07 Apr
Senior Technical Program Manager, Bug Bounty
Vacancy expired!
Uber Corporate - Senior Technical Program Manager, Bug Bounty
About the RoleWe are seeking a hardworking Sr. Security Technologist to join our Vulnerability Discovery team and manage Uber's Bug Bounty Program! In this role, you will build relationships with the security research community through daily interactions, virtual promo bug bounty events and live hacking events. In addition, you will be verifying bug bounty reports, performing root cause analysis, and assessing their impact while partnering with engineering teams to track vulns through remediation. The ideal candidate will be able to work effectively with external and internal partners in a collaborative and fast paced environment.What You'll Do
- Lead bug bounty program strategy, manage public and private bug bounty projects, and assist with live event and virtual promo event planning and execution.
- Oversee the end to end report lifecycle from triage to resolution, including managing triage and escalation for inbound reports, performing root cause analysis, managing state transitions, and tracking internal remediation tickets.
- Work closely with engineering teams across Uber to help them understand the risk, track remediation timelines, and ensure reports are remediated within the defined SLAs.
- Manage bug bounty payouts, including leading payout meetings and building monthly reports for security leadership.
- Identify program trends and feed new bug bounty reports into our static analysis rule creation process.
- Maintain program documentation, e.g., updating scope changes or changes to internal process documents.
- Generate global intelligence reports on past bug bounty escalations.
- Bachelor's in Computer Science or a related field or equivalent industry experience
- Experience finding and fixing common security vulnerabilities (e.g., OWASP Top 10)
- Familiarity with software development lifecycle.
- Master's in Computer Science or a related field.
- Prior bug bounty program management experience.
- Ability to work with and get consensus from cross functional teams.
- Organized, self-motivated, and comfortable in a fast-paced environment.
- Ability to motivate internal teams to prioritize security vulnerabilities in addition to OKR work.
Vacancy expired!