Application Security Engineer - Bug bounty

Responsibilities

• Manage and oversee the company's bug bounty program on platforms like HackerOne, HackenProof, and Bugcrowd.
• Triage and validate bug reports submitted by external researchers.
• Prioritize and categorize bugs based on severity and potential impact.
• Collaborate with the engineering and security teams to understand, track, and remediate vulnerabilities.
• Facilitate communication between external researchers, security teams, and developers to ensure effective resolution of security issues.
• Provide clear and constructive feedback to external researchers.
• Maintain a strong relationship with the bug bounty community.
• Keep up-to-date with the latest cybersecurity trends, vulnerabilities, and threats.
• Prepare and present reports on bug bounty program performance.

Requirements

• 2+ Years of hands-on experience in the Application Security field.
• Experience in a similar role, managing bug bounty programs and handling vulnerability reports will be a definite advantage.
• Strong understanding of web and mobile application security.
• Deep understanding of application security frameworks such as OWASP Top 10 and possess a strong sense of security regarding business and financial logic flaws.
• Proficiency in using bug bounty platforms like HackerOne, HackenProof, Bugcrowd, etc.
• Excellent problem-solving skills and attention to detail.
• Strong communication skills, with the ability to explain complex security issues to non-technical stakeholders.
• Experience in coordinating and collaborating with diverse teams.
• The ability to read code and understand how the back-end responds to API requests in programming languages such as Java, Ruby, Elixir, and JavaScript is crucial.
• Relevant certifications such as Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) are a plus.