1

Bounty Jobs (NOW HIRING)

About the Role: We're looking for a Security Engineer who is equally at home hardening a CI/CD pipeline, reviewing a change to the authentication system on the backend, and triaging a bug bounty ...

Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...

Bug Bounty Program Management: Own and expand Vercel's bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues ...

Space Control Trainer

Colorado Springs, CO · On-site

$13 - $15.75/hr

... and Bounty Hunter (BH) Mission Qualification Training as assigned Develop, validate, standardize, and review training products to include lessons plans, scripts, visual aids, and input cards ...

Experience in Red Teaming and bug bounty programs preferred Ideal Candidate: * 5-8 years of security testing experience * Proven ability to mentor teams and implement enterprise security solutions

next page

Showing results 1-20

Bounty information

See salary details

$41.5K

$86.5K

$200K

How much do bounty jobs pay per year?

As of Jul 8, 2026, the average yearly pay for bounty in the United States is $86,486.00, according to ZipRecruiter salary data. Most workers in this role earn between $49,000.00 and $82,000.00 per year, depending on experience, location, and employer.

What are 'bounty' jobs?

Bounty jobs are tasks or projects posted by individuals or organizations offering a reward—called a 'bounty'—to anyone who completes them successfully. These jobs are common in areas like software development, cybersecurity, and bug hunting, where companies seek help from the public to solve specific problems or find vulnerabilities. Bounty jobs provide a way for freelancers and independent professionals to earn money by applying their skills to targeted challenges. The size of the bounty typically depends on the complexity and urgency of the task. Participants are usually paid only if they are the first to provide a satisfactory solution.

What is a Bounty job?

A Bounty job is a task or project where individuals or companies offer a financial reward for completing specific work, often in areas like cybersecurity, programming, design, or research. These jobs are typically open to freelancers or independent workers who compete to complete the task successfully. Payment is usually made only when the work meets predefined criteria. Bounty jobs are common in bug bounty programs, open-source development, and competitive freelancing.

What is the difference between Bounty vs Freelancer?

AspectBountyFreelancer
CredentialsTypically no formal credentials required; focus on task completionVaries; often requires specific skills or certifications
Work EnvironmentProject-based, often on platforms or company sitesRemote or on-site, flexible project work
Employer UsageCompanies post bounty tasks for specific rewardsClients hire freelancers for diverse projects
Search & ComparisonOften searched together for task-based workCompared for freelance opportunities

While both Bounty and Freelancer involve project-based work, Bounty typically refers to specific reward-based tasks often posted on platforms, whereas Freelancer encompasses a broader range of freelance projects across various industries. Understanding these differences helps job seekers find the right opportunities based on their skills and work preferences.

What is the 70 30 rule in hiring?

The 70/30 rule in hiring suggests that 70% of a candidate's evaluation should focus on skills, experience, and qualifications, while 30% should consider cultural fit and soft skills. For roles like Bounty, balancing technical ability with adaptability and teamwork is essential during the hiring process.

How do bounty jobs work?

Bounty jobs involve completing specific tasks or challenges for a reward, often in fields like cybersecurity, software development, or online marketplaces. Workers typically receive payment after verifying task completion, and some roles require skills in problem-solving, technical tools, or certifications. The process usually includes task assignment, work submission, and payment confirmation.

How much can you earn from bounty jobs?

Bounty jobs typically offer earnings based on the specific task or project, with payouts ranging from a few dollars for simple tasks to several thousand dollars for complex or high-value projects. Earnings depend on the skill required, the platform, and the scope of work, with some bounty hunters earning a significant income through multiple successful tasks.

Do I pay a headhunter to find me a job?

In most cases, bounty roles or similar positions do not require paying a headhunter or recruiter. Employers typically pay recruiters a fee if they successfully place a candidate, so job seekers usually do not pay upfront or directly to headhunters. However, it is important to verify the legitimacy of any recruiting agency before sharing personal information or paying fees.

What are some common challenges faced by professionals working in bounty programs, and how can they be addressed?

