HackerOne is the global leader in human-powered security, harnessing the creativity of the world’s largest community of security researchers with cutting-edge AI to protect your digital assets. The HackerOne Platform combines the expertise of our elite community and the most up-to-date vulnerability database to pinpoint critical security flaws across your attack surface. Our integrated solutions, including bug bounty, pentesting, code security audits, spot checks, and AI red teaming, ensure continuous vulnerability discovery and management throughout the software development lifecycle. Trusted by industry leaders such as Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.
Position Summary
HackerOne is seeking a detail-oriented and proactive individual to join our expanding security assessments team as a Security Assessments Report Writer. In this role, you will be responsible for ensuring the quality, accuracy, and presentation of third-party assessment reports that showcase the results of our security testing. While this position does not involve hands-on security testing, having experience in the security industry will be highly valuable in understanding and refining the findings reported by penetration testers, ethical hackers, and other security researchers.
The Security Assessments Report Writer reports to the Sr. Director, Delivery Excellence within HackerOne’s post-sales operations department and works closely with Technical Engagement Managers responsible for the optimal representation of security assessments and quality of results. HackerOne Assessments, executed by the Delivery Excellence team, is HackerOne’s fastest growing product and business line.
What You Will Do
Take itemized security findings reported by security researchers along with written summary evaluations and coalesce information into assessment report documents which will be reviewed and ultimately delivered to customers.
Re-issue versions of assessment reports based on updated information - maintaining a version control history.
Adapt HackerOne’s written standards for weakness and attack pattern types for a variety of placements, and help Technical Engagement Managers and Solution Architects ensure they’re kept current.
Make minor edits to written content so that it communicates clearly to technical and non-technical audiences and adequately represents security testing efforts.
Make formatting improvements for readability - optimizing the appearance of documents for optics of professionalism, adhering to HackerOne brand guidelines.
Actively seek clarification from security researchers and teammates when written content is unclear and propose revisions for approval.
Interface with customers for feedback on how to improve HackerOne security assessment reports and work with HackerOne Product and Engineering to codify long-standing improvements.
Work with HackerOne Technical Engagement Managers and Solutions Architects to make strategic updates to current assessment report standards and help write the standard for innovative security testing developed by HackerOne.
Minimum Qualifications
Strong expertise and proficiency in all text document tools including Google Docs, Microsoft Word, Adobe Acrobat Reader is an advantage.
Knowledge of foundational information security concepts, including the OWASP Top Ten, optimizing the appearance of documents for the optics of professionalism. You don’t need to be a subject matter expert in security, but you’ll need to have or develop a deep understanding of these concepts.
Ability to comprehend penetration testing methodologies and objective-based testing engagements (e.g., red teaming, assumed breach), identify discrepancies, and craft clear, concise, and accurate summaries of findings.
Exceptional attention to detail with a commitment to delivering high-quality work.
Ability to act decisively and confidently in a variety of situations, demonstrating independence and sound judgment. This role offers significant autonomy in daily tasks and relies on a high level of trust to operate with minimal supervision.
Outstanding written and verbal communication skills, effective in both internal and external contexts.
Highly resourceful, unafraid to ask questions, and quick to learn from the answers to achieve clarity and results.
Must be based remotely in US, Canada, or UK. HackerOne is a digital-first company. This model offers our employees flexibility in time and location. All employees must be able to work and excel in a remote environment.
Preferred Qualifications
Professional experience writing technical documentation consumed by technical audiences (e.g., API, infrastructure).
Experience as a security researcher / penetration tester.
Professional experience writing penetration test reports.
Experience collaborating with technical teammates (e.g., engineering, IT) located in the APAC region.
Experience creatively leveraging generative AI to make automated, systematic improvements to processes.
Compensation Bands:
Tier Guide
Tier B
$90K – $100K • Offers Equity
Tier C
$85K – $100K • Offers Equity
#LI-Remote
#LI-HM1
We are a Circle Back Initiative Employer and commit to responding to every applicant.
We're committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).
Employment at HackerOne is contingent on a background check.
HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.
This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.
For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.
HackerOne Values
HackerOne commits to maintaining a strong, inclusive culture built for our employees and our community of hackers. We are driven by our five core values. We recognize that our mission is bigger than us, and therefore act with integrity at all times. As a team, we believe that transparency builds trust so we default to disclosure in our communications. Each individual executes with excellence, creating an environment of greater alignment and greater autonomy. We win as a team and respect all people to empower everyone to learn from each other, innovate, and grow.