Job details

Product Security Analyst

HackerOne is the global leader in human-powered security, harnessing the creativity of the world’s largest community of security researchers with cutting-edge AI to protect your digital assets. The HackerOne Platform combines the expertise of our elite community and the most up-to-date vulnerability database to pinpoint critical security flaws across your attack surface. Our integrated solutions, including bug bounty, pentesting, code security audits, spot checks, and AI red teaming, ensure continuous vulnerability discovery and management throughout the software development lifecycle. Trusted by industry leaders such as Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.

Position Summary

HackerOne is seeking a dynamic individual with a passion for Information Security to join our Technical Services team. As a Security Analyst, you will gain hands-on technical experience and exposure to some of the world’s best hackers while delivering high-impact vulnerabilities to the top bug bounty programs in the industry.

This role requires excellent communication skills, intellectual curiosity and drive to acquire the technical skills you’ll need to ensure every valid bug report is reproducible and provides value to HackerOne customers.

For AMER: This job reports to a Manager in-region and can be based anywhere within the United States or Canada.

What You Will Do

Evaluate assigned vulnerability reports submitted by hackers to determine the validity, risk and severity to HackerOne customers
Collaborate with hackers to address missing information from reports as well as educate the HackerOne community members when reports are invalid
Compose a technical summary for each valid report that includes clear and concise details regarding the impact, steps to reproduce and remediation advice
Ensure clear and efficient communication between hackers and customers
Proactively identify and solve issues, as well as accept and quickly respond to delegated work; as we are distributed, being able to win as a team to solve problems is critical to our success
Assess vulnerability findings and determine whether the submission is valid based on program policies, scope and impact.
Independently reproduce reported vulnerabilities in a test environment and compose a technical summary for valid findings.

Minimum Qualifications

Proven experience with vulnerability disclosure and bug bounty (experience managing a bug bounty program is a plus but not required)
Hands-on experience doing security testing or ethical hacking on web and mobile applications
Strong technical knowledge of OWASP top 10
Comfortable using security testing tools including Burpsuite
Excellent written and verbal communication skills
Experience using frameworks such as CVSS
Self-motivated and able to manage your time and energy output while maintaining a consistent and sustainable operational rhythm
English fluency
This role works on a weekday schedule from Monday-Friday.
Must be based remotely in US or Canada. HackerOne is a digital-first company. This model offers our employees flexibility in time and location. All employees must be able to work and excel in a remote environment.

Preferred Qualifications

Experience managing a bug bounty program

Compensation Bands:
Tier Guide

Tier A

$116K – $131K • Offers Equity

Tier B

$105K – $118K • Offers Equity

Tier C

$99K – $112K • Offers Equity

Canada

CA$80K – CA$90K • Offers Equity

#LI-Remote

#LI-HM1

We are a Circle Back Initiative Employer and commit to responding to every applicant.

We're committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).

Employment at HackerOne is contingent on a background check.

HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.

This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.

For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.

HackerOne Values

HackerOne commits to maintaining a strong, inclusive culture built for our employees and our community of hackers. We are driven by our five core values. We recognize that our mission is bigger than us, and therefore act with integrity at all times. As a team, we believe that transparency builds trust so we default to disclosure in our communications. Each individual executes with excellence, creating an environment of greater alignment and greater autonomy. We win as a team and respect all people to empower everyone to learn from each other, innovate, and grow.

HackerOne Glassdoor Company Review

4.5

HackerOne DE&I Review

3.9

CEO of HackerOne

Marten Mickos

Approve of CEO

Average salary estimate

$115000 / YEARLY (est.)

min

max

$99000K

$131000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Product Security Analyst, HackerOne

Are you passionate about information security and looking to dive deep into the world of vulnerability management? HackerOne is inviting you to step into the role of Product Security Analyst! As a key member of our Technical Services team, you will engage with some of the most skilled hackers in the industry, gaining hands-on experience while addressing critical security flaws for our esteemed clients ranging from Coinbase to the U.S. Department of Defense. Your day-to-day responsibilities will include evaluating vulnerability reports, collaborating with hackers for clarity, and crafting detailed summaries for each valid report to ensure our customers receive top-notch service. You'll thrive in a remote-first environment, bringing your self-motivation and time management skills to connect hackers with clients effectively. Not only will you assess the risk and severity of vulnerabilities, but you will also independently reproduce findings and engage in meaningful communication with the HackerOne community. If you possess strong technical knowledge, experience in security testing, and excellent communication skills, we're excited to hear from you. The flexibility of a digital-first model paired with our commitment to growth and innovation makes HackerOne an incredible place to advance in your career as a Product Security Analyst. Join us and be part of a respected workplace that has been recognized for fostering innovation and supporting young professionals!

Frequently Asked Questions (FAQs) for Product Security Analyst Role at HackerOne

What are the responsibilities of a Product Security Analyst at HackerOne?

As a Product Security Analyst at HackerOne, your responsibilities include evaluating vulnerability reports, collaborating with security researchers for clarity, and creating detailed summaries for each valid report. You will also ensure effective communication between hackers and customers, proactively resolve issues, and independently reproduce reported vulnerabilities to assess their validity.