Security Engineer – Bug Bounty
Interactive Brokersabout 5 hours ago
Delhi, IndiaMid Level / Senior
H1B Sponsor
Responsibilities
- Own day-to-day operations of the bug bounty program, including report triage and researcher communication.
- Reproduce and validate submitted vulnerabilities across various attack surfaces.
- Classify findings using CVSS and business impact criteria, escalating critical issues as needed.
- Act as a remediation partner, providing guidance to developers on fixing vulnerabilities.
- Identify recurring vulnerability classes and feed insights back into AppSec initiatives.
- Maintain program scope and adjust based on changes in products and surface areas.
- Coordinate with legal and compliance on disclosure matters and researcher disputes.
- Produce program metrics for security leadership to drive decisions.
- Evaluate new APIs and products for readiness to enter program scope.
Requirements
- 2–5 years in application security, penetration testing, or bug bounty operations with a focus on validation.
- Strong foundational knowledge of web application vulnerabilities and their technical workings.
- Ability to read and reason about researcher reports in the context of the application.
- Experience operating a bug bounty or vulnerability disclosure program on a managed platform.
- Strong written communication skills for interacting with researchers and developers under pressure.
- Familiarity with REST and GraphQL API security and web application architecture.
- Ability to work cross-functionally with engineering teams to implement security findings.
Benefits
- Competitive salary package.
- Performance based annual bonus (cash and stocks).
- Hybrid working model (3 days office/week).
- Group Medical & Life Insurance.
- Modern offices with free amenities and fully stocked cafeterias.
- Monthly food card and company paid snacks.
- Hardship/shift allowance with company provided pickup & drop facility.
- Attractive employee referral bonus.
- Frequent company sponsored team building events and outings.