Senior Security Analyst, India

HackerOne is a global leader in offensive security solutions. Our HackerOne Platform combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security. We are trusted by industry leaders like Amazon, Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense. HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.

HackerOne is at a pivotal inflection point in the security industry. Offensive security is no longer optional – it is the standard for forward-thinking companies that want to build trust and resilience in a world where AI-driven innovation and adversaries are moving faster than ever. With the industry shifting, HackerOne stands apart: we combine the ingenuity of the largest security research community with a best-in-class AI-powered platform, trusted by the world’s top organizations.

HackerOne Values

HackerOne is dedicated to fostering a strong and inclusive culture. HackerOne is Customer Obsessed and prioritizes customer outcomes in our decisions and actions. We Default to Disclosure by operating with transparency and integrity, ensuring trust and accountability. Employees, researchers, customers, and partners Win Together by fostering empowerment, inclusion, respect, and accountability.

Senior Product Security Analyst

Location: Pune, India

Working model: In office (4-5 days a week from the office)

Team: Technical Services

HackerOne is looking for a Senior Product Security Analyst to join our Technical Services team. As a senior member of the team, you will play a critical role in ensuring the technical accuracy, quality, and consistency of our triage services while contributing to the growth and mentoring of other analysts.

You will work closely with the world’s best ethical hackers, handle some of the most complex and high-impact vulnerabilities, and lead triage operations for key programs. This role is ideal for someone who is technically proficient across multiple tech stacks, thrives in a collaborative environment, and is passionate about nurturing talent and improving security outcomes for our customers.

As we open our new office in Pune, India, we’re excited to welcome team members who value in-person connection, collaboration, and shared purpose. All roles in Pune are hybrid by design – remote options are not available. For the types of challenges we’ll tackle and the work we’ll do together, we believe in-person connection will be essential to building strong relationships, solving problems effectively, and fostering a vibrant community.

As a fully integrated part of HackerOne’s global team, the Pune office will play a meaningful role in advancing our culture and mission. At HackerOne, we Win Together – and our Pune team will help lead the way by shaping a dynamic, in-person culture rooted in purpose and partnership.

What You’ll Do

• Evaluate vulnerability reports submitted by hackers to determine their validity, severity, and relevance to customer programs.
• Take ownership of complex and high-priority reports, ensuring accurate reproduction, impact assessment, and remediation guidance.
• Collaborate with hackers and customers to drive clarity in communication and facilitate effective vulnerability resolution.
• Mentor and support junior analysts by sharing expertise, guiding through complex reproductions, and fostering a learning-oriented environment.
• Lead triage operations for select high-value or critical customer programs, ensuring SLAs, quality metrics, and customer satisfaction targets are met.
• Upskill team members on emerging attack vectors, tools, and best practices through internal training sessions and knowledge-sharing initiatives.
• Work across multiple tech stacks (web, mobile, APIs, cloud, etc.), ensuring technical excellence across diverse types of vulnerability reports.
• Identify process improvements and contribute to internal projects aimed at enhancing triage workflows, tooling, and efficiency.
• Proactively assist in backlog management, quality control, and escalation handling for critical vulnerabilities.
• Act as a technical point of contact for program-specific escalations and process clarifications.
  
  

Minimum Qualifications

• 5+ years of hands-on experience in application security, security testing, or ethical hacking across web, mobile, and/or cloud environments.
• Experience leading high profile customers
• Strong understanding of OWASP Top 10 and deep technical knowledge of various vulnerability classes.
• Proven experience triaging, reproducing, or responding to vulnerability reports (bug bounty or VDP).
• Proficiency with tools such as Burp Suite, browser developer tools, and command-line utilities for testing and reproduction.
• Demonstrated ability to handle and break down complex vulnerability reports.
• Strong written and verbal communication skills to effectively collaborate with hackers and customers.
• Experience using vulnerability classification frameworks like CVSS or VEX.
• Proven ability to mentor or lead peers or junior analysts in a team setting.
• Self-motivated and organized; able to handle dynamic workloads and shifting priorities.
• Comfortable leading customer-facing triage workflows and discussions.
• Fluent in English.
• Ready to work in EMEA shift / flexible shifts
  
  

All of us HackerOnies are driven by a passion for our mission, and a strong urge to work together to make the world a better place.

HackerOne Values

• Customer Obsessed - prioritizing customer outcomes in all the decisions and actions we take.
• Default to disclosure - operate with transparency and integrity, ensuring trust and accountability.
• Win together - achieve success together by fostering empowerment, inclusion, respect, and accountability.
  
  

Nice to Have

• Experience leading or managing security programs (VDPs or bug bounty).
• Exposure to cloud platforms (AWS, GCP, Azure) and relevant security implications.
• Familiarity with scripting or automation (Python, Bash, etc.) for security tooling or data handling.
• Previous experience in mentoring or team leadership roles in security teams.
  
  

Compensation Ranges :

INR 3,064,000 to 3,447,000 annually

Job Benefits:

• Health (medical, vision, dental), life, and disability insurance*
• Equity stock options
• Retirement plans
• Paid public holidays and unlimited PTO
• Paid maternity and parental leave
• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)
• Employee Assistance Program
• Flexible Work Stipend
• Eligibility may differ by country
  
  

We're committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).

Visa/work permit sponsorship is not available.

Employment at HackerOne is contingent on a background check.

HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.

This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.

For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.