Product Security Analyst

HackerOne, Inc.

Job Overview

Location

Washington DC

Job Type

Full-time

Full Job Description

📋 Description

• Evaluate vulnerability reports submitted by security researchers to determine validity, severity, exploitability, and business impact for HackerOne customers using data-driven decision making and security frameworks such as CVSS.
• Independently reproduce reported vulnerabilities across web and mobile applications, applying first principles problem solving to validate findings, identify root causes, and clearly communicate impact.
• Collaborate directly with security researchers to gather missing information, clarify technical details, and improve report quality while maintaining clear and professional communication with customers.
• Create concise, technically accurate summaries for validated findings, including reproduction steps, impact analysis, and remediation guidance.
• Adapt to evolving customer environments, changing program scopes, emerging attack techniques, and shifting operational priorities through change agility.
• Leverage automation and AI-enabled workflows to improve operational efficiency, report analysis, and vulnerability triage quality as part of an AI-first approach.
• Partner cross-functionally with Technical Services teammates and customer-facing teams to ensure timely handling of vulnerabilities and a high-quality customer experience.
• Proactively identify opportunities to improve internal processes, documentation, tooling, and triage workflows to enhance scalability and consistency across the Technical Services organization.
• Work remotely within approximately 50 miles of Boston, MA; Austin, TX; Washington, DC; Seattle, WA; or San Francisco Bay Area, CA, with flexibility for occasional in-person collaboration to foster team connection and culture.
• Engage with the world’s largest community of security researchers to validate and prioritize exposures across code, cloud, and AI systems.
• Apply knowledge of common application security vulnerabilities, including the OWASP Top 10, to assess and communicate risks to enterprise customers.
• Utilize security testing tools such as Burp Suite to conduct manual and automated analysis of application security findings.
• Maintain high standards of transparency and integrity in all interactions with researchers, customers, and internal teams, aligned with HackerOne’s Default to Disclosure value.
• Contribute to a culture of empowerment, inclusion, respect, and accountability, where employees, researchers, customers, and partners win together.

🎯 Requirements

• 3+ years of hands-on experience performing security testing, vulnerability research, or ethical hacking on web and mobile applications.
• Strong technical understanding of common application security vulnerabilities, including the OWASP Top 10.
• Experience using security testing tools such as Burp Suite and familiarity with vulnerability scoring frameworks including CVSS.
• Excellent written and verbal communication skills in English, including the ability to communicate technical concepts clearly to both technical and non-technical audiences.

🏖️ Benefits

• Health (medical, vision, dental), life, and disability insurance
• Equity stock options
• Retirement plans
• Paid public holidays and unlimited PTO
• Paid maternity and parental leave
• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)
• Employee Assistance Program

Skills & Technologies

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

AI Job Fit Analysis

Pro

See exactly how your profile matches this role — strengths, skill gaps, and what to do about them.

HackerOne, Inc.

Visit Website

About HackerOne, Inc.

HackerOne operates a vulnerability coordination and bug-bounty platform that connects organizations with a global community of security researchers. Companies run managed programs to receive responsibly disclosed security flaws, set reward tiers, and track remediation. The San Francisco–headquartered firm provides triage, disclosure, analytics, and compliance tooling to enterprises and government agencies seeking continuous security testing beyond traditional audits and scans.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.