My job alerts

Application Security Engineer - Bug bounty

Crypto.com

This job is no longer accepting applications

hong kong

Posted 6+ months ago

Manage and oversee the company's bug bounty program on platforms like HackerOne, HackenProof, and Bugcrowd.
Triage and validate bug reports submitted by external researchers.
Prioritize and categorize bugs based on severity and potential impact.
Collaborate with the engineering and security teams to understand, track, and remediate vulnerabilities.
Facilitate communication between external researchers, security teams, and developers to ensure effective resolution of security issues.
Provide clear and constructive feedback to external researchers.
Maintain a strong relationship with the bug bounty community.
Keep up-to-date with the latest cybersecurity trends, vulnerabilities, and threats.
Prepare and present reports on bug bounty program performance.

2+ Years of hands-on experience in the Application Security field.
Experience in a similar role, managing bug bounty programs and handling vulnerability reports will be a definite advantage.
Strong understanding of web and mobile application security.
Deep understanding of application security frameworks such as OWASP Top 10 and possess a strong sense of security regarding business and financial logic flaws.
Proficiency in using bug bounty platforms like HackerOne, HackenProof, Bugcrowd, etc.
Excellent problem-solving skills and attention to detail.
Strong communication skills, with the ability to explain complex security issues to non-technical stakeholders.
Experience in coordinating and collaborating with diverse teams.
The ability to read code and understand how the back-end responds to API requests in programming languages such as Java, Ruby, Elixir, and JavaScript is crucial.
Relevant certifications such as Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) are a plus.

This job is no longer accepting applications

CAREERS