The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system." What you'll do We seek a highly technical and detail-oriented ...
The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system." What you'll do We seek a highly technical and detail-oriented ...
Validate bug bounty vulnerabilities. * Translate business requirements into technical specifications. * Troubleshoot complex issues and support Engineering teams. * Document designs, processes, and ...
Validate bug bounty vulnerabilities. * Translate business requirements into technical specifications. * Troubleshoot complex issues and support Engineering teams. * Document designs, processes, and ...
Product Security Engineer
San Jose, CA · On-site
Review, verify, and reproduce AI-related penetration testing and bug bounty submissions, including distinguishing genuine AI risks from false positives. Define AI testing scope for penetration ...
Product Security Engineer
San Jose, CA · On-site
Review, verify, and reproduce AI-related penetration testing and bug bounty submissions, including distinguishing genuine AI risks from false positives. Define AI testing scope for penetration ...
Review, verify, and reproduce AI-related penetration testing and bug bounty submissions, including distinguishing genuine AI risks from false positives. Define AI testing scope for penetration ...
Review, verify, and reproduce AI-related penetration testing and bug bounty submissions, including distinguishing genuine AI risks from false positives. Define AI testing scope for penetration ...
Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels. * Independently validate, reproduce ...
Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels. * Independently validate, reproduce ...
Senior Application Security Engineer
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Vulnerability Engineer
$117K - $160K/yr
You will also support offensive security initiatives, including penetration testing, red teaming, and bug bounty programs, ensuring findings are actionable and embedded into engineering workflows.
Senior Vulnerability Engineer
$117K - $160K/yr
You will also support offensive security initiatives, including penetration testing, red teaming, and bug bounty programs, ensuring findings are actionable and embedded into engineering workflows.
Senior Application Security Engineer
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Quick apply
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
... from triaging bug bounty submissions to driving remediation efforts with engineering teams. • Mature and scale our Secure SDLC and bug bounty programs to keep pace with a rapidly growing ...
... from triaging bug bounty submissions to driving remediation efforts with engineering teams. • Mature and scale our Secure SDLC and bug bounty programs to keep pace with a rapidly growing ...
Senior Product Security Engineer
$117K - $160K/yr
... from triaging bug bounty submissions to driving remediation efforts with engineering teams. • Mature and scale our Secure SDLC and bug bounty programs to keep pace with a rapidly growing ...
Senior Product Security Engineer
$117K - $160K/yr
... from triaging bug bounty submissions to driving remediation efforts with engineering teams. • Mature and scale our Secure SDLC and bug bounty programs to keep pace with a rapidly growing ...
With a growing engineering org, an active bug bounty program fielding 30+ open submissions at any given time, and products going live across smart contracts, backend services, and infrastructure ...
With a growing engineering org, an active bug bounty program fielding 30+ open submissions at any given time, and products going live across smart contracts, backend services, and infrastructure ...
Sr. Application Security Engineer
Redmond, WA · On-site
$65.75 - $88/hr
In this role, you will assess security issues, provide design feedback to developers, and ensure customer data protection while monitoring bug bounty submissions. Responsibilities : • Design and ...
Sr. Application Security Engineer
Redmond, WA · On-site
$65.75 - $88/hr
In this role, you will assess security issues, provide design feedback to developers, and ensure customer data protection while monitoring bug bounty submissions. Responsibilities : • Design and ...
Senior Product Security Engineer
OR · On-site +1
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
Senior Product Security Engineer
OR · On-site +1
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
Develop and operate systems and workflows that support the bug bounty and vulnerability disclosure program, including intake, triage, prioritization, and remediation tracking. * Partner with product ...
Develop and operate systems and workflows that support the bug bounty and vulnerability disclosure program, including intake, triage, prioritization, and remediation tracking. * Partner with product ...
Preferred : • Published security research, CVEs, or notable bug bounty findings. • Strong CTF background or competitive results at events like DEF CON CTF, or similar. • Deep expertise in a ...
Preferred : • Published security research, CVEs, or notable bug bounty findings. • Strong CTF background or competitive results at events like DEF CON CTF, or similar. • Deep expertise in a ...
In this role, you will stay on top of emerging threats-from 0-days and active exploitation campaigns to bug bounty findings and customer-reported issues-and rapidly determine their relevance and ...
In this role, you will stay on top of emerging threats-from 0-days and active exploitation campaigns to bug bounty findings and customer-reported issues-and rapidly determine their relevance and ...
Senior Product Security Engineer
$117K - $160K/yr
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
Senior Product Security Engineer
$117K - $160K/yr
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
Security Engineer, Application Security
$64.25 - $86/hr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Security Engineer, Application Security
$64.25 - $86/hr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Penetration Tester
San Francisco, CA · On-site
Experience in Red Teaming and bug bounty programs preferred Ideal Candidate: * 5-8 years of security testing experience * Proven ability to mentor teams and implement enterprise security solutions
Quick apply
Penetration Tester
San Francisco, CA · On-site
Experience in Red Teaming and bug bounty programs preferred Ideal Candidate: * 5-8 years of security testing experience * Proven ability to mentor teams and implement enterprise security solutions
Bug Bounty information
See salary details
$12.98 - $14.16
2% of jobs
$14.16 - $15.34
4% of jobs
$15.34 - $16.52
7% of jobs
$17.55 is the 25th percentile. Wages below this are outliers.
$16.52 - $17.70
13% of jobs
$17.70 - $18.88
19% of jobs
The median wage is $19.22 / hr.
$18.88 - $20.06
15% of jobs
$20.06 - $21.24
12% of jobs
$21.54 is the 75th percentile. Wages above this are outliers.
