Join HackerOne as a Product Security Analyst in Pune!
Are you passionate about cybersecurity and eager to make a real-world impact? At HackerOne, we're revolutionizing offensive security by combining the ingenuity of the world's largest community of security researchers with our cutting-edge, AI-powered platform. Trusted by industry giants like Amazon, Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense, we're at the forefront of helping organizations build trust and resilience in an increasingly complex threat landscape.
HackerOne was recognized as a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024. We're looking for a dynamic Product Security Analyst to join our growing Technical Services team in our new Pune, India office.
Location: Pune, India (Hybrid - In-Office 4-5 days/week)
Why Join HackerOne?
This isn't just another job; it's an opportunity to:
Gain Hands-On Experience: Work alongside some of the world’s best hackers, analyzing real-world vulnerabilities and contributing to top bug bounty programs.
Make a Difference: Ensure that every valid bug report provides actionable value to HackerOne customers, helping them secure their critical assets.
Be Part of a Collaborative Team: Thrive in a hybrid environment that fosters strong relationships, problem-solving, and a vibrant community.
Shape Our Culture: As an integral part of HackerOne's global team, you'll help shape a dynamic, in-person culture rooted in purpose and partnership.
What You'll Do:
Vulnerability Validation: Evaluate vulnerability reports submitted by hackers, determining their validity, risk, and severity for HackerOne customers.
Community Collaboration: Engage with hackers to clarify report details and provide guidance when reports are invalid, fostering a positive and educational environment.
Technical Summarization: Craft clear, concise technical summaries for valid reports, detailing the impact, reproduction steps, and remediation advice.
Communication Management: Facilitate clear and efficient communication between hackers and customers, ensuring smooth resolution of reported issues.
Proactive Problem-Solving: Identify and resolve issues proactively, collaborating effectively with the team to overcome challenges and achieve shared goals.
Policy Enforcement: Assess vulnerability findings against program policies, scope, and impact to determine validity.
Independent Reproduction: Reproduce reported vulnerabilities in a test environment and document valid findings in comprehensive technical summaries.
What You'll Bring:
Experience: 3+ years of professional experience, including a strong background in vulnerability disclosure and bug bounty programs (management experience a plus).
Technical Expertise: 3+ years of hands-on experience in security testing or ethical hacking on web and mobile applications.
OWASP Proficiency: Solid understanding of OWASP top 10 vulnerabilities and mitigation techniques.
Tool Mastery: Comfortable using security testing tools such as Burp Suite.
Communication Skills: Excellent written and verbal communication skills.
Framework Familiarity: Experience using frameworks like CVSS for vulnerability scoring.
Self-Motivation: Ability to manage your time and energy effectively while maintaining a consistent and sustainable operational rhythm.
Location: Must be able to work 4-5 days a week in our Pune office.
Flexibility: Open to and flexible around shift work.
Language: English fluency.
Compensation & Benefits:
Compensation: ₹2.5M – ₹2.8M • Offers Equity
Health (medical, vision, dental), life, and disability insurance*
Equity stock options
Retirement plans
Paid public holidays and unlimited PTO
Paid maternity and parental leave
Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)
Employee Assistance Program
Flexible Work Stipend
*Eligibility may differ by country
We're committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).
Important Note: Visa/work permit sponsorship is not available for this role.
Employment at HackerOne is contingent on a background check.
HackerOne is an Equal Opportunity Employer, committed to providing equal employment opportunities to all employees and applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws. We make hiring decisions based solely on qualifications, merit, and business needs at the time.
For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.
If you're ready to join a team that's shaping the future of cybersecurity, apply now!
#LI-MH1