HackerOne is a global leader in Continuous Threat Exposure Management (CTEM). The HackerOne Platform unites agentic AI solutions with the ingenuity of the world’s largest community of security researchers to continuously discover, validate, prioritize, and remediate exposures across code, cloud, and AI systems. Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming, and code security, HackerOne delivers measurable, continuous reduction of cyber risk for enterprises. Industry leaders, including Anthropic, Crypto.com, General Motors, Goldman Sachs, Lufthansa, Uber, UK Ministry of Defence, and the U.S. Department of Defense, trust HackerOne to safeguard their digital ecosystems. HackerOne was recognized in Gartner’s Emerging Tech Impact Radar: AI Cybersecurity Ecosystem report for its leadership in AI Security Testing and has been named a Most Loved Workplace for Young Professionals (2024).

HackerOne is at a pivotal inflection point in the security industry. Offensive security is no longer optional – it is the standard for forward-thinking companies that want to build trust and resilience in a world where AI-driven innovation and adversaries are moving faster than ever. With the industry shifting, HackerOne stands apart: we combine the ingenuity of the largest security research community with a best-in-class AI-powered platform, trusted by the world’s top organizations.

HackerOne Values

HackerOne is dedicated to fostering a strong and inclusive culture. HackerOne is Customer Obsessed and prioritizes customer outcomes in our decisions and actions. We Default to Disclosure by operating with transparency and integrity, ensuring trust and accountability. Employees, researchers, customers, and partners Win Together by fostering empowerment, inclusion, respect, and accountability.

Triage Intake Analyst

Location: Pune, India

Working Model: 5 days a Week In-Office

Position Summary

As a Triage Analyst at HackerOne, you will be the first point of contact for incoming vulnerability reports. Your role will focus on the initial intake, evaluation, and assignment of these reports, ensuring they are directed to the appropriate triage team members for further analysis. This position is ideal for someone with foundational knowledge of security vulnerabilities who is eager to develop their expertise in vulnerability triage.

As we open our new office in Pune, India, we’re excited to welcome team members who value in-person connection, collaboration, and shared purpose. All roles in Pune are hybrid by design – remote options are not available. For the types of challenges we’ll tackle and the work we’ll do together, we believe in-person connection will be essential to building strong relationships, solving problems effectively, and fostering a vibrant community.

As a fully integrated part of HackerOne’s global team, the Pune office will play a meaningful role in advancing our culture and mission. At HackerOne, we Win Together – and our Pune team will help lead the way by shaping a dynamic, in-person culture rooted in purpose and partnership.

What You Will Do

• Initial Intake: Receive and process incoming vulnerability reports, ensuring that all necessary information is included before passing them on to the triage team.

• Preliminary Assessment: Conduct an initial assessment of the reports to identify obvious false positives and ensure they align with the program’s scope.

• Collaboration: Work closely with the triage team to ensure smooth handoff and follow-up on any required additional information from hackers.

• Documentation: Assist in maintaining accurate records of report intake and initial findings, supporting the team in tracking and prioritizing reports.

• Communication: Provide clear and concise communication with hackers regarding the status of their submissions and any missing details required for further evaluation.

• Continuous Learning: Stay updated on the latest security trends and vulnerabilities to enhance your understanding and support your growth within the triage team.

• Validation: Responsible for validating quick wins, including redundant or basic vulnerabilities, ensuring they are efficiently and accurately assessed due to their ease and speed of validation.

Minimum Qualifications

• 1+ years of experience vulnerability disclosure and/or bug bounty programs.

• Basic understanding of web and mobile application security, including familiarity with the OWASP Top 10.

• 1-3 years of experience in a relevant field such as cybersecurity, security testing, pentesting etc.

• Experience using basic security testing tools (e.g., Burpsuite).

• Strong attention to detail and ability to follow procedures for initial report intake.

• Excellent written and verbal communication skills.

• Self-motivated with a willingness to learn and grow within the security field.

• Excellent decision-making skills

• Willingness to work shifts (varying day, afternoon and night shifts)

• Must be able to work from the Pune office

• English fluency.

Interview Process

1. Technical Interview

2. Challenge Interview

3. Manager Interview

Compensation

₹2.1M – ₹2.4M • Offers Equity

#LI-BT1

Job Benefits:

• Health (medical, vision, dental), life, and disability insurance*

• Equity stock options

• Retirement plans

• Paid public holidays and unlimited PTO

• Paid maternity and parental leave

• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)

• Employee Assistance Program

• Flexible Work Stipend

*Eligibility may differ by country

We're committed to building a global team! For certain roles outside the United States, India, the U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).

Visa/work permit sponsorship is not available.

Employment at HackerOne is contingent on a background check.

HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.

This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.

For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.