Application Security Engineer - Bug bounty

Crypto.com

Crypto.com

Taipei City, Taiwan
Posted on Monday, June 17, 2024

Responsibilities

  • Manage and oversee the company's bug bounty program on platforms like HackerOne, HackenProof, and Bugcrowd.
  • Triage and validate bug reports submitted by external researchers.
  • Prioritize and categorize bugs based on severity and potential impact.
  • Collaborate with the engineering and security teams to understand, track, and remediate vulnerabilities.
  • Facilitate communication between external researchers, security teams, and developers to ensure effective resolution of security issues.
  • Provide clear and constructive feedback to external researchers.
  • Maintain a strong relationship with the bug bounty community.
  • Keep up-to-date with the latest cybersecurity trends, vulnerabilities, and threats.
  • Prepare and present reports on bug bounty program performance.

Requirements

  • 2+ Years of hands-on experience in the Application Security field.
  • Experience in a similar role, managing bug bounty programs and handling vulnerability reports will be a definite advantage.
  • Strong understanding of web and mobile application security.
  • Deep understanding of application security frameworks such as OWASP Top 10 and possess a strong sense of security regarding business and financial logic flaws.
  • Proficiency in using bug bounty platforms like HackerOne, HackenProof, Bugcrowd, etc.
  • Excellent problem-solving skills and attention to detail.
  • Strong communication skills, with the ability to explain complex security issues to non-technical stakeholders.
  • Experience in coordinating and collaborating with diverse teams.
  • The ability to read code and understand how the back-end responds to API requests in programming languages such as Java, Ruby, Elixir, and JavaScript is crucial.
  • Relevant certifications such as Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) are a plus.