Join the Offensive Security Revolution at HackerOne
HackerOne is at the forefront of offensive security, empowering organizations to proactively identify and remediate vulnerabilities. Our platform combines the power of AI with the ingenuity of the world's largest community of security researchers, delivering solutions that span bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security. We're trusted by industry giants like Amazon, Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense. Named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024, we're building a team that's passionate about making the internet a safer place.
We're seeking a dynamic and driven Security Analyst to join our Technical Services team in London. This is your chance to gain hands-on experience, learn from the best hackers in the world, and make a real impact by delivering high-impact vulnerabilities to top bug bounty programs.
Why HackerOne?
Be a Part of Something Bigger: Offensive security is no longer a luxury – it's a necessity. Join a company that's leading the charge in helping organizations build trust and resilience in the face of ever-evolving threats.
Work with the Best: Collaborate with a global community of elite security researchers and a team of passionate professionals.
Cutting-Edge Technology: Leverage a best-in-class AI-powered platform to identify and validate vulnerabilities.
Flexible Work Environment: We embrace a Flexible Work approach, allowing you to work remotely while staying connected with your team through occasional in-person interactions in the London area.
Values-Driven Culture: We're Customer Obsessed, Default to Disclosure, and believe we Win Together.
What You'll Do
Evaluate vulnerability reports submitted by hackers, determining their validity, risk, and severity for HackerOne customers.
Collaborate with hackers to gather missing information and educate community members on report quality.
Compose clear and concise technical summaries for valid reports, including impact, reproduction steps, and remediation advice.
Facilitate efficient communication between hackers and customers, ensuring a smooth and transparent vulnerability disclosure process.
Proactively identify and solve issues, contributing to a collaborative and supportive team environment.
What You'll Bring
Proven experience with vulnerability disclosure and bug bounty programs (managing a program is a plus).
3+ years of hands-on web application testing experience.
Strong understanding of the OWASP Top 10 vulnerabilities.
Comfortable using security testing tools like Burp Suite.
Excellent written and verbal communication skills.
Experience using frameworks like CVSS to assess vulnerability severity.
Self-motivated, able to manage your time effectively and maintain a sustainable operational rhythm.
English fluency.
Compensation & Benefits
UK Compensation Range: £64,000 – £80,000
Health (medical, vision, dental), life, and disability insurance*
Equity stock options
Retirement plans
Paid public holidays and unlimited PTO
Paid maternity and parental leave
Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)
Employee Assistance Program
Flexible Work Stipend
*Eligibility may differ by country
#LI-MH1
#LI-Remote
Join us and help shape the future of offensive security!
We're committed to building a global team! For certain roles outside the United States, India, the U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).
Visa/work permit sponsorship is not available.
Employment at HackerOne is contingent on a background check.
HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.
This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.
For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.