Back to search
Cypress HCM Linkedin · Posted 8d ago

Product Security Engineer

Lehi

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Job Details

  • Product Security Engineer (Bug Bounty)
  • Location: Remote (Supporting Adobe's Lehi, UT team)
  • Duration: 07/20/2026 - 11/20/2026
  • Team: US Vuln Mgmt

About The Role

  • Seeking a Product Security Engineer to support our Bug Bounty program on a contract engagement, backfilling a team member on leave. You will be the frontline responder for external vulnerability reports submitted through the program, working closely with internal engineering and security teams to ensure timely, accurate triage and resolution.

Responsibilities

  • Triage incoming vulnerability reports submitted through the bug bounty platform and assess validity, impact, and scope
  • Assign CVSS v3.1 scores and severity ratings using Adobe's internal guidelines and industry standards
  • Reproduce proof-of-concept exploits across web, API, and mobile applications
  • Communicate professionally with external security researchers by requesting clarifications, providing status updates, and managing expectations
  • Coordinate confirmed vulnerabilities with product engineering teams for remediation
  • Identify duplicate, out-of-scope, or informational reports and provide clear closure responses
  • Contribute to internal documentation, triage runbooks, and severity calibration guidelines
  • Escalate systemic or critical findings to the Bug Bounty team as needed

Required Qualifications

  • 3+ years of experience in application security, penetration testing, or bug bounty/vulnerability disclosure
  • Strong understanding of CVSS v3.1 scoring with hands-on experience assessing real-world vulnerabilities
  • Experience validating vulnerabilities including XSS, SQL Injection, SSRF, IDOR, authentication issues, and business logic flaws
  • Ability to reproduce proof-of-concept exploits using Burp Suite, browser DevTools, curl, and custom scripts
  • Experience working with bug bounty platforms such as HackerOne or Bugcrowd
  • Strong written communication skills with the ability to interact professionally with external security researchers
  • Familiarity with attacker techniques targeting LLM systems and generative AI products
  • Strong knowledge of OWASP Top 10 vulnerabilities and mitigation strategies

Preferred Qualifications

  • Experience securing cloud environments including AWS, Azure, or GCP
  • Experience testing AI/ML or LLM-powered applications
  • Previous participation as a bug bounty researcher
  • Knowledge of CWE taxonomy and CVE assignment processes
  • Experience supporting security programs within large enterprise or SaaS organizations

Compensation

  • Pay Rate:$84.51 per hour

Requisition ID: #37382925

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent