Sr. Security Engineer - Bug Bounty (Remote, East/Central)
About the Role
At CrowdStrike our Bug Bounty Programs are a collaboration with third party researchers where researchers are rewarded for discovering security bugs. You will be responsible for leading and executing these programs including, but not limited to triaging, tracking, and managing researcher communications. This will include working with external bug bounty researchers and internal stakeholders across various business units.
Effective communication; both written and verbal is key to this role. To be successful in this position you must possess strong technical skills to understand security related issues, but also a strong business acumen to help improve the overall program and communicate effectively to all parties.. You will also need to stay organized and be able to report the triage and remediation status of multiple reports to management.
This role is open to candidates located remotely in the United States, East or Central Coast.
Responsibilities:
Lead, Manage and execute CrowdStrike bug bounty programs
Managing triage of bug bounty reports
Communicating effectively and professionally with third-party bug bounty researchers
Collaborating with the security teams for further vulnerability analysis
Collaborating with engineers to track vulnerability through resolution
Key Qualifications Required:
Excellent written and verbal communication skills
Strong technical expertise in security vulnerabilities and the ability to reproduce technical issues
Understanding of application security principles, best practices and common web security vulnerabilities
Familiarity with common network protocols and standards
Familiarity with cloud environments like Amazon Web Services
Familiarity with application security testing processes and tools
Preferred Requirements:
Experience triaging bounty reports or support tickets
Experience as a bug bounty researcher
Experience automating processes
Practical penetration testing experience
Practical software development experience
Application security related certifications
#LI-RC1
#LI-Remote