$21.24 - $22.42
11% of jobs
$22.42 - $23.60
9% of jobs
$23.60 - $24.78
7% of jobs
$24.78 - $25.96
1% of jobs
$12
$20
$25
How much do bug bounty jobs pay per hour?
As of Jun 23, 2026, the average hourly pay for bug bounty in the United States is $20.98, according to ZipRecruiter salary data. Most workers in this role earn between $17.31 and $22.12 per hour, depending on experience, location, and employer.
What does bug mean?
In the context of a bug bounty role, a bug refers to a security vulnerability or flaw in software or a website that could be exploited by attackers. Bug bounty programs reward security researchers for identifying and responsibly reporting these issues, often requiring skills in testing, analysis, and familiarity with tools like penetration testing frameworks.
What are the typical daily responsibilities of someone participating in bug bounty programs?
As a bug bounty professional, your daily activities often involve researching target applications, actively probing for vulnerabilities using automated tools and manual techniques, and documenting your findings in detailed reports. You may spend significant time reproducing and validating security issues before responsibly disclosing them to the organization via official bug bounty platforms. Collaboration is usually asynchronous, with occasional interactions with in-house security teams for clarification or follow-up on reported issues. Managing your workflow and keeping up with evolving security trends are also essential parts of the job, ensuring your findings remain thorough and relevant.
Is the movie bug worth watching?
The term 'bug' in a job context typically refers to security vulnerabilities identified during bug bounty programs. If you are interested in cybersecurity or bug bounty hunting, watching related movies can provide entertainment but may not offer practical skills. For job seekers, gaining hands-on experience with tools like Burp Suite or participating in bug bounty platforms is more valuable than movies about bugs.
What does bug mean in slang?
In slang, a 'bug' often refers to a hidden listening device or surveillance tool. In the context of bug bounty roles, it can also mean identifying software vulnerabilities or security flaws in applications or systems. Understanding this slang helps security professionals communicate effectively during penetration testing and vulnerability assessments.
What are the key skills and qualifications needed to thrive in the Bug Bounty position, and why are they important?
To thrive as a Bug Bounty professional, you need a strong understanding of web application security, programming languages, and vulnerability assessment methodologies. Familiarity with tools such as Burp Suite, OWASP ZAP, and various penetration testing frameworks, as well as certifications like OSCP or CEH, is highly valued. Persistence, attention to detail, and effective written communication are essential soft skills in this role. These competencies enable professionals to discover, document, and report security flaws accurately, helping organizations improve their cyber defenses.
What is a Bug Bounty job?
A Bug Bounty job involves finding and reporting security vulnerabilities in software, websites, or systems in exchange for monetary rewards. Companies run bug bounty programs to leverage ethical hackers' skills in identifying potential threats before malicious hackers can exploit them. Bug bounty hunters typically work as independent security researchers and submit vulnerability reports to organizations through platforms like HackerOne, Bugcrowd, or Synack. Payments vary based on the severity of the discovered flaw, with critical vulnerabilities earning the highest rewards.
What cleaners do bugs hate?
In bug bounty work, bugs are computer vulnerabilities, not insects, so cleaners are not relevant. However, in cybersecurity, certain cleaning tools like malware removal software can help eliminate malicious code, but they do not 'hate' cleaners. The focus is on identifying and fixing security flaws rather than cleaning products.
More about Bug Bounty jobs
What cities are hiring for Bug Bounty jobs? Cities with the most Bug Bounty job openings:
What are the most commonly searched types of Bug Bounty jobs? The most popular types of Bug Bounty jobs are:
What states have the most Bug Bounty jobs? States with the most job openings for Bug Bounty jobs include:
What job categories do people searching Bug Bounty jobs look for? The top searched job categories for Bug Bounty jobs are:
Full-time
This job post has expired today. Applications are no longer accepted.
Job description
Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
- Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program
- Communicate clearly and effectively with security researchers to follow up on unclear reports, drive report clarity, and increase engagement with top hackers
- Understand the root cause of security vulnerabilities to help product and engineering teams fix them, and advise on the right mitigation strategies
- Drive the lifecycle of submissions through to resolution, coordinating with product and engineering stakeholders
- Act as the security bridge between external researchers and internal teams to facilitate rapid and effective remediation
- Conduct in-depth data analysis on bug reports and vulnerability patterns to identify systemic risks and inform new security initiatives
- Provide tactical support for vulnerability management triage processes to augment the team as needed
- Prepare and implement improvements to the overall bug bounty program
- Provide feedback and requirements for tool development to enhance triage and security workflows, leveraging opportunities for automation
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- Proven ability to follow bug reports and accurately triage security vulnerabilities
- Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs)
- Competent in offensive security tools (e.g., Burp Suite, custom scripting)
- Ability to think like an attacker to understand the impact of vulnerabilities
- Proficient in clear communication, conveying technical concepts to various stakeholders
- Experience in one of the following areas
- Bug bounty program or triaging security vulnerability reports
- Knowledge of Stripe products and general security expertise
- Experience in technical support, operations, or similar roles with technical systems exposure
- Prior participation in or experience with bug bounty programs
- Experience analyzing source code for security vulnerabilities
- Proficiency in scripting languages (e.g., Python, Ruby) for automation
- Familiarity with cloud-based services (e.g., AWS, GCP)
- Certifications such as OSWA or BSCP
About Stripe
Sourced by ZipRecruiter
Industry
Software development
Company size
1,001 - 5,000 Employees
Headquarters location
San Francisco, CA, US
Year founded
2010