HackerOne needs to lead the design, execution, and continuous improvement of high-impact live security testing programs to address the increasing need for offensive security in a rapidly evolving threat landscape.
Requirements
- 7+ years in offensive security, vulnerability research, application security, or technical security delivery.
- Deep understanding of the bug bounty landscape, vulnerability lifecycle management, and researcher engagement dynamics.
- Strong technical skills in identifying, validating, and reproducing vulnerabilities across web, mobile, cloud, and modern application stacks.
- Demonstrated experience leading strategic enterprise customer-facing technical programs and managing escalations with enterprise clients.
- Proven success guiding internal and external teams through live delivery, incident response, or high-pressure program moments.
- Familiarity with tooling like Burp Suite, ZAP, Caido, or similar; comfortable with CVSS and alternative impact/risk scoring methodologies.
- Working knowledge of scripting or coding (Python, Bash, etc.) to create point-in-time solutions or automation.
Responsibilities
- Own end-to-end technical delivery of Live Hacking Events, including planning, scoping, coordination, technical oversight, and post-engagement analysis.
- Lead technical discussions with customers and internal stakeholders to define testing scope, reward structures, triage expectations, and researcher engagement strategy.
- Guide internal and external teams on best practices for vulnerability validation, prioritization, and communication.
- Oversee the live vulnerability assessment workflow and partner with customer and triage leadership to ensure accurate and timely validation of findings.
- Proactively identify and resolve engagement risks - whether technical, operational, or interpersonal - to ensure delivery excellence.
- Develop point-in-time tools, workflows or automation to improve triage, researcher enablement, and vulnerability lifecycle efficiency as it relates to the live hacking program.
- Propose and develop automation or scripting solutions to address operational bottlenecks or novel problem sets live as it relates to the live hacking program and quality deliverables.
Other
- Excellent verbal and written communication, including the ability to explain complex technical issues to non-technical stakeholders.
- Strong documentation, prioritization, and reporting skills.
- Experience participating in or managing bug bounty programs (e.g., HackerOne, Bugcrowd, Intigriti).
- Deep appreciation of both the hacker mindset and product security challenges.
- Knowledge of budgeting, pacing, and operational metrics in customer-facing testing engagements.
