Product Security Analyst (Triage)

HackerOne is the global leader in human-powered security, harnessing the creativity of the world's largest community of security researchers with cutting-edge AI to protect your digital assets. The HackerOne Platform combines the expertise of our elite community and the most up-to-date vulnerability database to pinpoint critical security flaws across your attack surface. Our integrated solutions, including bug bounty, pentesting, code security audits, spot checks, and AI red teaming, ensure continuous vulnerability discovery and management throughout the software development lifecycle. Trusted by industry leaders such as Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.

HackerOne Values

HackerOne is dedicated to fostering a strong and inclusive culture. HackerOne is Customer Obsessed and prioritizes customer outcomes in our decisions and actions. We Default to Disclosure by operating with transparency and integrity, ensuring trust and accountability. Employees, researchers, customers, and partners Win Together by fostering empowerment, inclusion, respect, and accountability.

HackerOne is seeking a dynamic individual with a passion for Information Security to join our Technical Services team. As a Security Analyst, you will gain hands-on technical experience and exposure to some of the world's best hackers while delivering high-impact vulnerabilities to the top bug bounty programs in the industry.

This role requires excellent communication skills, intellectual curiosity and drive to acquire the technical skills you'll need to ensure every valid bug report is reproducible and provides value to HackerOne customers.

At HackerOne, we embrace a Flexible Work approach, enabling our team members to work remotely while maintaining productivity and collaboration. We are seeking candidates located in San Francisco, CA; Seattle, WA; Austin, TX; Washington, DC; and the surrounding metropolitan areas, to facilitate occasional in-person interactions as needed. While the position is primarily remote, there will be periodic in-person requirements to support team collaboration and foster stronger connections. This approach ensures flexibility while providing opportunities to build meaningful in-person relationships that strengthen our team and company culture.

• Evaluate assigned vulnerability reports submitted by hackers to determine the validity, risk and severity to HackerOne customers

• Collaborate with hackers to address missing information from reports as well as educate the HackerOne community members when reports are invalid

• Compose a technical summary for each valid report that includes clear and concise details regarding the impact, steps to reproduce and remediation advice

• Ensure clear and efficient communication between hackers and customers

• Proactively identify and solve issues, as well as accept and quickly respond to delegated work; as we are distributed, being able to win as a team to solve problems is critical to our success

• Assess vulnerability findings and determine whether the submission is valid based on program policies, scope and impact.

• Independently reproduce reported vulnerabilities in a test environment and compose a technical summary for valid findings.

• Proven experience with vulnerability disclosure and bug bounty (experience managing a bug bounty program is a plus but not required)

• Hands-on experience doing security testing or ethical hacking on web and mobile applications

• Strong technical knowledge of OWASP top 10

• Comfortable using security testing tools including Burpsuite

• Excellent written and verbal communication skills

• Experience using frameworks such as CVSS

• Self-motivated and able to manage your time and energy output while maintaining a consistent and sustainable operational rhythm

• English fluency

Compensation Bands:

$128K - $144K * Offers Equity

$115K - $130K * Offers Equity

#LI-Remote

#LI-HM1

• Health (medical, vision, dental), life, and disability insurance*

• Equity stock options

• Retirement plans

• Paid public holidays and unlimited PTO

• Paid maternity and parental leave

• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)

• Employee Assistance Program

• Flexible Work Stipend

*Eligibility may differ by country

We're committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).

Employment at HackerOne is contingent on a background check.

HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.

This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.

For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.

Compensation Range: $115K - $144K