Skip to main content

Pentest Community Application

Thanks for your interest in applying to join the Pentest community at HackerOne. 

Our pentest community is one of the more exclusive communities we manage within HackerOne. All pentesters of this community will require background checks and ID verification, and accept and abide by the Pentest Rules of Engagement. Pentesters are also required to have extreme professionalism and good customer communication skills, and a history of good behavior and professionalism in the HackerOne platform. 
Benefits of being part of this exclusive community include not only the compensation model but also direct access to communication with customers and HackerOne staff, exclusive profile badges, and might also include certifications or training sponsored by HackerOne on an ad-hoc basis.

Right now, we are reviewing applicants quarterly (each 3 months) and allow-listing a small list of candidates each time. Requirements to apply are outlined in this page.

Please remember that there is a big waiting list for opportunities to join, so it might take some time till we add new pentesters to our community. Right now we are not sending an email after the application confirming or not your application, but we will definitely contact you if your profile is within the priority list. Also, please understand that HackerOne reserves the right to make the final decision about the applicant's approval even if the candidate is qualified.

What are we looking for:

The best candidate for HackerOne pentest, is the one who has professional experience working as a pentester, has also been an active bug bounty hunter in the HackerOne platform (verifiable experience and familiar with the platform) and also has at least one infosec/pentest/hacking certification. Below is a table showing some different profiles that we will consider with the current priority noted:

Do You Have an Active Hacker Account?

We are looking for pentesters with the following:

  • 3 years of professional experience in pentest

AND

  • OSCP/OSCE/OSWE/CREST

OR

  • 3 years of professional experience in pentest

AND

  • 500+ rep points in HackerOne
  • No CoC violations
  • Signal better than 4 over past-year
  • Impact over 18

Not in the Platform?

We are looking for pentesters with the following:

  • 3 years of professional experience or more doing pentest
  • OSCP/OSCE/OSWE/CREST

In all cases, these are in-demand skills and/or certifications:

  • iOS mobile pentesting
  • PCI compliance knowledge (pentest experience including segmentation testing is a plus).
  • Internal infrastructure pentest experience.
  • Experience leading teams is a plus.

Prioritization of acceptance to be a HackerOne pentester may be provided to those who prove in-demand skills and certifications.

Certifications:

  • OSCP
  • OSEP
  • OSWE
  • OSEE
  • OSED
  • CREST
  • AWS Security Specialty
  • Others might also be considered, but the above mentioned ones will be prioritized.

Skills:

  • iOS mobile pentest experience
  • Cloud infrastructure (Aws/azure/GCP) pentest experience
  • PCI compliance knowledge (pentest experience including segmentation testing is a plus)
  • Internal infrastructure pentest experience
  • Kubernetes/Docker environment pentest
  • Desktop/Binary (Cef, Electron, Proton, others) application pentest experience
First and Last Name
Do you have experience leading pentest teams?
Do you have any of the following skills?