As a Bug Bounty Analyst, you will act as the first line of validation for vulnerability submissions. You will work directly with the Bug Bounty researcher community to accurately reproduce and validate submissions and provide clients with technical writeups for any actionable findings.
When triaging vulnerability submissions, analysts must assess the reproducibility, the real-world security impact, and that the reported issue is in scope so that submissions can be successfully filtered prior to escalating to the client.
Bug Bounty Analysts serve as a trusted intermediary between the researcher community and the client and therefore must have strong technical capabilities balanced with the ability to deliver clear, professional communication.
Due to continued growth, NCC Group is seeking an experienced Bug Bounty Triage analyst to join the Bug Bounty Services (BBS) Practice as a Security Analyst on our Tier 1 Triage Team.
As the premiere triage team in the bug bounty domain, the team’s Security Analysts have the unique opportunity to directly engage with security researcher community on their findings on behalf of our Enterprise clients.
The Tier 1 Triage team is fully distributed in NA, EMEA, and APAC, and this role directly reports to BBS’ UK-based Triage Team Lead.
- Reproduce reported vulnerabilities in a controlled manner to confirm their validity.
- Ensure that all validated reports meet quality standards for clarity, accuracy, and reproducibility before escalation to the client.
- Communicate professionally and constructively with the security researcher community, requesting information and provided clarification where needed.
- Communicate clearly and professionally with Enterprise clients ensuring that technical details are
- Identify and appropriately handle out-of-scope reports, duplicates, and low-quality AI submissions.
- Manage client queues to meet agreed response and validation timeframes.
- Author and deliver NCC-quality vulnerability reports to the specifications of individual clients.
- Drive or contribute to projects that improve BBS’ tooling, operational processes, and delivery quality.
-
Excellent written and verbal communication skills.
- Proven experience in web application, network, and mobile application security testing.
- Strong knowledge in OWASP Top 10
- Recent professional experience that required regular use of a programming scripting language (E.g., Python, JavaScript)
- Vulnerability Disclosure and Bug Bounty experience.
- Vulnerability Management experience is a plus.
- Software QA experience is a plus.
- Experience with SAST and DAST testing tools is a plus.
-
Flexible Working: Balance your work and personal life with our flexible working options.
- Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
- Medicash & Critical Illness Scheme
- Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
- Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
- Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
- Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
- Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
- Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.
We assess, develop and manage cyber threats across our increasingly connected society. We advise global technology, manufacturers, financial institutions, critical national infrastructure providers, retailers and governments on the best way to keep businesses, software and personal data safe.
With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.
We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.
Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.
We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.
If you do not want us to retain your details, you can utilise the Manage Your Data tool provided by Pinpoint or contact us directly at:
[email protected]. All personal data is held in accordance with the NCC Group Privacy Notice.
We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.
Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process.