Head of Security Assessments


United States of America
  • Job Type: Full-Time
  • Function: IT
  • Post Date: 04/12/2021
  • Website: hackerone.com
  • Company Address: 22 4th Street 5th Floor, San Francisco, CA, 94103

About HackerOne

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited.

Job Description

HackerOne is looking for a Head of Security Assessments to act as the leader for all things Security Assessments. At HackerOne, we believe that on-demand security assessments will become the defacto choice for the modern and digital Enterprise. With our hacking community of more than 1 million creative and curious minds, we strive to provide a diverse talent bench that can handle the high demands of the modern Enterprise. We do this all while providing a phenomenal customer experience that’s heavily powered by intelligence analytics and seamlessly integrated workflows. All guided by a trusted advisor that deeply understands the needs of the modern CISO (this is where you come in!) This is an opportunity to apply your expertise to help numerous world-class organizations run high-quality security assessments in a way that suits 2021.
The Security Assessments Delivery team is made up of client-facing security experts, Solution Architects, who provide deep and practical security knowledge and consulting to design engagements that deliver on customer objectives. We work directly with our customers and hackers to ensure that every security assessment is driving meaningful results for our customers’ security posture.
This role reports into an Head of Security Advisory Services at the San Francisco HQ, but can be performed remotely from anywhere in the United States.


    • Pre-Sales:
    • Provide technical delivery guidance to pre-sales team, most typically for more technically complex organizations or highly specialized engagements requiring unique scoping
    • Design custom security assessment solutions that drive customer objectives, engaging directly with Senior Executive customer leadership to consult on program design
    • Develop multi-assessment testing strategies with enterprise customers
    • Contribute to security assessment and penetration testing RFP responses
    • Contribute to all aspects of assessment sales cycles as necessary 
    • Post-Sales:
    • Build, manage and oversee the Security Assessments Delivery Team
    • Expand our portfolio of security assessment offerings, broadening HackerOne’s delivery capability
    • Ensure timely and satisfactory delivery in accordance with customer goals
    • Directly manage difficult or sensitive customer situations
    • Consult with customers’ auditors for compliance-driven engagements
    • Sourcing and staffing the right hacker community talent on the right engagements
    • Continuously identify areas of opportunity for specialized hacker talent recruitment and development 
  • Strategic:
  • Contribute to and influence the product strategy for Security Assessments
  • Active role as a strategic partner in the Go-To-Market plan for Security Assessments
  • Provide technical guidance about penetration testing, vulnerability assessment, and lead training to the broader organization
  • Continually align HackerOne’s portfolio of security assessments to industry-recognized information security compliance frameworks like PCI-DSS, SOC2, and ISO 27001
  • Evangelize HackerOne’s leading position in Hacker-Powered Security via presentations at top-tier security conferences and through whitepapers and other technical publications, as well as via collaboration with HackerOne Marketing and PR teams


    • You’ve successfully run a revered security consulting practice but have begun to feel disillusioned with the limitations of the model
    • You are keen on adopting best practices from the best in the world, while also relentlessly innovating to bring security into the modern, digital-first era.
    • You believe “Because this is how we’ve always done it” may just be one of the most dangerous phrases in existence.
  • Mastery of 6+ technical security domains:
  • Significant experience in 4+ programming languages, with extensive knowledge of how vulnerabilities can manifest in code
  • Deep knowledge of penetration testing compliance requirements and delivery processes from frameworks such as PCI-DSS, HITRUST, SOC2, ISO 27001, and NIST 800-53.
  • Web application security assessment
  • Network security assessment
  • Binary reverse engineering
  • Network protocol reverse engineeringCryptographic analysis
  • Low-Level application security assessment (firmware, kernel)
  • Exploit research and development
  • Enterprise technologies e.g. Virtualization (VMWare or OpenStack), WSUS, etc.
  • Forensics and Incident Response
  • Secure boot-chain or hardware security review
  • Mobile application assessment (Android, iOS)
  • Threat modeling and attack surface enumeration
  • Red teaming
  • Threat hunting
  • Physical security assessment
  • Personal Qualities:
  • Excellent English spoken and written communication skills
  • High-level of professionalism
  • Motivational leader
  • Outstanding attention to detail
  • Ability to lead teams and multi-faceted projects effectively
  • Ability to influence Senior Executive as well as operational leadership
  • Self-motivated and demonstrated self-starter
  • Highly dependable
  • Excellent management skills
  • Willingness to travel, less than 20% (post-Covid)
HackerOne Values
As a team, we believe in integrity, transparency, trust, collaboration, and community. We believe in the positive power of hackers and work tirelessly to promote the success of our community to the broader, mainstream audience.
What We Do
HackerOne was started by hackers and security leaders who are driven by a passion to make the internet safer. HackerOne is now the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. We partner with the global hacker community to surface the most relevant security issues of our customers before they can be exploited by criminals. More than 1,700 organizations, including the U.S. Department of Defense, General Motors, Google Play, Twitter, GitHub, Nintendo, Qualcomm, Spotify, Starbucks, and Dropbox, trust HackerOne to find critical software vulnerabilities. HackerOne is headquartered in San Francisco with offices in London, New York, and The Netherlands.
As a team, we believe in integrity, transparency, trust, collaboration and community. We believe in the positive power of hackers and work tirelessly to promote the success of our community to the broader, mainstream audience.

Related Jobs


HackerOne - United States of America


HackerOne - Washington, DC, US


HackerOne - Paris, FR

Senior Product Designer

HackerOne - EMEAUnited States of America

Data Infrastructure Engineer

HackerOne - United States of America
Disclaimer: Local Candidates Only
This company does NOT accept candidates from outside recruiting firms. Agency contacts are not welcome.