Lead Triage Security Analyst

HackerOne is the global leader in human-powered security, harnessing the creativity of the world's largest community of security researchers with cutting-edge AI to protect your digital assets. The HackerOne Platform combines the expertise of our elite community and the most up-to-date vulnerability database to pinpoint critical security flaws across your attack surface. Our integrated solutions, including bug bounty, pentesting, code security audits, spot checks, and AI red teaming, ensure continuous vulnerability discovery and management throughout the software development lifecycle. Trusted by industry leaders such as Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.

HackerOne is seeking a dynamic individual with a passion for Information Security to join our Technical Services team. Bug Bounty Triage Lead is a key technical leadership role responsible for one of the biggest programs on HackerOne.

This role requires a combination of technical expertise, leadership skills, and strategic thinking to ensure efficient triage and team performance. Excellent communication skills, intellectual curiosity and drive to provide value to top HackerOne customers will ensure your success.

At HackerOne, we embrace a Flexible Work approach, enabling our team members to work remotely while maintaining productivity and collaboration. We are seeking candidates located in Seattle, WA; San Francisco Bay Area; Austin, TX; or Washington, DC, and the surrounding metropolitan areas, to facilitate occasional in-person interactions as needed. While the position is primarily remote, there will be periodic in-person requirements to support team collaboration and foster stronger connections. This approach ensures flexibility while providing opportunities to build meaningful in-person relationships that strengthen our team and company culture.

• Lead and manage the dedicated triage operations for one of HackerOne's marquee customers, including onboarding and training new team members

• Act as a subject matter expert on Bug Bounty Triage with deep technical understanding of vulnerabilities and risks

• Act as the primary escalation point for triage situations

• Lead weekly/monthly/quarterly meetings to ensure efficient operations and continuous improvement

• Own and implement changes in the vulnerability triage process to improve efficiency and effectiveness

• Document, share, and maintain Standard Operating Procedures (SOPs) around bug bounty triage

• Collaborate with leadership and cross-functional teams on strategic roadmaps that align with broader business goals, including crawl, walk, and run components

• Perform quality assurance on work done by team members

• Identify and escalate risks in Triage performance to leadership and account teams

• 5 years of experience in application security testing

• 1 Technical leadership experience in past roles

• 2 years of experience program managing complex technical programs

• Proven experience with vulnerability disclosure and bug bounty (experience managing a bug bounty program is a plus but not required)

• Deep technical knowledge of application security vulnerabilities, risks and severity rating frameworks such as CVSS

• Excellent analytical and problem-solving skills

• Excellent communication skills, both written and verbal

• Ability to manage multiple priorities and stakeholders effectively

• Must be willing to travel 30% of the time both locally and internationally

• Past/present security community involvement is a plus

• Strong knowledge of cloud security on AWS environment

Compensation Bands:

$176K - $198K * Offers Equity

$158K - $178K * Offers Equity

#LI-Remote

#LI-HM1

• Health (medical, vision, dental), life, and disability insurance*

• Equity stock options

• Retirement plans

• Paid public holidays and unlimited PTO

• Paid maternity and parental leave

• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)

• Employee Assistance Program

• Flexible Work Stipend

*Eligibility may differ by country

We are a Circle Back Initiative Employer and commit to responding to every applicant.

We're committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).

Employment at HackerOne is contingent on a background check.

HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.

This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.

For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.

HackerOne Values

HackerOne commits to maintaining a strong, inclusive culture built for our employees and our community of hackers. We are driven by our five core values. We recognize that our mission is bigger than us, and therefore act with integrity at all times. As a team, we believe that transparency builds trust so we default to disclosure in our communications. Each individual executes with excellence, creating an environment of greater alignment and greater autonomy. We win as a team and respect all people to empower everyone to learn from each other, innovate, and grow.

Compensation Range: $158K - $198K