Security- Technical Program Manager
As Twitter’s bug bounty leader, you will be responsible for ensuring the success of our program. You will leverage deep and practical knowledge in security and project management to ensure efficient and effective operations of Twitter’s bug bounty program.
What You’ll do:
- Identifying, measuring, and executing on indicators of success for Twitter’s bug bounty program
- Ensuring operational success of the program, including triage rotation to execute on key deliverables
- Ensure Twitter consistently meets SLAs such as:
- response time to hackers on reported vulnerabilities
- time to bounty after confirmation of the issue
- time to remediation of reported vulnerabilities
- Identifying and expanding the scope of the program
- Accepting and incorporating feedback from (and developing a healthy relationship with) the bug bounty community
- Leading vulnerability management efforts on issues identified via the program
- Identifying and calibrating budget for the program
- Working with executive leadership and other parts of to report on the results of program and ensure continued buy-in
- Interface with and coordinate third party triage services for front-line bug triage.
You will meet most (but need not meet all) of the following points:
- 2+ years of application security experience, understand security fundamentals and common vulnerabilities (e.g. OWASP Top Ten)
- 2+ years of security consulting experience
- Outstanding communicator with empathy for researchers to strike the right balance. You need to be an advocate for friendly hackers, but also appropriately influence and push back when needed to help hackers be successful.
- Ability to take feedback from hackers and translate to action items for our bug bounty team
- Extremely organized with strong project management experience
- Detail oriented, results driven, fast learner
- A strong sense of urgency and bias for action
- A passion for solving problems, both for hackers and internal teams at
- A great team player
Ideal candidate will meet several of the following:
- Vulnerability assessment experience
- Penetration testing and code review
- Additional experience in IT, security engineering, system and network security, authentication and security protocols, and applied cryptography
- Scripting/programming skills (e.g., Python, Ruby, Java, JS, etc.)
- Network and web-related protocol knowledge (e.g., TCP/ IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Project management experience
Engineering Hiring Process
Once your application is received, a recruiter will reach out pending your qualifications are a match for the role.
If your background is a match, you may have 1-2 technical phone interviews or be given the chance to provide a work sample depending on the role.
If the phone interviews go well or your work sample is strong, the final step includes interviews with 5-6 people held onsite in our office.
We're the People Team @Twitter. We're hiring service, purpose-driven people who are creative and move fast. #LoveWhereYouWork #JoinTheFlock
We're your one stop shop for anything University related. That means campus outreach, student advice/tips, & of course, our University Recruiting efforts!