Security Vulnerability Engineer

Security Vulnerability Engineer
Contract - Inside IR35
London - Hybrid (2 - 3 days a week in office)
6 months

Are you a skilled software engineer with a passion for cybersecurity? This company is seeking a talented individual to join their team as a Security vulnerability engineer. This is an excellent opportunity to make a real impact and contribute to the company's security initiatives.

Key Responsibilities:

• Manage and enhance the company's Bug Bounty Programme (HackerOne), including working with researchers to identify and report vulnerabilities
• Oversee bounty payouts and conduct risk landscape analysis
• Track vulnerabilities and define mitigation strategies
• Collaborate closely with developers to identify, understand, test, and validate fixes for vulnerabilities

Required Skills and Qualifications:

• Expertise in Bug Bounty Programme management
• Proficiency in vulnerability verification and mitigation planning
• Ability to effectively test and validate vulnerabilities
• Strong technical capabilities and familiarity with development technologies
• Skills include automation, MFA implementation, and experience with HackerOne or Similar Bug Bounty technology

Desirable

• Good scripting experience (e.g. Python).
• Hands-on use of SAST, SCA, secrets scanning, and DAST tools, especially in CI/CD pipelines.
• Awareness of CI/CD and infrastructure security patterns (GitHub Actions, Terraform, Kubernetes, least-privilege IAM).
• Practical experience with Okta (OIDC/SAML, MFA, policies, workflows) and Doppler (secrets lifecycle, rotation, environments).
• Hands-on Cloud Security (AWS) experience

Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation to this vacancy.