Cypress HCM
Linkedin · Posted 8d ago
Product Security Engineer
Continue to application
Add your email once, then Caio opens the original posting.
Indexed description
Job Details
- Product Security Engineer (Bug Bounty)
- Location: Remote (Supporting Adobe's Lehi, UT team)
- Duration: 07/20/2026 - 11/20/2026
- Team: US Vuln Mgmt
- Seeking a Product Security Engineer to support our Bug Bounty program on a contract engagement, backfilling a team member on leave. You will be the frontline responder for external vulnerability reports submitted through the program, working closely with internal engineering and security teams to ensure timely, accurate triage and resolution.
- Triage incoming vulnerability reports submitted through the bug bounty platform and assess validity, impact, and scope
- Assign CVSS v3.1 scores and severity ratings using Adobe's internal guidelines and industry standards
- Reproduce proof-of-concept exploits across web, API, and mobile applications
- Communicate professionally with external security researchers by requesting clarifications, providing status updates, and managing expectations
- Coordinate confirmed vulnerabilities with product engineering teams for remediation
- Identify duplicate, out-of-scope, or informational reports and provide clear closure responses
- Contribute to internal documentation, triage runbooks, and severity calibration guidelines
- Escalate systemic or critical findings to the Bug Bounty team as needed
- 3+ years of experience in application security, penetration testing, or bug bounty/vulnerability disclosure
- Strong understanding of CVSS v3.1 scoring with hands-on experience assessing real-world vulnerabilities
- Experience validating vulnerabilities including XSS, SQL Injection, SSRF, IDOR, authentication issues, and business logic flaws
- Ability to reproduce proof-of-concept exploits using Burp Suite, browser DevTools, curl, and custom scripts
- Experience working with bug bounty platforms such as HackerOne or Bugcrowd
- Strong written communication skills with the ability to interact professionally with external security researchers
- Familiarity with attacker techniques targeting LLM systems and generative AI products
- Strong knowledge of OWASP Top 10 vulnerabilities and mitigation strategies
- Experience securing cloud environments including AWS, Azure, or GCP
- Experience testing AI/ML or LLM-powered applications
- Previous participation as a bug bounty researcher
- Knowledge of CWE taxonomy and CVE assignment processes
- Experience supporting security programs within large enterprise or SaaS organizations
- Pay Rate:$84.51 per hour
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search
Want help applying to roles like this?
Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent