Bug Hunter - Pursuits; Dark Web & Threat Intelligence

About The Team

The Pursuits team produces dark web and threat intelligence on prospects, the companies Cyble's sales and presales teams are trying to win. Early, validated intelligence shows a prospect what's exposed about it (access for sale, leaks, vulnerable assets) and demonstrates Cyble's offering in action. Our internal customers are sales and presales, and our work directly supports new-client growth.

We cover the dark web (access sales, leaks, malicious tools, marketplaces) and threats from ransomware groups, extortion crews, hacktivists, and APTs, plus cloud storage exposures and other vulnerabilities. Our work is both proactive and driven by collaboration with other teams.

You find vulnerabilities and misconfigurations in a prospect's assets, applications, and domains using passive reconnaissance, then write them up clearly. The core of the job is surfacing impactful findings and detailing them in reports with proof‑of‑concept steps and remediation recommendations.

• Run passive reconnaissance on prospects' assets, applications, and domains to find vulnerabilities and misconfigurations (no active scanning or exploitation).
• Use OSINT and dark web research, along with other avenues, to gather relevant data on prospects.
• Write clear, impactful reports with proof‑of‑concept steps and remediation recommendations.
• Keep learning and stay current on the latest research techniques and tools.
• Work with the team to report findings accurately and on time.

• A strong passion for information security and learning.
• Excellent written and verbal communication.
• Familiarity with passive reconnaissance techniques and tools.
• Familiarity with common web and infrastructure vulnerability classes and how to demonstrate them safely.
• Able to use AI tools effectively to speed up research and writing.
• A track record of impactful findings, with writeups or proof‑of‑concept work you can walk us through.

• Familiarity with OSINT and dark web research.
• Basic scripting (Python/regex) for parsing data and automating checks.
• Exposure to bug bounty programs or coordinated disclosure / CVE work.

• Impactful findings delivered each week.
• Reports are clear, accurate, and timely, with reproducible proof‑of‑concept steps.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected Veteran status age, or genetics, or any other characteristic protected by law.