HackerOne is looking for security-minded, customer-service oriented individuals to help lead up the newly formed HackerOne Fully Managed service offering. You will be responsible for vetting security vulnerability reports from some of the world's best hackers being submitted to Fortune 500 and other companies as part of their bug bounty programs. You will have the opportunity to work with some of the best hackers in the world and the security teams behind some of the most competitive bug bounty programs, gaining hands-on experience with thousands of vulnerabilities unique to HackerOne's customers.
This role requires that you have both excellent communication skills to serve as the glue between the hacker community and companies running bug bounty programs, as well as the technical capacity to ensure every bug report is reproducible and provides value to each customer.
This job is remote and can be performed from anywhere in the world.
HackerOne connects companies and the hacker community to build a safer Internet. HackerOne powers the leading vulnerability coordination platform, tapping into the power of the hacker community to reveal live vulnerabilities that require a company's immediate attention. Vulnerabilities surfaced by hackers help protect a company's brand and its users' information and data. With over 500 companies and more than 3,000 actively rewarded hackers, HackerOne has the world's largest platform and community of its kind.
As a company, we believe in transparency, trust, collaboration and community. We work together to make our customers successful, and act with a sense of urgency in our work. We believe in the positive power of hackers.
The ideal candidate will be a self-starter, a problem solver, a great communicator, and detail oriented.
- Validate and reproduce incoming vulnerability reports
- When reports are not sufficiently clear, follow up with the submitting hacker to clarify
- Write a brief summary for each validated report, including the impact of the issue, along with step by step instructions on how to easily reproduce the vulnerability
- Independently manage and operationalize your workflow to ensure efficient and effective results
- Top notch communication skills: need to be able to firmly, yet politely, respond to non-issues, as well as identify legitimate issues and communicate them to security teams in an easy to understand format
- Strong technical knowledge around mobile and application security: ability to identify and reproduce reported vulnerabilities, as well as assess contextual risk
- In-depth knowledge of OWASP Top 10 and other common application security vulnerabilities
- Familiar with best practices around vulnerability disclosure programs, including: report formatting and content, confidentiality agreements, SLAs around response time, etc.
- Ability to prioritize and organize operationally complex work, with great attention to detail to ensure nothing is dropped and that SLAs are maintained
- Comfortable working under pressure, ability to remain calm and professional when encountering disagreements
- Understanding security fundamentals and common vulnerabilities (e.g. OWASP Top 10)
- 1-3+ years of application security experience
Big plus if you have any of the below:
- Vulnerability assessment experience
- Penetration testing and code review
- 1-2+ years of security consulting experience
- 1+ years customer service experience
- Additional experience in IT, security engineering, system and network security, authentication and security protocols, and applied cryptography
- Scripting/programming skills (e.g., Python, Ruby, Java, JS, etc.)
- Network and web-related protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Federal and industry regulations understanding (e.g., PCI, SOX, GLBA, ISO 17799, HIPAA, CA1386)
- CISSP, OSCP/E, GWAPT, GPEN, GXPN certification is helpful, but not a necessity
* Unlimited Vacation Policy
* Flexible Work Hours
* Gym / Commuter
* Food & Snacks! IMPORTANT!
Apply via this link only:
keywords: part time, security analyst www.genuinejobs.com
Like us on Facebook
Follow us on Twitter