CybersecurityJobs.io
← Back to all jobs

Job Description

Adobe, operating through NextDeavor, invites a Contract Product Security Engineer to manage triage, validation, and remediation of external vulnerability reports while coordinating with engineering teams to enhance the bug bounty program.

Location

Lehi, UT (onsite)

Engagement Type

Contract

Responsibilities

  • Triage incoming vulnerability reports from the bug bounty platform, assessing validity, impact, and scope.
  • Assign CVSS scores and severity ratings in line with internal guidelines and industry standards.
  • Reproduce proof-of-concept exploits across web, API, and mobile surfaces to validate reports.
  • Communicate with external researchers to request clarifications, provide status updates, and manage expectations.
  • Coordinate confirmed vulnerabilities with product engineering teams for remediation.
  • Identify duplicates, out-of-scope, or informational reports and close them with clear explanations.
  • Contribute to internal documentation, triage runbooks, and severity calibration guidelines.
  • Flag systemic or critical findings to the Bug Bounty team for escalation.

Requirements

  • 3+ years of experience in application security, penetration testing, or a bug bounty/vulnerability disclosure role.
  • Strong understanding of CVSS v3.1 and hands-on experience applying it to real-world vulnerabilities.
  • Proficiency with common web vulnerability classes: XSS, SQL injection, SSRF, IDOR, authentication flaws, and business logic issues.
  • Ability to reproduce and validate PoC exploits using tools such as Burp Suite, browser DevTools, curl, and custom scripts.
  • Familiarity with bug bounty platforms (e.g., HackerOne, Bugcrowd) and responsible disclosure processes.
  • Solid written communication skills for clear, constructive responses to external researchers.
  • Familiarity with attacker techniques against LLM systems and generative AI products.
  • Knowledge of OWASP Top 10 vulnerabilities and mitigation techniques.

Technologies

  • Burp Suite
  • Browser DevTools
  • curl
  • HackerOne
  • Bugcrowd
  • AWS
  • Azure
  • GCP

Benefits

  • Health insurance
  • Vision insurance
  • Dental insurance
  • 401(k)
  • Paid sick leave

Compensation

Rate: $67.61–$84.51 per hour

Application

This role may fill quickly. Submit your resume to be considered.

Similar Jobs