Professionals participating in bounty programs, such as bug bounty hunters or security researchers, often face challenges like stiff competition, rapidly changing technology landscapes, and varying quality of scope documentation. To address these, it’s important to stay updated with the latest security trends, engage with the community to share knowledge, and thoroughly review each program’s rules and scope before beginning work. Effective communication with program managers and maintaining detailed, clear reports can also improve the chances of successful submissions and recognition.

What are the key skills and qualifications needed to thrive as a Bounty Hunter, and why are they important?

To thrive as a Bounty Hunter, you need a solid understanding of law enforcement practices, investigative techniques, and typically a background in criminal justice or relevant licensure where required. Familiarity with surveillance equipment, databases for tracking fugitives, and sometimes firearms certification are commonly necessary. Strong soft skills include persistence, negotiation, discretion, and the ability to remain calm under pressure. These skills ensure the safe, legal, and effective apprehension of fugitives, while maintaining personal safety and professional standards.
More about Bounty jobs
What cities are hiring for Bounty jobs? Cities with the most Bounty job openings:
What states have the most Bounty jobs? States with the most job openings for Bounty jobs include:

Security Engineer

Etherfi

New York, NY • On-site

Full-time

Re-posted 25 days ago


Job description

About the Role:
We're looking for a Security Engineer who is equally at home hardening a CI/CD pipeline, reviewing a change to the authentication system on the backend, and triaging a bug bounty submission before lunch.This is a hands-on, builder-first role - not a governance checkbox. You'll own security operations end-to-end, embedded directly into the engineering team and working closely with infrastructure, protocol and platform.
If you treat threat modeling as a design conversation and not a compliance exercise, you're our kind of person. You should only apply for this role if you are ready to come into the office every day and work in person with our team!
What You'll Do:
Security Operations
Own day-to-day security operations: monitoring, alerting, triage, and response
Manage and monitor endpoint security via an EDR system - tune detections, investigate alerts, and drive incidents to resolution
Lead identity lifecycle management, including employee onboarding and off boarding (access provisioning, key rotation, deprovisioning)
Bug Bounty & Vulnerability Management
Be the primary owner of our ImmuneFi program - triaging, reproducing, and responding to incoming submissions daily
Prioritize and track vulnerabilities through to remediation in close collaboration with protocol and engineering teams
Develop internal tooling and processes to make the bounty workflow faster and more consistent
DevSecOps & Pipeline Hardening
Audit and harden CI/CD pipelines - secrets management, supply chain integrity, SAST/DAST integration, build provenance
Own dependency security: identify and remediate vulnerable packages across repositories (yes, including the npm dependency hell)
Establish and enforce security standards across the SDLC
Infrastructure Security
Partner with the infrastructure team to review and harden cloud environments (access controls, network segmentation, least privilege, logging)
Contribute to threat modeling for new systems and architectural changes
Drive implementation of security tooling across the stack
Vendor & External Partner Management
Own relationships with external security vendors and service providers - holding them accountable toSLAs, managing scope, and ensuring findings are actioned
Evaluate and onboard new security tooling as the team and threat landscape evolve
What We're Looking For:
5-8+ years of experience in software and security engineering, with meaningful time in a DevSecOps or security operations context
Strong software engineering fundamentals - you're a builder who writes code, not just policy
Hands-on experience hardening CI/CD pipelines (GitHub Actions, CircleCI, or similar) and cloud infrastructure (AWS, GCP, or equivalent)
Proficiency with endpoint security tooling (CrowdStrike or equivalent EDR)
Comfort owning identity and access management processes, including onboarding/offboarding workflows
Strong communication skills - you can write a clear triage report, give direct feedback to a developer and explain risk to a non-technical stakeholder
Nice to Have:
You were a traditional software engineer before specializing in security
Prior experience at a DeFi protocol, crypto exchange, or blockchain infrastructure company
CTF/security competition background
Contributions to open-source security tooling
What Success Looks Like:
In your first 90 days, you've mapped our attack surface, established a daily rhythm on ImmuneFi, and shipped at least a few meaningful PRs across the full stack. Within six months, you've built enough trust in the team that engineers come to you before shipping sensitive PRs, not after.