Product Security Analyst, India - HackerOne India Bookmark Share Print 196 0 1

Listing Description

HackerOne is looking for security-minded, customer-service oriented individuals to join the team responsible for HackerOne’s Fully Managed service offering. You will be responsible for vetting security vulnerability reports from some of the world's best hackers being submitted to Fortune 500 and other companies as part of their bug bounty programs. You will have the opportunity to work with some of the best hackers in the world and the security teams behind some of the most competitive bug bounty programs, gaining hands-on experience with thousands of vulnerabilities unique to HackerOne's customers.

The ideal candidate will be a self-starter, a problem solver, a great communicator, and detail oriented.

This role requires that you have both excellent communication skills to serve as the glue between the hacker community and companies running bug bounty programs, as well as the technical capacity to ensure every bug report is reproducible and provides value to each customer. This job reports into the Director of Technical Services and must be based in India.

#LI-Remote
#LI-EG1

Your Journey at HackerOne
  • Review incoming vulnerability reports and reproduce issues, assessing the severity and impact of each issue within the context of each organization’s threat model
  • Work with hackers to identify missing information in reports, as well as help educate the community when reports are incorrect
  • Write a brief summary for each report, including clear reproduction steps, the impact of the issue, and remediation advice
  • Coordinate with our Customer Success team and customers to ensure smooth triage workflows for any programs you work with
  • Ensure clear and efficient communication between hackers and customers
  • Proactively identify and solve issues, as well as accept and quickly respond to delegated work; as we are distributed, being able to win as a team to solve problems is critical to our success

  • Who You Are
  • Top notch communication skills: need to be able to firmly, yet politely, respond to non-issues, as well as identify legitimate issues and communicate them to security teams in an easy to understand format
  • Strong technical knowledge around web application security: ability to identify and reproduce reported vulnerabilities, as well as assess contextual risk
  • In-depth knowledge of security fundamentals, including OWASP Top 10 and other common application security vulnerabilities. The Web Application Hacker’s Handbook is a great resource to be familiar with.
  • Familiarity with and ability to calculate CVSS ratings for identified vulnerabilities based on an understanding of each customer’s threat model.
  • Familiar with vulnerability disclosure and bounty programs, including: report formatting and content, confidentiality and disclosure processes, the importance of clear and quick communication between hackers and customers, program policies, etc.
  • Ability to prioritize and organize operationally complex work, with great attention to detail
  • English fluency
  • HackerOne is a digital first company, and all employees must be able to work and excel in a remote environment
  • Employment at HackerOne is contingent on a background check.

    HackerOne is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.

    This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.

    HackerOne Value
    HackerOne commits to maintaining a strong, inclusive culture built for our employees and our community of hackers. We are driven by our five core values. We recognize that our mission is bigger than us, and therefore act with integrity at all times. As a team, we believe that transparency builds trust so we default to disclosure in our communications. Each individual executes with excellence, creating an environment of greater alignment and greater autonomy. We win as a team and respect all people to empower everyone to learn from each other, innovate, and grow.

    What We Do
    HackerOne closes the security gap between what organizations own and what they can protect. HackerOne's AttackResistance Management blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the ever-evolving digital attack surface. This approach enables organizations to transform their business while staying ahead of threats. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Yahoo. In 2021, HackerOne was named as a ‘brand that matters’ by Fast Company.

    HackerOne is Digital First
    Our work is optimized for asynchronous collaboration, knowledge management, and decision-making. HackerOne is creating an industry, and to do that, we must employ the most creative, forward-thinking distributed talent in the market. Our remote model allows employees to contribute to our mission while providing time and location flexibility which are core elements to a healthy relationship between professional and personal pursuits.


    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided



    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765