Product Security Engineer
Job Summary
Product Security Engineer
Youll be joining Adobe on a contract opportunity employed through NextDeavor
Benefits Youll Love
NextDeavor offers health vision and dental benefits for contract employees Paid sick leave eligibility is contingent on state of residence Optional 401k Plan (excludes employer match) Opportunity to get your foot in the door at a well-established corporation with potential for extended or permanent full-time employment
Become a Key Player as a Product Security Engineer
You will lead triage and validation of external vulnerability reports for the clients products ensuring timely accurate resolution and clear researcher communications. You will work closely with internal engineering and security stakeholders to drive remediation and improve the bug bounty programs effectiveness. This is a contract engagement expected to backfill a team member on leave.
Heres How Youll Make an Impact on the Team
- Triage incoming vulnerability reports from the bug bounty platform assess validity impact and scope.
- Assign CVSS scores and severity ratings following internal guidelines and industry standards.
- Reproduce proof-of-concept exploits across web API and mobile surfaces to validate reports.
- Communicate with external researchers to request clarifications provide status updates and manage expectations.
- Coordinate confirmed vulnerabilities with product engineering teams for remediation.
- Identify duplicates out-of-scope or informational reports and close them with clear explanations.
- Contribute to internal documentation triage runbooks and severity calibration guidelines.
- Flag systemic or critical findings to the Bug Bounty team for escalation.
Heres What Youll Need to Be Successful in This Role
- 3 years of experience in application security penetration testing or a bug bounty/vulnerability disclosure role.
- Strong understanding of CVSS v3.1 and hands-on experience applying it to real-world vulnerabilities.
- Proficiency with common web vulnerability classes: XSS SQL injection SSRF IDOR authentication flaws and business logic issues.
- Ability to reproduce and validate PoC exploits using tools such as Burp Suite browser DevTools curl and custom scripts.
- Familiarity with bug bounty platforms (e.g. HackerOne Bugcrowd) and responsible disclosure processes.
- Solid written communication skills for clear constructive responses to external researchers.
- Familiarity with attacker techniques against LLM systems and generative AI products.
- Knowledge of OWASP Top 10 vulnerabilities and mitigation techniques.
Heres What Else Might Help You Out
- Experience with cloud environments (AWS Azure GCP) and API security testing.
- Hands-on penetration testing experience for AI/ML and LLM-powered products including chat interfaces and inference APIs.
- Prior participation in bug bounty programs as a researcher.
- Familiarity with CWE taxonomy and CVE assignment processes.
- Background working within a large enterprise or SaaS security organization.
Pay Range
$67.61 - $84.51/hour
Ready to Make Your Mark
This role may fill quickly. Submit your resume to be considered.
Required Experience:
IC
About Company
Hire trusted candidates who BELONG STAY ADVANCE NextDeavor is a recruiting agency helping companies make more strategic hiring decisions. FIND YOUR NEXT GREAT HIRE Using AI technology to make the recruiting process more human AI speeds up, refines, and expands our initial search. This ... View more