Founded in 2015, YesWeHack offers companies an innovative approach to cyber security, thanks to Bug Bounty (vulnerability reward), by connecting more than 40,000 cyber security experts (ethical hackers) spread across 130 countries, and companies to secure their exposed perimeters and search for vulnerabilities (bugs) in their websites, mobile applications, infrastructures and connected objects.
YesWeHack, the first European Bug Bounty platform, is present in France in Rennes, Rouen and Rouen, but also internationally in Germany in Munich, Switzerland in Lausanne and Asia in Singapore.
As a Security Analyst, you will participate in a team dedicated to the qualification of vulnerability reports submitted by our community of ethical hackers, to their analysis and to the support of our customers in the evaluation of these vulnerabilities in order to better understand the impacts and possible remedies.
You will also participate in the creation of internal tools to continuously improve the team's processes, as well as in the maintenance and evolution of these different tools for the benefit of our community.
Your missions will be the following:
Security Analyst :
- Verify the validity of vulnerability reports against the rules defined in each program.
- Understand and reproduce Proof-of-Concept.
- Analyze and evaluate the severity of the vulnerabilities according to the business context of the customer (reflected by a CVSS scoring).
- Restitution, technical popularization with our customers.
- Ensure dialogue with our community of ethical hackers.
- Follow-up of the vulnerability report workflow.
- Coordination with the Customer Success Manager department
- Development of internal solutions related to the position.
- Development of tools for our community.
You master :
- Exploitation of the OWASP Top 10 vulnerabilities or the CWE (ability to identify, exploit and explain their operation)
- The CVSS criticality assessment system and the details of their associated metrics (basic, temporal and environmental metrics).
- The specific tools for interception and replay of requests such as Burp Suite (operation of the different tabs and functionalities, development of extensions).
- Development in Python
- English read, spoken and written
The following notions will be an asset:
- Development on Frameworks such as Django / Flask
- Participation in Open Source projects
- Constant monitoring of Cybersecurity topics (CVE, research, vulnerability exploitation...)
- Curious by nature, you are passionate about Cybersecurity and have a strong appetite for
- Understanding how an information system works and how to secure it.
- You participate in CTFs and learning platforms in Infosec.
- Rigorous, respectful of good security practices, your team spirit and your interpersonal skills will also be necessary to successfully complete your missions.