Search

Product Security Engineer

NextDeavor Inc.
locationLehi, UT, USA
PublishedPublished: 6/14/2022
Full Time

Job Description

Job DescriptionProduct Security Engineer Full-time Lehi, UT

You’ll be joining Adobe on a contract opportunity, employed through NextDeavor

Benefits You'll Love

NextDeavor offers health, vision and dental benefits for contract employees Paid sick leave eligibility is contingent on state of residence Optional 401k Plan (excludes employer match) Opportunity to get your foot in the door at a well-established corporation, with potential for extended or permanent full-time employment

Become a Key Player as a Product Security Engineer

You will lead triage and validation of external vulnerability reports for the client's products, ensuring timely, accurate resolution and clear researcher communications. You will work closely with internal engineering and security stakeholders to drive remediation and improve the bug bounty program's effectiveness. This is a contract engagement expected to backfill a team member on leave.

Here's How You'll Make an Impact on the Team

  • Triage incoming vulnerability reports from the bug bounty platform, assess validity, impact, and scope.
  • Assign CVSS scores and severity ratings following internal guidelines and industry standards.
  • Reproduce proof-of-concept exploits across web, API, and mobile surfaces to validate reports.
  • Communicate with external researchers to request clarifications, provide status updates, and manage expectations.
  • Coordinate confirmed vulnerabilities with product engineering teams for remediation.
  • Identify duplicates, out-of-scope, or informational reports and close them with clear explanations.
  • Contribute to internal documentation, triage runbooks, and severity calibration guidelines.
  • Flag systemic or critical findings to the Bug Bounty team for escalation.

Here's What You'll Need to Be Successful in This Role

  • 3+ years of experience in application security, penetration testing, or a bug bounty/vulnerability disclosure role.
  • Strong understanding of CVSS v3.1 and hands-on experience applying it to real-world vulnerabilities.
  • Proficiency with common web vulnerability classes: XSS, SQL injection, SSRF, IDOR, authentication flaws, and business logic issues.
  • Ability to reproduce and validate PoC exploits using tools such as Burp Suite, browser DevTools, curl, and custom scripts.
  • Familiarity with bug bounty platforms (e.g., HackerOne, Bugcrowd) and responsible disclosure processes.
  • Solid written communication skills for clear, constructive responses to external researchers.
  • Familiarity with attacker techniques against LLM systems and generative AI products.
  • Knowledge of OWASP Top 10 vulnerabilities and mitigation techniques.

Here's What Else Might Help You Out

  • Experience with cloud environments (AWS, Azure, GCP) and API security testing.
  • Hands-on penetration testing experience for AI/ML and LLM-powered products, including chat interfaces and inference APIs.
  • Prior participation in bug bounty programs as a researcher.
  • Familiarity with CWE taxonomy and CVE assignment processes.
  • Background working within a large enterprise or SaaS security organization.

Pay Range

$67.61 - $84.51/hour

Ready to Make Your Mark?

This role may fill quickly. Submit your resume to be considered.

Apply with Pioneers here

Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...