Our pentest community is one of the most exclusive communities we manage within HackerOne. All pentesters of this community will require background checks and ID verification. Pentesters are also required to have extreme professionalism and good customer communication skills, and a history of good behavior and professionalism in the HackerOne platform, including past mediation behavior and code of conduct reviews.
Benefits of being part of this exclusive community include not only the compensation model but also direct access to communication with customers and HackerOne staff, consideration for other HackerOne programs, and certifications or training sponsored by HackerOne on an ad-hoc basis.
Right now, we are reviewing applicants quarterly (each 3 months) and allow-listing a small list of candidates each time. Requirements to apply and prioritization criteria are outlined in this page.
Please remember that there is a big waiting list for opportunities to join, so it might take some time till we add new pentesters to our community, some hackers fitting into the priority one bucket wait more than a year to become onboarded.
Please also understand that HackerOne reserves the right to make the final decision about the applicant's approval even if the candidate is qualified.
The best candidate for HackerOne pentest, is the one who has professional experience working as a pentester, has also been an active bug bounty hunter in the HackerOne platform (verifiable experience and familiar with the platform) and also has at least one infosec/pentest/hacking certification. Below is a table showing some different profiles that we will consider with the current priority noted:
Other areas of interest in addition of aforementioned experience/skills:
By participating in programs on HackerOne, all Finders agree to help empower our community by following the HackerOne Code of Conduct (CoC). The CoC is in addition to the General Terms and Conditions and Finder Terms and Conditions that all Finders must agree to when creating an account.
View all our policies here.