Security Vulnerability Engineer - Bug Bounty Program
Led by the Chief Information Security Officer (CISO) for one of the world's leading investment banks, this group secures our client’s organisation against hackers and other cyber threats. Responsible for detecting and preventing attempted cyber intrusions against the firm; helping to develop more secure applications and infrastructure; developing software in support of their efforts; measuring cybersecurity risk; and designing and driving the implementation of cybersecurity controls.
The team has a global presence across the Americas, APAC, India and EMEA. They are a team of security, software, and product engineers that allow the firm to respond appropriately to firm risks through the use of detection models, security architecture, and cutting-edge cyber threat analysis to manage internal and external threats against the firm.
In this role, you will join a dedicated team that manages the firm’s bug bounty program, where they help remediate the firm’s risk to external threats. You will be verifying vulnerability reports; testing for variations, and discovering the extent of unique issues while partnering with other risk management and engineering teams to track issues through resolution. The ideal candidate should be someone with existing cybersecurity experience, a strong technical understanding of web and mobile applications and architecture, and a drive to continually learn new attacks and techniques.
- Collaborate with external researchers to reproduce and investigate vulnerabilities submitted through the public and private bug bounty programs
- Use your skills to determine the appropriate impact and risk of vulnerabilities
- Work directly with project teams to help them understand the risk of findings and provide remediation guidance
- Coordinate with Technology Risk advisory and issue management teams to track remediation timelines and ensure vulnerabilities are fixed in a timely manner
- Identify best practices that can be shared across the organization
- Share knowledge through internal blog posts and presentations
Technical Experience and Qualifications
- Experience with vulnerability assessment and penetration testing of web and mobile applications
- Understand security fundamentals and common vulnerabilities
- Working knowledge of common security tools (Burp, Metasploit, Netcat, etc.)
- Strong communication and presentation skills and the ability to clearly articulate vulnerabilities and risks to both technical and non-technical audiences
- Strong sense of ownership and driven to manage tasks to completion
- 2-5 years of application security experience
- Scripting/programming skills in one or more languages
- Familiarity or experience with enterprise networks and software platforms
- Good reputation on a bug bounty platform and/or published vulnerabilities
Apply for this role
All fields marked with * are required.