Bug Bounty Analyst at PayPal

Chicago, Illinois, United States -

Full Time

Start Date

Immediate

Expiry Date

13 Mar, 26

Salary

0.0

Posted On

13 Dec, 25

Experience

0 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Bug Bounty Hunting, Web Security, API Security, Network Security, Scripting, Automation, Vulnerability Assessment, Cyber Threat Management, Collaboration, Documentation, Incident Response, Security Tools, Continuous Improvement, Research Trends, Process Development, Metrics Tracking

Industry

Software Development

Description

Independently handle assignments that require foundational knowledge of security technologies and processes while developing business expertise. Work closely with peers and experienced team members to strengthen cyber threat management practices. Take direction, contribute to team processes, and continuously learn while establishing relationships within the security domain. Apply sound judgment within established cyber threat management processes and procedures to assess and respond to security incidents and tasks. Identify and recommend efficiency improvements within the team and related peer teams to enhance cyber threat management. Contributes to process development. 1+ years relevant experience and a Bachelor's degree OR Any equivalent combination of education and experience. Reproduce reported vulnerabilities using tools such as Burp Suite, Nuclei or custom scripts. Engage with external researchers to request clarifications, verify details, and provide feedback when needed. Evaluate severity and impact of findings based on industry standards like CVSS. Collaborate with internal teams to verify exploitability, confirm scope, and facilitate remediation efforts. Maintain detailed triage documentation, metrics, and SLAs for incoming reports. Contribute to continuous improvement of triage workflows, automation scripts, and internal vulnerability tracking processes. Support creation of standard operating procedures and knowledge base for triage and validation. Stay up to date with emerging attack techniques, vulnerability classes, and researcher trends. Contribute to internal tooling and dashboards used for vulnerability identification, tracking or classification. Strong understanding of web and API security fundamentals, including authentication, session management, access control, and injection flaws etc. Understanding of network security concepts and scanning tools. Scripting and automation skills (Python equivalent). Familiarity with vulnerability frameworks and databases (OWASP Top 10, CVE, CWE). Bug bounty hunter; CTF player and active involvement in the information security community (conferences, blogs, or meetups) This is a Recent Graduate Full-Time position. Must have graduated within the past 12 months, or will be graduating by Spring 2026, with a Bachelor's or Master's degree in Computer Science, Information Security or related field from an accredited college or university. Must reside in the U.S. Must be able to obtain authorization to work in the U.S.

Responsibilities

Independently handle assignments related to security technologies and processes while collaborating with team members to enhance cyber threat management practices. Engage with external researchers, evaluate vulnerabilities, and contribute to process development and continuous improvement efforts.