HackerOne is looking for a Senior Security Analyst to join our Technical Services team in India. In this role, you will be responsible for ensuring the technical accuracy, quality, and consistency of our triage services while mentoring other analysts. You will take ownership of complex vulnerabilities and lead triage operations for key customer programs.
What You'll Do
- Evaluate vulnerability reports submitted by hackers to determine their validity, severity, and relevance.
- Take ownership of complex and high-priority reports, ensuring accurate reproduction, impact assessment, and remediation guidance.
- Collaborate with hackers and customers to drive clarity in communication and facilitate effective vulnerability resolution.
- Mentor and support junior analysts by sharing expertise and guiding through complex reproductions.
- Lead triage operations for select high-value or critical customer programs, ensuring SLAs, quality metrics, and customer satisfaction targets are met.
- Upskill team members on emerging attack vectors, tools, and best practices through internal training sessions.
- Work across multiple tech stacks (web, mobile, APIs, cloud, etc.), ensuring technical excellence across diverse vulnerability reports.
- Identify process improvements and contribute to internal projects aimed at enhancing triage workflows, tooling, and efficiency.
- Proactively assist in backlog management, quality control, and escalation handling for critical vulnerabilities.
- Act as a technical point of contact for program-specific escalations and process clarifications.
What We're Looking For
- 5+ years of hands-on experience in application security, security testing, or ethical hacking across web, mobile, and/or cloud environments.
- Experience leading high profile customers.
- Strong understanding of OWASP Top 10 and deep technical knowledge of various vulnerability classes.
- Proven experience triaging, reproducing, or responding to vulnerability reports (bug bounty or VDP).
- Proficiency with tools such as Burp Suite, browser developer tools, and command-line utilities for testing and reproduction.
- Demonstrated ability to handle and break down complex vulnerability reports.
- Strong written and verbal communication skills to effectively collaborate with hackers and customers.
- Experience using vulnerability classification frameworks like CVSS or VEX.
- Proven ability to mentor or lead peers or junior analysts in a team setting.
- Self-motivated and organized; able to handle dynamic workloads and shifting priorities.
- Comfortable leading customer-facing triage workflows and discussions.
- Fluent in English.
- Ready to work in EMEA shift / flexible shifts.
Nice to Have
- Experience leading or managing security programs (VDPs or bug bounty).
- Exposure to cloud platforms (AWS, GCP, Azure) and relevant security implications.
- Familiarity with scripting or automation (Python, Bash, etc.) for security tooling or data handling.
- Previous experience in mentoring or team leadership roles in security teams.
Technical Stack
- Burp Suite
- Browser developer tools
- Command-line utilities
- AWS, GCP, Azure
- Python, Bash
Team & Environment
You will be part of the Technical Services team, focusing on high-quality vulnerability triage and analyst mentorship.
Benefits & Compensation
- Health (medical, vision, dental), life, and disability insurance
- Equity stock options
- Retirement plans
- Paid public holidays and unlimited PTO
- Paid maternity and parental leave
- Leaves of absence (including caregiver leave)
- Employee Assistance Program
- Flexible Work Stipend
- Compensation: INR 3,064,000 to 3,447,000 annually
Work Mode
This is an onsite position located in Pune, India.
HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic.
