Product Security Engineer (Bug Bounty)

About the position

The Product Security Engineer will be responsible for ensuring that Tanium provides software and services that meet the high security standard of our customers. This role is focused on the management of Tanium's responsible disclosure (bug bounty) program. The Product Security Engineer may also take ownership of special projects such as security enhancements to the Tanium codebase or creation of internal tooling that aim at improving the overall security posture of Tanium software. In addition, the Product Security Engineer will perform research on industry trends and developments and share such perspectives in appropriate forums.

Responsibilities

• Maturing Tanium's bug bounty program to establish guidelines for scope and response timelines.
• Manage and oversee the bug bounty program, including triaging vulnerability reports, validating findings, communicating with external security researchers, and coordinating with internal teams to ensure timely resolution.
• Develop infrastructure and tooling to enable 3rd party researchers to effectively test Tanium products.
• Analyze data, identify trends, and provide recommendations for internal teams to make it easier to ship secure code and harder to ship insecure code.
• Develop and share research in the area of product security and vulnerability management.

Requirements

• Bachelor’s Degree or equivalent work experience
• 3+ years relevant work experience preferred
• Expertise in determining the severity of a vulnerability and their impact to the business
• Expertise with common security testing methodologies
• Strong communication skills with external stakeholders
• Strong understanding of web and native application security
• Experience in manual and automated pen testing
• Experience performing source code reviews
• Experience with using Burp Suite or similar tools
• Experience with Cloud Platform (AWS or Azure preferred)
• Experience with at least one of the following programming languages: Golang, JavaScript, Node.js, TypeScript, C++, React, Python
• Experience with the process of developing, building, and shipping secure code
• Experience with bug bounty platforms (e.g., HackerOne, Bugcrowd) and vulnerability management tools

Benefits

• Annual base salary range of $100,000 to $190,000
• Equity awards
• Medical, dental and vision plan
• Family planning benefits
• Health savings account
• Flexible spending account
• Transportation savings account
• 401(k) retirement savings plan with company match
• Life, accident and disability coverage
• Business travel accident insurance
• Employee assistance programs
• Disability insurance
• Other well-being benefits