Intigriti’s PTaaS (Penetration Testing as a Service) represents a modern approach to security testing, blending the structured nature of traditional pentests with the flexibility and talent of the bug bounty community. Each PTaaS engagement involves a dedicated researcher and requires an application process to join.
Because PTaaS researchers work closely with customers and represent Intigriti throughout the engagement, access isn’t granted by default. Instead, we extend this opportunity to researchers who have consistently demonstrated both strong technical expertise and professional, ethical conduct.
Eligibility for Focused Pentests
To qualify and become eligible to run pentests as a researcher, the following technical criteria must be met:
Verified identity
Your identity must be successfully verified through Intigriti.Platform activity
You should have been actively participating on the Intigriti platform for at least one year.Expert knowledge
You must have reported at least 1 critical or exceptional vulnerability before.
Report validity
At least 80% of your submitted reports must be classified as valid.Continuous quality
You need to have more than 15 accepted submissions.
Signal-to-noise ratio
No more than 33% of your reports may be categorized as “informative” only.Impactful findings
At least 50% of your reports should have been eligible for a bounty (reported on a non-VDP program).
We may also consider these criteria fulfilled if you can demonstrate equivalent performance on other recognized vulnerability disclosure or bug bounty platforms. The same applies to researchers with part-time or full-time experience in professional penetration testing roles.
Interview Vetting Process
Once the Technical Eligibility Criteria are met, researchers may proceed to a brief interview with an Intigriti PTaaS Pentest Manager. This conversation is designed to assess the following:
Language proficiency
Clear and effective communication, both written and spoken.Pentesting knowledge and skills
Practical understanding of methodologies, tooling, and reporting standards relevant to PTaaS engagements.Professionalism with customers
Ability to represent Intigriti and interact respectfully with clients throughout the engagement.
If the Pentest Manager determines that these criteria are satisfied, the researcher will be marked as “Eligible for PTaaS”, enabling them to apply for upcoming PTaaS engagements.
Eligibility for Comprehensive Pentests
To qualify for Comprehensive PTaaS Pentests, researchers must go beyond the focused PTaaS eligibility criteria and demonstrate a strong track record of professionalism and impact. Specifically, you’ll need to:
Have successfully completed at least five Focused PTaaS engagements.
Consistently deliver clear, high-quality reports with meaningful findings.
Be comfortable using structured workflows, reporting templates, and collaboration tools.
Be available for briefings and reliably meet deadlines without follow-up.
Because not all of these aspects are measurable through platform metrics alone, Intigriti’s Pentest Delivery Managers will assess your overall suitability based on past engagements and communication quality.
Eligibility for Certified Pentests
Certified Pentests represent the most formal and structured engagements, often aligned with enterprise-grade or compliance-driven requirements. To qualify for these, researchers must meet all Focused PTaaS and Comprehensive Pentest criteria, and hold at least one of the following industry-recognized certifications:
CREST: CRT, CCT-INF, CCT-APP
EC-Council: ECSA, LPT
Offensive Security: OSCP, OSEP, OSWE
SANS/GIAC: GPEN, GWAPT, GXPN
These certifications serve as a baseline for technical capability and methodology.
To be considered for Certified PTaaS engagements, you must add your certification(s) and a validation link (e.g. Credly, official registry, etc.) to your researcher profile on Intigriti.
In addition to the certification requirement, Intigriti’s Pentest Delivery Managers will assess your past performance and professionalism to confirm your readiness for these high-assurance projects.
Program-Specific Requirements
Even if a researcher is eligible for one or more PTaaS types at Intigriti, individual PTaaS programs may have additional requirements that must be met in order to participate. These criteria are defined by the customer and are specific to the engagement.
Companies may introduce custom conditions based on legal obligations, internal policies, or the nature of the scope.
For example, certain programs may restrict participation to researchers from specific countries or regions due to compliance or regulatory reasons.
This works similarly to how access restrictions are applied in continuous programs, but it’s important to understand that these program-specific requirements apply on a case-by-case basis and do not affect your overall PTaaS eligibility on the platform.
Exclusion Criteria
Researchers may be excluded from participating in PTaaS Pentest Programs if they violate Intigriti’s Researcher Terms & Conditions or Code of Conduct. This also applies to instances of explicitly unprofessional behaviour directed toward Intigriti staff or customers.
In such cases, the researcher’s “Eligible for PTaaS” status may be revoked, restricting access to future PTaaS opportunities.
Depending on the severity of the violation, additional measures may be taken — including temporary suspensions or permanent bans from the platform.
Next Steps
Once you meet the relevant eligibility criteria, your profile will appear in Intigriti’s internal tracking list of qualified researchers for PTaaS. This allows our Pentest Delivery Managers to identify researchers who are ready for upcoming engagements.
As our PTaaS offering continues to grow, we are gradually expanding our team of trusted pentesters. If your profile aligns with an upcoming opportunity, a member of the team will reach out to invite you to apply or participate in a relevant engagement.
There’s no need to reapply or reach out proactively — just keep doing great work on the platform, and we’ll be in touch when the time is right.