilities that will grow your skills daily
• Ensure clear and efficient communication between hackers, customers and other team mates
• Proactively identify and solve issues, as well as accept and quickly respond to delegated work; as we are distributed, being able to win as a team to solve problems is critical to our success
• Independently reproduce reported vulnerabilities in a test environment and compose a technical summary for valid reports that includes clear and concise details regarding the impact, steps to reproduce and remediation advice
• Thrive in a collaborative collective environment where hackers, customers and security analysts have the best experience
• Self-motivated interest in emerging technologies and their impact on securing the digital world

Benefits

• Health (medical, vision, dental), life, and disability insurance
• Equity stock options
• Retirement plans
• Paid public holidays and unlimited PTO
• Paid maternity and parental leave
• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)
• Employee Assistance Program
• Flexible Work Stipend