HackerOne is a global leader in offensive security solutions. Our HackerOne Platform combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security. We are trusted by industry leaders like Amazon, Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense. HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.
HackerOne is at a pivotal inflection point in the security industry. Offensive security is no longer optional – it is the standard for forward-thinking companies that want to build trust and resilience in a world where AI-driven innovation and adversaries are moving faster than ever. With the industry shifting, HackerOne stands apart: we combine the ingenuity of the largest security research community with a best-in-class AI-powered platform, trusted by the world’s top organizations.
HackerOne Values
HackerOne is dedicated to fostering a strong and inclusive culture. HackerOne is Customer Obsessed and prioritizes customer outcomes in our decisions and actions. We Default to Disclosure by operating with transparency and integrity, ensuring trust and accountability. Employees, researchers, customers, and partners Win Together by fostering empowerment, inclusion, respect, and accountability.
Product Security Analyst
Location: Pune, India
Position Summary
HackerOne is seeking a dynamic individual with a passion for Information Security to join our Technical Services team. As a Product Security Analyst, you will gain hands-on technical experience and exposure to some of the world’s best hackers while delivering high-impact vulnerabilities to the top bug bounty programs in the industry.
This role requires excellent communication skills, intellectual curiosity and drive to acquire the technical skills you’ll need to ensure every valid bug report is reproducible and provides value to HackerOne customers.
As we open our new office in Pune, India, we’re excited to welcome team members who value in-person connection, collaboration, and shared purpose. All roles in Pune are hybrid by design – remote options are not available. For the types of challenges we’ll tackle and the work we’ll do together, we believe in-person connection will be essential to building strong relationships, solving problems effectively, and fostering a vibrant community.
As a fully integrated part of HackerOne’s global team, the Pune office will play a meaningful role in advancing our culture and mission. At HackerOne, we Win Together – and our Pune team will help lead the way by shaping a dynamic, in-person culture rooted in purpose and partnership.
What You Will Do
Evaluate assigned vulnerability reports submitted by hackers to determine the validity, risk and severity to HackerOne customers
Collaborate with hackers to address missing information from reports as well as educate the HackerOne community members when reports are invalid
Compose a technical summary for each valid report that includes clear and concise details regarding the impact, steps to reproduce and remediation advice
Ensure clear and efficient communication between hackers and customers
Proactively identify and solve issues, as well as accept and quickly respond to delegated work; as we are distributed, being able to win as a team to solve problems is critical to our success
Assess vulnerability findings and determine whether the submission is valid based on program policies, scope and impact.
Independently reproduce reported vulnerabilities in a test environment and compose a technical summary for valid findings.
Minimum Qualifications
Proven experience with vulnerability disclosure and bug bounty (experience managing a bug bounty program is a plus but not required)
3+ years of professional working experience
3+ years of hands-on experience doing security testing or ethical hacking on web and mobile applications
Strong technical knowledge of OWASP top 10
Comfortable using security testing tools including Burpsuite
Excellent written and verbal communication skills
Experience using frameworks such as CVSS
Self-motivated and able to manage your time and energy output while maintaining a consistent and sustainable operational rhythm
This role is based in our Pune office and you must be able to work 4-5 days a week in office
You must be open to and flexible around shift work.,
English fluency
Compensation
₹2.5M – ₹2.8M • Offers Equity
#LI-MH1
Job Benefits:
Health (medical, vision, dental), life, and disability insurance*
Equity stock options
Retirement plans
Paid public holidays and unlimited PTO
Paid maternity and parental leave
Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)
Employee Assistance Program
Flexible Work Stipend
*Eligibility may differ by country
We're committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).
Visa/work permit sponsorship is not available.
Employment at HackerOne is contingent on a background check.
HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.
This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.
For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.
