As a Bug Bounty Analyst, you will act as the first line of validation for vulnerability submissions. You will work directly with the Bug Bounty researcher community to accurately reproduce and validate submissions and provide clients with technical writeups for any actionable findings.
When triaging vulnerability submissions, analysts must assess the reproducibility, the real-world security impact, and that the reported issue is in scope so that submissions can be successfully filtered prior to escalating to the client.
Bug Bounty Analysts serve as a trusted intermediary between the researcher community and the client and therefore must have strong technical capabilities balanced with the ability to deliver clear, professional communication.
Key Responsibilities
Due to continued growth, NCC Group is seeking an experienced Bug Bounty Triage analyst to join the Bug Bounty Services (BBS) Practice as a Security Analyst on our Tier 1 Triage Team.
As the premiere triage team in the bug bounty domain, the team’s Security Analysts have the unique opportunity to directly engage with security researcher community on their findings on behalf of our Enterprise clients.
The Tier 1 Triage team is fully distributed in NA, EMEA, and APAC, and this role directly reports to BBS’ UK-based Triage Team Lead.
- Reproduce reported vulnerabilities in a controlled manner to confirm their validity.
- Ensure that all validated reports meet quality standards for clarity, accuracy, and reproducibility before escalation to the client.
- Communicate professionally and constructively with the security researcher community, requesting information and provided clarification where needed.
- Communicate clearly and professionally with Enterprise clients ensuring that technical details are
- Identify and appropriately handle out-of-scope reports, duplicates, and low-quality AI submissions.
- Manage client queues to meet agreed response and validation timeframes.
- Author and deliver NCC-quality vulnerability reports to the specifications of individual clients.
- Drive or contribute to projects that improve BBS’ tooling, operational processes, and delivery quality.
Skills, Knowledge & Expertise
- Excellent written and verbal communication skills.
- Proven experience in web application, network, and mobile application security testing.
- Strong knowledge in OWASP Top 10
- Recent professional experience that required regular use of a programming scripting language (E.g., Python, JavaScript)
- Vulnerability Disclosure and Bug Bounty experience.
- Vulnerability Management experience is a plus.
- Software QA experience is a plus.
- Experience with SAST and DAST testing tools is a plus.
Job Benefits
- Flexible Working: Balance your work and personal life with our flexible working options.
- Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
- Medicash & Critical Illness Scheme
- Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
- Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
- Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
- Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
- Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
- Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.