Thanks for your interest in applying to join the Pentest community at HackerOne.
Our pentest community is one of the more exclusive communities we manage within HackerOne. All pentesters of this community will require background checks and ID verification, and accept and abide by the Pentest Rules of Engagement. Pentesters are also required to have extreme professionalism and good customer communication skills, and a history of good behavior and professionalism in the HackerOne platform.
Benefits of being part of this exclusive community include not only the compensation model but also direct access to communication with customers and HackerOne staff, exclusive profile badges, and might also include certifications or training sponsored by HackerOne on an ad-hoc basis.
Right now, we are reviewing applicants quarterly (each 3 months) and allow-listing a small list of candidates each time. Requirements to apply are outlined in this page.
Please remember that there is a big waiting list for opportunities to join, so it might take some time till we add new pentesters to our community. Right now we are not sending an email after the application confirming or not your application, but we will definitely contact you if your profile is within the priority list. Also, please understand that HackerOne reserves the right to make the final decision about the applicant's approval even if the candidate is qualified.
What are we looking for:
The best candidate for HackerOne pentest, is the one who has professional experience working as a pentester, has also been an active bug bounty hunter in the HackerOne platform (verifiable experience and familiar with the platform) and also has at least one infosec/pentest/hacking certification. Below is a table showing some different profiles that we will consider with the current priority noted:
What we are looking for:
- AWS Security Specialty
- Others might also be considered, but the above mentioned ones will be likely prioritized.
- iOS mobile pentest experience
- Cloud infrastructure (Aws/azure/GCP) pentest experience
- PCI compliance knowledge (pentest experience including segmentation testing is a plus)
- Internal infrastructure pentest experience
- Kubernetes/Docker environment pentest
- Desktop/Binary (Cef, Electron, Proton, others) application pentest experience
View our policies here.