The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system." What you'll do We seek a highly technical and detail-oriented ...
The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system." What you'll do We seek a highly technical and detail-oriented ...
They are seeking a Product Security Engineer to support their Bug Bounty program on a 6-month contract engagement, where the engineer will be responsible for triaging vulnerability reports and ...
They are seeking a Product Security Engineer to support their Bug Bounty program on a 6-month contract engagement, where the engineer will be responsible for triaging vulnerability reports and ...
Technical Program Manager, Bug Bounty
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Technical Program Manager, Bug Bounty
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
AWS Bug Bounty has a diverse set of customers: service owners and engineers, security leadership as well as our external crowd of researchers Strong communication skills are required when providing ...
AWS Bug Bounty has a diverse set of customers: service owners and engineers, security leadership as well as our external crowd of researchers Strong communication skills are required when providing ...
Technical Program Manager, Bug Bounty
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Technical Program Manager, Bug Bounty
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
AWS Bug Bounty has a diverse set of customers: service owners and engineers, security leadership as well as our external crowd of researchers Strong communication skills are required when providing ...
AWS Bug Bounty has a diverse set of customers: service owners and engineers, security leadership as well as our external crowd of researchers Strong communication skills are required when providing ...
Technical Program Manager, Bug Bounty
Seattle, WA · On-site
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Technical Program Manager, Bug Bounty
Seattle, WA · On-site
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Product Security Engineer
Lehi, UT · On-site
$67.61 - $84.51/hr
Triage incoming vulnerability reports from the bug bounty platform, assess validity, impact, and scope. * Assign CVSS scores and severity ratings following internal guidelines and industry standards.
Quick apply
Product Security Engineer
Lehi, UT · On-site
$67.61 - $84.51/hr
Triage incoming vulnerability reports from the bug bounty platform, assess validity, impact, and scope. * Assign CVSS scores and severity ratings following internal guidelines and industry standards.
Product Security Engineer
Lehi, UT · On-site
We are seeking a Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for external ...
Product Security Engineer
Lehi, UT · On-site
We are seeking a Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for external ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels. * Independently validate, reproduce ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels. * Independently validate, reproduce ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Vulnerability Engineer
$117K - $160K/yr
You will also support offensive security initiatives, including penetration testing, red teaming, and bug bounty programs, ensuring findings are actionable and embedded into engineering workflows.
Senior Vulnerability Engineer
$117K - $160K/yr
You will also support offensive security initiatives, including penetration testing, red teaming, and bug bounty programs, ensuring findings are actionable and embedded into engineering workflows.
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Quick apply
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Staff+ Application Security Engineer
San Francisco, CA · On-site +1
$320K - $485K/yr
Evolve a public bug bounty program where automation handles routine triage and root-cause work, and engineers handle escalations and corner cases * Partner with Product, Infrastructure, and Research ...
Staff+ Application Security Engineer
San Francisco, CA · On-site +1
$320K - $485K/yr
Evolve a public bug bounty program where automation handles routine triage and root-cause work, and engineers handle escalations and corner cases * Partner with Product, Infrastructure, and Research ...
Lead the end to end technical onboarding and configuration of Bug Bounty, Vulnerability Disclosure, Red team and pentest programs for new and existing customers. * Translate customer security ...
Lead the end to end technical onboarding and configuration of Bug Bounty, Vulnerability Disclosure, Red team and pentest programs for new and existing customers. * Translate customer security ...
Triage and validate reports from automated scanners or bug bounty hunters to eliminate false positives and escalate true positives * AI/LLM Probing: Perform initial prompt injection and jailbreak ...
Triage and validate reports from automated scanners or bug bounty hunters to eliminate false positives and escalate true positives * AI/LLM Probing: Perform initial prompt injection and jailbreak ...
Triage and validate reports from automated scanners or bug bounty hunters to eliminate false positives and escalate true positives * AI/LLM Probing: Perform initial prompt injection and jailbreak ...
Triage and validate reports from automated scanners or bug bounty hunters to eliminate false positives and escalate true positives * AI/LLM Probing: Perform initial prompt injection and jailbreak ...
Bug Bounty Program Management: Own and expand Vercel's bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues ...
Bug Bounty Program Management: Own and expand Vercel's bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues ...
