What will I be doing?
We seek a candidate who has the technical expertise and communication skills to work closely with other teams at Hilton such as infrastructure cloud external contractors field-level IT resources and risk management teams as well as unaffiliated security researchers who participate in the Hilton Bug Bounty Program BBP.
As a Senior Cyber Security Analyst on the SecPEN team your primary responsibilities will include assisting developers with remediating vulnerabilities discovered from security testing triaging findings that are submitted to the Hilton BBP as well as developing Hilton BBP KPI reports for senior management.
What are we looking for?
bull Track the lifecycle of bug bounty reports submitted through the Hilton Bug Bounty Program BBP assuring that program SLAs are met.
bull Triage security vulnerabilities that are disclosed through the Hilton BBP.
bull Facilitate communications as needed between the BBP and Hiltons various engineering teams development teams and finders.
bull Collaborate with Hiltons Risk and Incident Response teams as needed to facilitate the management of reported security vulnerabilities.
bull Schedule and assist with penetration and remediation testing for a wide variety of Hilton assets.
bull Process and track all bug bounty payments to researchers and provide monthly expenditures.
bull Analyze the data produced by Hiltons Bug Bounty Program using to surface trends and other insights which can be utilized to positively affect Hiltons security.
bull Assist with the development of internal tooling to benefit the penetration testing and BBP programs.
We believe that success in this role will demonstrate itself through the following attributes and skills:
bull Experience in Bug Bounty Management and experience working with shifting timelines and priorities is preferred.
bull Strong oral and written communication skills with demonstrated experience presenting to various internal and external groups.
bull Work effectively in situations involving uncertainty or lack of information respond favorably to change and react decisively in an unstructured environment.
bull Demonstrated hands-on experience with penetration testing tools such as Burp Suite or Metasploit
bull Deep understanding of common application security issues such as Cross-Site Scripting XSS and Server-Side Request Forgery SSRF
To fulfill this role successfully you should demonstrate the following minimum qualifications:
bull At least three 3 years of experience in Technology or a related field
bull At least one 1 year of experience in a Cybersecurity-related role
It would be helpful in this position for you to demonstrate the following capabilities and distinctions:
bull Bachelors Degree or Associates Degree plus five 5 years of Technology related experience or High School Degree/GED plus ten 10 years of Technology related experience
bull Experience programming in one or more of the foll...