Bug Bounty Technical Lead- (Vulnerability disclosure (VDP))

Overview:

We are a leading AI-driven Global Supply Chain Solutions Software Product Company and one of Glassdoor’s “Best Places To Work”.

Scope:

We are looking for a highly skilled and experienced Bug Bounty Tech Lead to oversee our bug bounty program. The ideal candidate will manage the entire bug bounty process, coordinate with security researchers, prioritize and assess vulnerabilities, and work closely with internal teams to ensure timely and effective resolution of security issues

What you’ll do:

• In this role, you'll lead and manage Blue Yonder's bug bounty program. This involves spearheading communication with a global community of security researchers, validating the vulnerabilities they report.
• Oversee all technical aspects of the bug bounty program, including program design, scope definition, and triage processes.
• Partner with engineering, development, and operations teams to facilitate the remediation of identified vulnerabilities. Provide guidance and support to ensure vulnerabilities are addressed promptly.
• Act as the primary point of contact for security researchers and internal stakeholders. Provide clear and effective communication regarding vulnerability status, resolution timelines, and program updates.
• Analyse trends and patterns in reported vulnerabilities. Develop and deliver reports to senior management on the effectiveness of the bug bounty program and overall security posture.
• Stay up-to-date on the latest security vulnerabilities, exploit techniques, and bug bounty trends.
• Proactively identify and implement program improvements to maximize its effectiveness.
• Manage the bug bounty program budget and track key performance indicators (KPIs).
• Build and maintain strong relationships with external security researchers, fostering a positive and mutually beneficial community.
• Act as a security champion within the organization, promoting security awareness and best practices.

What we are looking for:

• Bachelor’s degree in computer science, or a related field. Relevant certifications (e.g., CISSP, CEH, OSCP) are a plus.
• Minimum 10+ years of experience in application security or a related field.
• Proven experience leading and managing a security team.
• In-depth knowledge of web application security, penetration testing methodologies, and vulnerability exploitation techniques.
• Experience with bug bounty program management, including triage processes, vulnerability validation, and bounty payouts.
• Excellent communication, collaboration, and interpersonal skills.
• Strong analytical and problem-solving skills.
• Ability to work independently and manage multiple priorities in a fast-paced environment.
• Passion for security and a desire to stay ahead of the evolving threat landscape.

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

Diversity, Inclusion, Value & Equality (DIVE) is our strategy for fostering an inclusive environment we can be proud of. Check out Blue Yonder's inaugural Diversity Report which outlines our commitment to change, and our video celebrating the differences in all of us in the words of some of our associates from around the world.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.