Senior Product Security Engineer
OR · On-site +1
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
Senior Product Security Engineer
OR · On-site +1
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
Bug Bounty information
See salary details
$12.98 - $14.16
2% of jobs
$14.16 - $15.34
4% of jobs
$15.34 - $16.52
7% of jobs
$17.55 is the 25th percentile. Wages below this are outliers.
$16.52 - $17.70
13% of jobs
$17.70 - $18.88
19% of jobs
The median wage is $19.22 / hr.
$18.88 - $20.06
15% of jobs
$20.06 - $21.24
12% of jobs
$21.54 is the 75th percentile. Wages above this are outliers.
$21.24 - $22.42
11% of jobs
$22.42 - $23.60
9% of jobs
$23.60 - $24.78
7% of jobs
$24.78 - $25.96
1% of jobs
$12
$20
$25
How much do bug bounty jobs pay per hour?
What are the typical daily responsibilities of someone participating in bug bounty programs?
As a bug bounty professional, your daily activities often involve researching target applications, actively probing for vulnerabilities using automated tools and manual techniques, and documenting your findings in detailed reports. You may spend significant time reproducing and validating security issues before responsibly disclosing them to the organization via official bug bounty platforms. Collaboration is usually asynchronous, with occasional interactions with in-house security teams for clarification or follow-up on reported issues. Managing your workflow and keeping up with evolving security trends are also essential parts of the job, ensuring your findings remain thorough and relevant.
Is AI killing bug bounty?
How do I get into bug bounty?
What are the key skills and qualifications needed to thrive in the Bug Bounty position, and why are they important?
To thrive as a Bug Bounty professional, you need a strong understanding of web application security, programming languages, and vulnerability assessment methodologies. Familiarity with tools such as Burp Suite, OWASP ZAP, and various penetration testing frameworks, as well as certifications like OSCP or CEH, is highly valued. Persistence, attention to detail, and effective written communication are essential soft skills in this role. These competencies enable professionals to discover, document, and report security flaws accurately, helping organizations improve their cyber defenses.
What is a Bug Bounty job?
A Bug Bounty job involves finding and reporting security vulnerabilities in software, websites, or systems in exchange for monetary rewards. Companies run bug bounty programs to leverage ethical hackers' skills in identifying potential threats before malicious hackers can exploit them. Bug bounty hunters typically work as independent security researchers and submit vulnerability reports to organizations through platforms like HackerOne, Bugcrowd, or Synack. Payments vary based on the severity of the discovered flaw, with critical vulnerabilities earning the highest rewards.
Can bug bounty be a career?
How much does a bug bounty make?

Job description
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
- Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program
- Communicate clearly and effectively with security researchers to follow up on unclear reports, drive report clarity, and increase engagement with top hackers
- Understand the root cause of security vulnerabilities to help product and engineering teams fix them, and advise on the right mitigation strategies
- Drive the lifecycle of submissions through to resolution, coordinating with product and engineering stakeholders
- Act as the security bridge between external researchers and internal teams to facilitate rapid and effective remediation
- Conduct in-depth data analysis on bug reports and vulnerability patterns to identify systemic risks and inform new security initiatives
- Provide tactical support for vulnerability management triage processes to augment the team as needed
- Prepare and implement improvements to the overall bug bounty program
- Provide feedback and requirements for tool development to enhance triage and security workflows, leveraging opportunities for automation
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- Proven ability to follow bug reports and accurately triage security vulnerabilities
- Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs)
- Competent in offensive security tools (e.g., Burp Suite, custom scripting)
- Ability to think like an attacker to understand the impact of vulnerabilities
- Proficient in clear communication, conveying technical concepts to various stakeholders
- Experience in one of the following areas
- Bug bounty program or triaging security vulnerability reports
- Knowledge of Stripe products and general security expertise
- Experience in technical support, operations, or similar roles with technical systems exposure
- Prior participation in or experience with bug bounty programs
- Experience analyzing source code for security vulnerabilities
- Proficiency in scripting languages (e.g., Python, Ruby) for automation
- Familiarity with cloud-based services (e.g., AWS, GCP)
- Certifications such as OSWA or BSCP
About Stripe
Sourced by ZipRecruiter
Industry
Software development
Company size
1,001 - 5,000 Employees
Headquarters location
San Francisco, CA, US
Year founded
2010