Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Analyse security findings and communicate with researchers to enhance client security.
- Company: NCC Group is a global leader in cyber security, dedicated to creating a secure digital future.
- Benefits: Enjoy flexible working, wellness programs, and a comprehensive benefits package.
- Why this job: Join a supportive team that values creativity and offers opportunities for growth in a dynamic field.
- Qualifications: Proven experience in security testing, excellent communication skills, and knowledge of OWASP Top 10 required.
- Other info: Remote work available in the UK or Spain; must pass pre-employment background checks.
The predicted salary is between 36000 - 60000 £ per year.
Location: Remote (UK or Spain)
Role Purpose: Analyze and fully reproduce potential security findings reported to our clients. Communicate with the global researcher community to gather information and inform them of triage analysis outcomes. Author and deliver NCC-quality vulnerability reports to the specifications of individual clients. Drive or contribute to projects that improve BBS’ tooling, operational processes, and delivery quality.
Summary: Due to continued growth, NCC Group is seeking an experienced Bug Bounty Triager to join the Bug Bounty Services (BBS) Practice as a Security Analyst on our Tier 1 Triage Team. As the premiere triage team in the bug bounty domain, the team’s Security Analysts have the unique opportunity to directly engage with the security researcher community on their findings on behalf of our Enterprise clients. The Tier 1 Triage team is fully distributed in NA, EMEA, and APAC, and this role directly reports to BBS’ Spain-based Director of Triage.
What we are looking for in you:
- Native speaker or CEFRL C2 English language proficiency
- Excellent written and verbal communication skills
- Proven experience in web application, network, and mobile application security testing
- Strong knowledge in OWASP Top 10
- Recent professional experience that required regular use of a programming scripting language
- Vulnerability Disclosure and Bug Bounty experience
- Vulnerability Management experience is a plus
- Software QA experience is a plus
- Experience with SAST and DAST testing tools is a plus
Behaviours:
- Focusing on Clients and Customers
- Working as One NCC
- Always Learning
- Being Inclusive and Respectful
- Delivery Brilliantly
Why NCC Group? At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks. Our colleagues are our greatest asset, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support.
What do we offer in return? We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:
- Flexible working
- Financial & Investment
- Pension
- Life Assurance
- Share Save Scheme
- Maternity & Paternity leave
- Community & Volunteering Programmes
- Cycle Scheme
- Office Lifestyle
- Employee Referral Program
- Lifestyle & Wellness
- Learning & Development
- Diversity & Inclusion
So, what’s next? If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and the relevant member of our global talent team will be in touch with you. Alternatively, send your details to .
About your application: We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles. If you do not want us to retain your details, please email . All personal data is held in accordance with the NCC Group Privacy Policy. We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage. Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.
Security Analyst - Bug Bounty employer: NCC Group
Contact Detail:
NCC Group Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Security Analyst - Bug Bounty
✨Tip Number 1
Familiarise yourself with the OWASP Top 10 vulnerabilities, as this knowledge is crucial for a Security Analyst role. Being able to discuss these vulnerabilities confidently during interviews will demonstrate your expertise and understanding of web application security.
✨Tip Number 2
Engage with the bug bounty community on platforms like HackerOne or Bugcrowd. Building connections and participating in discussions can provide insights into current trends and challenges in the field, which you can reference in your conversations with us.
✨Tip Number 3
Showcase your experience with programming or scripting languages by working on personal projects or contributing to open-source security tools. This hands-on experience will not only enhance your skills but also give you concrete examples to discuss during interviews.
✨Tip Number 4
Prepare to discuss your previous vulnerability management experiences and how you've handled security findings. Being able to articulate your thought process and the impact of your actions will highlight your problem-solving abilities and fit for our team.
We think you need these skills to ace Security Analyst - Bug Bounty
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in web application, network, and mobile application security testing. Emphasise your familiarity with OWASP Top 10 and any programming or scripting languages you've used.
Craft a Strong Cover Letter: In your cover letter, express your passion for cybersecurity and your understanding of the bug bounty landscape. Mention specific experiences that demonstrate your ability to communicate effectively with the researcher community.
Showcase Relevant Skills: Clearly outline your skills related to vulnerability management, SAST, and DAST testing tools. If you have experience in software QA, make sure to include that as well, as it can set you apart from other candidates.
Proofread Your Application: Before submitting, thoroughly proofread your application materials. Ensure there are no grammatical errors and that your writing is clear and professional, reflecting the excellent communication skills the role requires.
How to prepare for a job interview at NCC Group
✨Showcase Your Communication Skills
As a Security Analyst, you'll need to communicate effectively with both clients and the researcher community. Prepare to discuss your previous experiences where you successfully conveyed complex security findings in a clear and concise manner.
✨Demonstrate Technical Proficiency
Be ready to talk about your experience with web application, network, and mobile application security testing. Highlight your familiarity with OWASP Top 10 and any relevant programming or scripting languages you've used in your past roles.
✨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills in real-world scenarios. Think of examples where you triaged vulnerabilities or managed bug bounty reports, and be prepared to explain your thought process and decision-making.
✨Emphasise Continuous Learning
NCC Group values individuals who are always learning. Share how you stay updated with the latest security trends and tools, and mention any recent courses or certifications you've completed that relate to vulnerability management or security testing.
