A bug bounty hunter is an individual who knows the nuts and bolts of cybersecurity and is well familiar with finding bugs or flaws. Simply put, a bug bounty hunter tests applications and platforms and looks for bugs that sometimes even the in-house development team fails to spot. Once spotting a bug, these professionals inform the company (or the concerned body behind the application or the platform) about the bug and in return, they get paid. The benefits are not always monetary.
- Expertise in all aspects of security disciplines: Information security, software development, vulnerability assessments, threat analysis, incident response, threat modeling, security intelligence and forensic investigations.
- Experience with Windows operating systems and security (boot process, subsystems, kernel- and user-level processes, networking, Active Directory, NTFS/NTFS security), Ubuntu, Kali Linux in addition to:
- Proficient with common attack tools (Immunity CANVAS, Burp, SET, Metasploit, Nmap, Nessus) and defensive tools (Snort Intrusion Detection System (IDS)/Intrusion Prevention System(IPS), tcpdump, Wireshark, Security Onion IDS Linux Distribution)
- Expertise in testing web applications for common web application security vulnerabilities including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues.
- Research and remain up to date with emerging threats and adversary emulation methodologies.
- Excellent presentation and communications skills to effectively communicate with program manager.
- Ability to clearly articulate complex concepts (both written and verbally).
$0K <=
- nahamsec.com