Product Security Analyst

Job Category: Technology and IT
Job Type: Full Time
Job Location: USA
Salary: $128K/yr - $144K/yr
Company Name: HackerOne

Company Overview

HackerOne is the global leader in human-powered cybersecurity, combining the ingenuity of the world’s largest community of ethical hackers with advanced AI to safeguard your digital assets. Our platform leverages this expert community and the industry’s most comprehensive vulnerability database to identify critical security gaps across your entire attack surface.

HackerOne’s suite of integrated solutions—including bug bounty programs, penetration testing, code security audits, spot checks, and AI red teaming—enables continuous vulnerability discovery and management throughout the software development lifecycle.

Trusted by some of the world’s most prominent organizations, including Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, and the U.S. Department of Defense, HackerOne continues to set the standard for security excellence. Recognized as a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024, HackerOne is where innovation and impact come together.

What You’ll Do

  • Review and assess vulnerability reports submitted by hackers to validate findings, and evaluate their risk and severity to HackerOne clients.
  • Collaborate with researchers to clarify missing details, provide guidance, and educate community members when submissions are deemed invalid.
  • Draft detailed technical summaries for valid reports, clearly outlining impact, reproduction steps, and remediation recommendations.
  • Facilitate clear and effective communication between security researchers and customers to ensure smooth resolution of vulnerabilities.
  • Take a proactive approach to identifying and solving issues, responding efficiently to assigned tasks. As part of a distributed team, a collaborative mindset is key to our success.
  • Evaluate findings against program policies, scope, and potential impact to determine report validity.
  • Independently reproduce valid vulnerabilities in a test environment and deliver well-documented technical assessments.

Minimum Qualifications

  • Prior experience in vulnerability disclosure or bug bounty programs (experience managing a bug bounty program is a plus).
  • Practical experience conducting security testing or ethical hacking on web and mobile applications.
  • Strong understanding of OWASP Top 10 vulnerabilities and common application security risks.
  • Proficiency with tools such as Burp Suite for security testing.
  • Strong written and verbal communication skills with the ability to explain technical concepts clearly.
  • Familiarity with vulnerability scoring systems such as CVSS.
  • Self-driven, highly organized, and able to manage workload while maintaining consistent operational performance.
  • Fluent in English.

Compensation Ranges

  • San Francisco, CA: $128K – $144K + Equity
  • Seattle, Austin, Washington D.C. area: $115K – $130K + Equity

Benefits

  • Comprehensive health benefits, including medical, vision, dental, life, and disability insurance*
  • Equity stock options
  • Retirement savings plans
  • Paid public holidays and unlimited paid time off (PTO)
  • Paid maternity and parental leave
  • Leaves of absence (including caregiver leave and leave under Colorado’s Healthy Families and Workplaces Act)
  • Employee Assistance Program (EAP)
  • Flexible Work Stipend
APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx