Security Analyst, Bug Bounty

This is a fully remote position, open to applicants in North America.

📋 Description

• Evaluate, interpret, replicate, and prioritize incoming security vulnerability reports from the bug bounty initiative.

• Effectively communicate with security researchers to clarify ambiguous reports, enhance report quality, and foster engagement with leading hackers.

• Grasp the underlying causes of security vulnerabilities to assist product and engineering teams in their resolution, and provide guidance on appropriate mitigation strategies.

• Oversee the submission lifecycle from initiation to resolution, collaborating with product and engineering stakeholders.

• Serve as the security liaison between external researchers and internal teams to ensure swift and efficient remediation.

• Perform comprehensive data analysis on bug reports and vulnerability trends to identify systemic risks and guide new security initiatives.

• Offer tactical assistance for vulnerability management triage processes to support the team as necessary.

• Develop and implement enhancements to the overall bug bounty program.

• Provide insights and requirements for tool development to improve triage and security workflows, capitalizing on automation opportunities.

⛳️ Requirements

• Demonstrated capability to track bug reports, reproduce, and correctly prioritize security vulnerabilities.

• Extensive knowledge of web security challenges, attack vectors, and exploitation techniques (e.g., OWASP Top 10, CWEs, CVEs).

• Proficient in offensive security tools for issue reproduction (e.g., Burp Suite, Nuclei, custom scripting).

• Ability to adopt an attacker’s perspective to comprehend the impact of vulnerabilities.

• Skilled in clear and succinct written and verbal communication, capable of conveying complex technical concepts to both technical and non-technical audiences.

• Experience in one of the following domains:

• Hands-on experience within a bug bounty program or in the triage of security vulnerability reports.

• In-depth familiarity with Stripe products and assets, combined with a robust general security understanding.

🏝️ Benefits

• Competitive salary

• Health insurance

• Retirement plans

• Professional development opportunities