As Twitter’s bug bounty leader, you will be responsible for ensuring the success of our program. You will leverage deep and practical knowledge in security and project management to ensure efficient and effective operations of Twitter’s bug bounty program.
What You’ll do:
- Identifying, measuring, and executing on indicators of success for Twitter’s bug bounty program
- Ensuring operational success of the program, including triage rotation to execute on key deliverables
- Ensure Twitter consistently meets SLAs such as:
- response time to hackers on reported vulnerabilities
- time to bounty after confirmation of the issue
- time to remediation of reported vulnerabilities
- Identifying and expanding the scope of the program
- Accepting and incorporating feedback from (and developing a healthy relationship with) the bug bounty community
- Leading vulnerability management efforts on issues identified via the program
- Identifying and calibrating budget for the program
- Working with executive leadership and other parts of to report on the results of program and ensure continued buy-in
- Interface with and coordinate third party triage services for front-line bug triage.
You will meet most (but need not meet all) of the following points:
- 2+ years of application security experience, understand security fundamentals and common vulnerabilities (e.g. OWASP Top Ten)
- 2+ years of security consulting experience
- Outstanding communicator with empathy for researchers to strike the right balance. You need to be an advocate for friendly hackers, but also appropriately influence and push back when needed to help hackers be successful.
- Ability to take feedback from hackers and translate to action items for our bug bounty team
- Extremely organized with strong project management experience
- Detail oriented, results driven, fast learner
- A strong sense of urgency and bias for action
- A passion for solving problems, both for hackers and internal teams at
- A great team player
Ideal candidate will meet several of the following:
- Vulnerability assessment experience
- Penetration testing and code review
- Additional experience in IT, security engineering, system and network security, authentication and security protocols, and applied cryptography
- Scripting/programming skills (e.g., Python, Ruby, Java, JS, etc.)
- Network and web-related protocol knowledge (e.g., TCP/ IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Program/Project management experience (Strongly preferred)
To apply for this job please visit careers.twitter.com.
Please mention you found this job on infosec-jobs.com to help us get more companies to post here 🙂