Product Security Analyst, EMEA

HackerOne is seeking a dynamic individual with a passion for Information Security to join our Technical Services team. As a Security Analyst, you will gain hands‑on technical experience and exposure to some of the world's best hackers while delivering high‑impact vulnerabilities to the top bug bounty programs in the industry. This role requires excellent communication skills, intellectual curiosity, and drive to acquire the technical skills you'll need to ensure every valid bug report is reproducible and provides value to HackerOne customers.

We are seeking candidates located in London and the surrounding metropolitan areas to facilitate occasional in‑person interactions as needed. While the position is primarily remote, there will be periodic in‑person requirements to support team collaboration and foster stronger connections.

• Evaluate assigned vulnerability reports submitted by hackers to determine validity, risk, and severity to HackerOne customers.
• Collaborate with hackers to address missing information from reports and educate the HackerOne community when reports are invalid.
• Compose a technical summary for each valid report that includes clear, concise details regarding impact, steps to reproduce, and remediation advice.
• Ensure clear and efficient communication between hackers and customers.
• Proactively identify and solve issues, and accept and quickly respond to delegated work; being able to win as a team is critical to our success.
• A significant portion of your time will be spent working on one of our biggest clients—a large social media platform.

• Proven experience with vulnerability disclosure and bug bounty (experience managing a bug bounty program is a plus but not required).
• 3 years of manual Web App testing experience.
• Strong technical knowledge of the OWASP Top 10.
• Comfortable using security testing tools, including Burpsuite.
• Excellent written and verbal communication skills.
• Experience using frameworks such as CVSS.
• Self‑motivated and able to manage your time and energy output while maintaining a consistent, sustainable operational rhythm.
• English fluency.

• Health (medical, vision, dental), life, and disability insurance.
• Equity stock options.
• Retirement plans.
• Paid public holidays and unlimited PTO.
• Paid maternity and parental leave.
• Leaves of absence, including caregiver leave and leave under CO's Healthy Families and Workplaces Act.
• Employee Assistance Program.
• Flexible Work Stipend.
• Eligibility may differ by country.

Salary: £64,000 – £80,000.

HackerOne is a global leader in Continuous Threat Exposure Management (CTEM). The HackerOne Platform unites AI solutions with the ingenuity of the world's largest community of security researchers to continuously discover, validate, prioritize, and remediate exposures across code, cloud, and AI systems. Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming, and code security, HackerOne delivers measurable, continuous reduction of cyber risk for enterprises. Industry leaders—including Anthropic, Crypto.com, General Motors, Goldman Sachs, Lufthansa, Uber, UK Ministry of Defence, and the U.S. Department of Defense—trust HackerOne to safeguard their digital ecosystems. HackerOne was recognized in Gartner's Emerging Tech Impact Radar: AI Cybersecurity Ecosystem report for its leadership in AI Security Testing and has been named a Most Loved Workplace for Young Professionals (2024). HackerOne is at a pivotal inflection point in the security industry. Offensive security is no longer optional—it is the standard for forward‑thinking companies that want to build trust and resilience in a world where AI‑driven innovation and adversaries are moving faster than ever. Through this shift, HackerOne stands apart by combining the ingenuity of a large security research community with a best‑in‑class AI‑powered platform, trusted by top organizations.

Equal Opportunity Statement: HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws. This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. For US‑based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.

We are committed to building a global team! For certain roles outside the United States, India, the United Kingdom, and the Netherlands, we partner with Remote.com as our Employer of Record (EOR). Visa/work permit sponsorship is not available. Employment at HackerOne is contingent on a background check.