Product Security Engineer - Bug Bounty

Varite, Inc

Lehi, UT

JOB DETAILS
SALARY
$80–$84.50 Per Hour
SKILLS
(XSS) Cross Site Scripting, Amazon Web Services (AWS), Animation Software, Application Programming Interface (API), Applications Security, Artificial Intelligence (AI), Audio Editing, Authentication, Calibration, Cloud Computing, Communication Skills, Computer Security, Computer Software, Consulting, Documentation, Enterprise Protection, Fortune 1000 Customers, GCP (Good Clinical Practices), Government, High Tech Industry, Industry Standards, Injections, Internet Security, Microsoft Windows Azure, Mobile Applications Development, Online Courses, Penetration Testing, Product Engineering, Proof of Concept, Research Skills, SQL (Structured Query Language), Scripting (Scripting Languages), Security Attacks, Software as a Service (SaaS), Taxonomies, Time Management, Video Editing, Web Browsers, Web Design, Web Programming, Writing Skills
LOCATION
Lehi, UT
POSTED
5 days ago
VARITE is looking for qualified Product Security Engineer in Lehi, UT or San Jose, CA.
 
WHAT THE CLIENT DOES?
An American computer software company that offers a wide range of programs from web design tools, photo manipulation and vector creation, through video/audio editing, mobile app development, print layout and animation software.
 
WHAT WE DO?
Established in the Year 2000, VARITE is an award-winning minority business enterprise providing global consulting & staffing services to Fortune 1000 companies and government agencies. With 850+ global consultants, VARITE is committed to delivering excellence to its customers by leveraging its global experience and expertise in providing comprehensive scientific, engineering, technical, and non-technical staff augmentation and talent acquisition services.
 
Job Title: Product Security Engineer
Location: Lehi, UT or San Jose, CA (Hybrid)
Contract Duration: 6 months
Pay Rate Range: $80.00 - $84.50/hr. on W2
Work Authorization: USC or GC only
 
HERE’S WHAT YOU’LL DO
About the Role:
  • **** is seeking a Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave.
  • You will be the frontline responder for external vulnerability reports submitted through the program, working closely with internal engineering and security teams to ensure timely, accurate triage and resolution.
 
Responsibilities:
  • Triage incoming vulnerability reports submitted via the bug bounty platform, assessing validity, impact, and scope.
  • Assign CVSS scores and severity ratings accurately, following ****'s internal severity guidelines and industry standards.
  • Reproduce proof-of-concept (PoC) exploits to validate reported vulnerabilities across web, API, and mobile surfaces.
  • Communicate clearly and professionally with external researchers: request clarifications, provide status updates, and manage expectations.
  • Coordinate with product engineering teams to route confirmed vulnerabilities for remediation.
  • Identify duplicate, out-of-scope, or informational reports and close them with clear, respectful explanations.
  • Contribute to internal documentation, triage runbooks, and severity calibration guidelines.
  • Flag systemic or critical findings to Bug Bounty team for escalation as needed.
 
Required Qualifications:
  • 3+ years of experience in application security, penetration testing, or a bug bounty / vulnerability disclosure role.
  • Strong understanding of CVSS v3.1 scoring and hands-on experience applying it to real-world vulnerabilities.
  • Proficiency in common web vulnerability classes: XSS, SQL injection, SSRF, IDOR, authentication flaws, and business logic issues.
  • Ability to reproduce and validate PoC exploits using tools such as Burp Suite, browser DevTools, curl, and custom scripts.
  • Familiarity with bug bounty platforms (e.g., HackerOne, Bugcrowd) and responsible disclosure processes.
  • Solid written communication skills able to write clear, constructive responses to researchers of all skill levels.
  • Familiarity with attacker techniques used by external researchers against LLM systems and generative AI products.
  • Knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.
 
Nice to Have:
  • Experience with cloud environments (AWS, Azure, GCP) and API security testing.
  • Hands-on experience in penetration testing of AI/ML and LLM-powered products, including chat interfaces, agentic workflows, and inference APIs.
  • Prior participation in bug bounty programs as a researcher.
  • Familiarity with OWASP Top 10, CWE taxonomy, and CVE assignment processes.
  • Background working within a large enterprise or SaaS security organization.
 
BENEFITS:
We offer a comprehensive benefits package designed to support the health, well-being, and financial security of our employees and their families. Eligible employees may receive:
  • Health Insurance: Medical, dental, and vision coverage
  • Retirement Plans: Participation in a company-sponsored retirement savings plan.
  • Legal Service Plans: Offering access to attorneys for legal advice and representation.
 
If this opportunity interests you, please respond by clicking on EasyApply.
 
Know someone who would be perfect for this role? Refer to us and if they are hired, you could be eligible for our employee referral bonus! Help us grow our team with top talent from your network.
VARITE is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

About the Company

V

Varite, Inc