HackerOne is a global leader in Continuous Threat Exposure Management (CTEM). The HackerOne Platform unites agentic AI solutions with the ingenuity of the world’s largest community of security researchers to continuously discover, validate, prioritize, and remediate exposures across code, cloud, and AI systems. Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming, and code security, HackerOne delivers measurable, continuous reduction of cyber risk for enterprises. Industry leaders, including Anthropic, Crypto.com, General Motors, Goldman Sachs, Lufthansa, Uber, UK Ministry of Defence, and the U.S. Department of Defense, trust HackerOne to safeguard their digital ecosystems. HackerOne was recognized in Gartner’s Emerging Tech Impact Radar: AI Cybersecurity Ecosystem report for its leadership in AI Security Testing and has been named a Most Loved Workplace for Young Professionals (2024). HackerOne is at a pivotal inflection point in the security industry. Offensive security is no longer optional – it is the standard for forward-thinking companies that want to build trust and resilience in a world where AI-driven innovation and adversaries are moving faster than ever. With the industry shifting, HackerOne stands apart: we combine the ingenuity of the largest security research community with a best-in-class AI-powered platform, trusted by the world’s top organizations.
HackerOne Values
HackerOne is dedicated to fostering a strong and inclusive culture. HackerOne is Customer Obsessed and prioritizes customer outcomes in our decisions and actions. We Default to Disclosure by operating with transparency and integrity, ensuring trust and accountability. Employees, researchers, customers, and partners Win Together by fostering empowerment, inclusion, respect, and accountability. ## What You Will Do
Apply an AI-First approach by using AI tools responsibly to improve research quality, drafting efficiency, and privacy assessment workflows. - Demonstrate Change Agility by adapting quickly to evolving global privacy and AI regulations, adjusting guidance as new risks, tools, or requirements emerge. - Use First Principles Problem Solving to simplify complex privacy questions, clarify assumptions, and provide clear, structured recommendations. - Leverage Data-Driven Decision Making during DPIAs,and related assessments by grounding evaluations in evidence, criteria, and regulatory expectations. - Support the current Privacy function with global privacy assessments, including DPIAs, AI DPIAs, TIAs, LIAs, and other structured risk reviews. - Review new and existing product features, AI capabilities, and data practices as part of privacy-by-design, identifying risks and opportunities early in development. - Draft, review, and negotiate data processing agreements (DPAs), privacy terms, and commercial contracts to support global sales and procurement. - Maintain and update privacy contractual documentation and internal templates and policies. - Create and deliver internal training on privacy and AI governance. - As part of the Privacy function, support internal and external privacy audits, coordinate with external advisors, and ensure alignment across business functions on assessment findings and remediation. - Monitor evolving privacy laws, case law, AI governance frameworks, and regulatory trends, sharing key insights with stakeholders to maintain compliance and anticipate future requirements. ## Minimum Qualifications
Qualified lawyer (UK or EU) with GDPR experience PQE 5+ years (mix of in-house or private practice experience). Years matter less to us than impact. If you have relevant specialist experience, apply even if you don’t quite hit the 5+ years. - Strong knowledge of EU/UK GDPR and familiarity with global privacy laws (US, Middle East, Asia). - Experience drafting and negotiating data processing agreements and handling privacy-related issues in a global business context. - Proven ability to manage data breaches, regulatory notifications and privacy audits. - Excellent communication skills with the ability to simplify complex legal concepts for non-legal audiences. - Strong understanding of AI technologies, their ethical implications, and related legal frameworks. - Excellent analytical, problem-solving, and decision-making skills with the ability to provide practical and strategic legal advice. - Experience in using privacy management systems such as OneTrust is required. - Ability to manage multiple priorities and work collaboratively across diverse teams. - Comfortable working independently in a fast-paced, global environment
Preferred Qualifications
Certified Information Privacy Professional (CIPP),
Artificial Intelligence Governance Professional (AIGP) and other relevant certifications,
German language proficiency. - Experience in cybersecurity, offensive security, or SaaS environments. Compensation Band
UK Tier: £80K – £100K • Offers Equity
#LI-KM1
#LI-Remote
Job Benefits:
Health (medical, vision, dental), life, and disability insurance*
Equity stock options
Retirement plans
Paid public holidays and unlimited PTO
Paid maternity and parental leave
Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)
Employee Assistance Program
*Eligibility may differ by country
We're committed to building a global team! For certain roles outside the United States, India, the U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR). Visa/work permit sponsorship is not available. This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.
