Our pentesters belong to the most prestigious segment within HackerOne, highly esteemed by both testers and the customers they support. Emerging from a broader security researcher network, these experts rise to the top due to their extensive experience in security testing, specialized technical skills, and consistent professionalism. They possess wide-ranging expertise, encompassing web apps, APIs, cloud-to-mobile pentesting, and in-depth knowledge of compliance frameworks, allowing them to conduct thorough audits.
HackerOne selects, verifies, and onboards pentesters for each engagement to guarantee the right talent fit and the most effective results. Here is the strict recruitment process followed by the team:
Curate and Review Pentest Recruits: The Community team ranks applicants based on criteria specified in the Pentest Community Application. Our rigorous standards demand a minimum of 3 years of professional industry experience, top-tier security testing certifications, exemplary HackerOne performance metrics, and a clean Code of Conduct.
Background and ID Check: All HackerOne Pentesters must be HackerOne Clear verified and undergo a rigorous criminal background screening. Only those with spotless results earn certification for Clear programs. This background verification is renewed biannually to ensure the ongoing integrity and professionalism of our Clear community.
Pentester Approval and Onboarding: Once the above steps are concluded, the community team reviews the pentester's profile to ensure it includes the necessary information for us to assign them to the best-suited engagements based on their skills, certifications, citizenship, and other customer requirements.
Setting up Communication Channels: As we communicate and collaborate with customers and pentesters using Slack, approved and onboarded pentesters are added to the Slack instance for corresponding pentest engagements.
Continuous Feedback and Monitoring: New pentesters, once onboarded, enter a probationary phase encompassing their initial three pentests. During this time, we meticulously review their reports and communication and collect feedback from TEMs about their performance. This detailed monitoring ensures that every pentester continuously aligns with our standards of excellence and professionalism.