
How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Department: Cyber Services and Capabilities
Location: GBR Manchester Hardman Boulevard
Description
As a Bug Bounty Analyst, you will act as the first line of validation for vulnerability submissions. You will work directly with the Bug Bounty researcher community to accurately reproduce and validate submissions and provide clients with technical writeups for any actionable findings.
When triaging vulnerability submissions, analysts must assess the reproducibility, the real-world security impact, and that the reported issue is in scope so that submissions can be successfully filtered prior to escalating to the client.
Bug Bounty Analysts serve as a trusted intermediary between the researcher community and the client and therefore must have strong technical capabilities balanced with the ability to deliver clear, professional communication.
Key Responsibilities
Due to continued growth, NCC Group is seeking an experienced Bug Bounty Triage analyst to join the Bug Bounty Services (BBS) Practice as a Security Analyst on our Tier 1 Triage Team.
- As the premiere triage team in the bug bounty domain, the team’s Security Analysts have the unique opportunity to directly engage with the security researcher community on their findings on behalf of our Enterprise clients.
- The Tier 1 Triage team is fully distributed in NA, EMEA, and APAC, and this role directly reports to BBS’ UK-based Triage Team Lead.
Responsibilities include:
- Reproduce reported vulnerabilities in a controlled manner to confirm their validity.
- Ensure that all validated reports meet quality standards for clarity, accuracy, and reproducibility before escalation to the client.
- Communicate professionally and constructively with the security researcher community, requesting information and providing clarification where needed.
- Communicate clearly and professionally with Enterprise clients ensuring that technical details are
- Identify and appropriately handle out-of-scope reports, duplicates, and low-quality AI submissions.
- Manage client queues to meet agreed response and validation timeframes.
- Author and deliver NCC-quality vulnerability reports to the specifications of individual clients.
- Drive or contribute to projects that improve BBS’ tooling, operational processes, and delivery quality.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Skills, Knowledge & Expertise
- Excellent written and verbal communication skills.
- Proven experience in web application, network, and mobile application security testing.
- Strong knowledge in OWASP Top 10.
- Recent professional experience that required regular use of a programming scripting language (e.g., Python, JavaScript).
- Vulnerability Disclosure and Bug Bounty experience.
- Vulnerability Management experience is a plus.
- Software QA experience is a plus.
- Experience with SAST and DAST testing tools is a plus.
Job Benefits
- Flexible Working: Balance your work and personal life with our flexible working options.
- Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
- Medicash & Critical Illness Scheme.
- Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
- Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
- Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
- Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
- Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
- Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.
If you do not want us to retain your details, you can utilize the Manage Your Data tool provided by Pinpoint or contact us directly at: global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Notice.
We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.
Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills