HackerOne is the global leader in human-powered security, harnessing the creativity of the world’s largest community of security researchers with cutting-edge AI to protect your digital assets. The HackerOne Platform combines the expertise of our elite community and the most up-to-date vulnerability database to pinpoint critical security flaws across your attack surface. Our integrated solutions, including bug bounty, pentesting, code security audits, spot checks, and AI red teaming, ensure continuous vulnerability discovery and management throughout the software development lifecycle. Trusted by industry leaders such as Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.
Candidates will need to be based out of Pune, India.
As a Triage Analyst at HackerOne, you will be the first point of contact for incoming vulnerability reports. Your role will focus on the initial intake, evaluation, and assignment of these reports, ensuring they are directed to the appropriate triage team members for further analysis. This position is ideal for someone with foundational knowledge of security vulnerabilities who is eager to develop their expertise in vulnerability triage.
Initial Intake: Receive and process incoming vulnerability reports, ensuring that all necessary information is included before passing them on to the triage team.
Preliminary Assessment: Conduct an initial assessment of the reports to identify obvious false positives and ensure they align with the program’s scope.
Collaboration: Work closely with the triage team to ensure smooth handoff and follow-up on any required additional information from hackers.
Documentation: Assist in maintaining accurate records of report intake and initial findings, supporting the team in tracking and prioritizing reports.
Communication: Provide clear and concise communication with hackers regarding the status of their submissions and any missing details required for further evaluation.
Continuous Learning: Stay updated on the latest security trends and vulnerabilities to enhance your understanding and support your growth within the triage team.
Validation: Responsible for validating quick wins, including redundant or basic vulnerabilities, ensuring they are efficiently and accurately assessed due to their ease and speed of validation.
1+ years of experience working on vulnerability disclosure and bug bounty programs.
1+ years of experience of web application security testing
Basic web and mobile application security understanding, including familiarity with the OWASP Top 10.
Experience using basic security testing tools (e.g., Burpsuite).
Strong attention to detail and ability to follow procedures for initial report intake.
Excellent written and verbal communication skills.
Self-motivated with a willingness to learn and grow within the security field.
Excellent decision making skills
Willingness to commute to a WeWork in Pune if needed or on a regular basis.
Able to work shift work. We are hiring for 12 positions with ranging shifts: 8am - 5pm IST, 12:30-9.30pm IST, and 6.30pm - 3.30am IST
English fluency
India Compensation Bands:
2,120,000 INR - 2,385,000 INR per year
#LI-Remote
#LI-MR1
We are a Circle Back Initiative Employer and commit to responding to every applicant.
We're committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).
Employment at HackerOne is contingent on a background check.
HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.
This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.
For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.
HackerOne Values
HackerOne commits to maintaining a strong, inclusive culture built for our employees and our community of hackers. We are driven by our five core values. We recognize that our mission is bigger than us, and therefore act with integrity at all times. As a team, we believe that transparency builds trust so we default to disclosure in our communications. Each individual executes with excellence, creating an environment of greater alignment and greater autonomy. We win as a team and respect all people to empower everyone to learn from each other, innovate, and grow.