Security Analyst, Americas (Weekend Hours)
US or Canada
Applications have closed
HackerOne
Reduce the risk of a security incident by working with the world’s largest community of trusted ethical hackers. HackerOne offers bug bounty, VDP, security assessments, attack surface management, and pentest solutions.
HackerOne is looking for security-minded, customer-service oriented individuals to join the team supporting HackerOne’s Fully Managed triage service offering. You will be responsible for vetting security vulnerability reports from some of the world's best hackers being submitted to Fortune 500 and other companies as part of their bug bounty programs. You will have the opportunity to work with some of the best hackers in the world and the security teams behind some of the most competitive bug bounty programs, gaining hands-on experience with thousands of vulnerabilities unique to HackerOne's customers.
The ideal candidate will be a self-starter, a problem solver, a great communicator, and detail oriented.
This role requires that you have both excellent communication skills to serve as the glue between the hacker community and companies running bug bounty programs, as well as the technical capacity to ensure every bug report is reproducible and provides value to each customer.
This role will work Continuity team hours, which provide triage support services on Saturdays and Sundays to elite programs with weekend coverage requirements. The remaining days of your 5-day work week will be arranged with the team's manager. This role reports into a Senior Manager who is based in Texas, but can be performed from anywhere within the United States or Canada.
HackerOne commits to maintaining a strong, inclusive culture built for our employees and our community of hackers. We are driven by our five core values. We recognize that our mission is bigger than us, and therefore act with integrity at all times. As a team, we believe that transparency builds trust so we default to disclosure in our communications. Each individual executes with excellence, creating an environment of greater alignment and greater autonomy. We win as a team and respect all people to empower everyone to learn from each other, innovate, and grow.
What We Do
HackerOne empowers the world to build a safer internet by giving organizations access to the largest, global community of highly skilled ethical hackers. Armed with an extensive database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across industries and attack surfaces. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Yahoo. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020.
The ideal candidate will be a self-starter, a problem solver, a great communicator, and detail oriented.
This role requires that you have both excellent communication skills to serve as the glue between the hacker community and companies running bug bounty programs, as well as the technical capacity to ensure every bug report is reproducible and provides value to each customer.
This role will work Continuity team hours, which provide triage support services on Saturdays and Sundays to elite programs with weekend coverage requirements. The remaining days of your 5-day work week will be arranged with the team's manager. This role reports into a Senior Manager who is based in Texas, but can be performed from anywhere within the United States or Canada.
Your Journey at HackerOne
- Review incoming vulnerability reports and reproduce issues, assessing the severity and impact of each issue within the context of each organization’s threat model
- Work with hackers to identify missing information in reports, as well as help educate the community when reports are incorrect
- Write a brief summary for each report, including clear reproduction steps, the impact of the issue, and remediation advice
- Coordinate with our Customer Success team and customers to ensure smooth triage workflows for any programs you work with
- Ensure clear and efficient communication between hackers and customers
- Proactively identify and solve issues, as well as accept and quickly respond to delegated work; as we are distributed, being able to win as a team to solve problems is critical to our success
Who You Are
- Top notch communication skills: need to be able to firmly, yet politely, respond to non-issues, as well as identify legitimate issues and communicate them to security teams in an easy to understand format
- Strong technical knowledge around web application security: ability to identify and reproduce reported vulnerabilities, as well as assess contextual riskIn-depth knowledge of security fundamentals, including OWASP Top 10 and other common application security vulnerabilities. The Web Application Hacker’s Handbook is a great resource to be familiar with
- Familiarity with and ability to calculate CVSS ratings for identified vulnerabilities based on an understanding of each customer’s threat model
- Familiarity with vulnerability disclosure and bounty programs, including: report formatting and content, confidentiality and disclosure processes, the importance of clear and quick communication between hackers and customers, program policies, etc.
- Ability to prioritize and organize operationally complex work on quiet but busy weekend days, with great attention to detail
- English fluency
HackerOne commits to maintaining a strong, inclusive culture built for our employees and our community of hackers. We are driven by our five core values. We recognize that our mission is bigger than us, and therefore act with integrity at all times. As a team, we believe that transparency builds trust so we default to disclosure in our communications. Each individual executes with excellence, creating an environment of greater alignment and greater autonomy. We win as a team and respect all people to empower everyone to learn from each other, innovate, and grow.
What We Do
HackerOne empowers the world to build a safer internet by giving organizations access to the largest, global community of highly skilled ethical hackers. Armed with an extensive database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across industries and attack surfaces. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Yahoo. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security CVSS GitHub OWASP Vulnerabilities
Perks/benefits: Career development
Region:
North America
Country:
Canada
Job stats:
23
3
0
Category:
Analyst Jobs
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs