Senior Bug Bounty Security Engineer

Position Overview:

Our client is seeking a highly skilled and motivated Bug Bounty Security Engineer to join our cybersecurity team. The ideal candidate will play a critical role in identifying analyzing and mitigating security vulnerabilities in our systems applications and infrastructure. As part of this role you will manage and enhance our bug bounty program collaborate with external security researchers and ensure the highest level of security for our organization.

Key Responsibilities:

1. Bug Bounty Program Management:

• Oversee the organizations bug bounty program including defining scope rules and rewards.
• Review and validate vulnerability reports submitted by external researchers.
• Ensure timely triaging prioritization and resolution of reported vulnerabilities.

• Analyze reported vulnerabilities and assess their impact on the organizations systems.
• Collaborate with development and infrastructure teams to implement fixes and security patches.
• Conduct root cause analysis to prevent recurrence of vulnerabilities.

• Build and maintain strong relationships with external security researchers and ethical hackers.
• Provide clear communication and feedback to researchers regarding their submissions.

• Perform penetration testing and security assessments to proactively identify vulnerabilities.
• Utilize automated tools and manual techniques to uncover security weaknesses.

• Continuously improve the bug bounty program by expanding scope and refining processes.
• Monitor industry trends and adopt best practices in vulnerability disclosure and bug bounty management.

• Maintain detailed records of vulnerability reports remediation efforts and program metrics.
• Prepare regular reports for management on program performance and security posture.

• Educate internal teams on security best practices and the importance of vulnerability management.
• Conduct workshops or training sessions to improve security awareness across the organization.

Qualifications:

• Bachelors degree in Computer Science Cybersecurity or a related field.
• Proven experience in vulnerability management penetration testing or security engineering.
• Strong knowledge of web application security network security and secure coding practices.
• Familiarity with bug bounty platforms such as HackerOne Bugcrowd or similar.
• Proficiency in tools like Burp Suite Metasploit Nessus and other security testing tools.
• Understanding of common vulnerabilities (e.g. OWASP Top 10) and their remediation techniques.
• Excellent analytical problem-solving and communication skills.
• Relevant certifications such as CEH OSCP CISSP or similar are a plus.

Preferred Skills:

• Experience managing bug bounty programs or vulnerability disclosure initiatives.
• Knowledge of cloud security and containerized environments (e.g. AWS Azure Kubernetes).
• Ability to work in a fast-paced environment and handle multiple priorities effectively.