Product Security Engineer
San Jose, CA · On-site
In this role, you will manage product security testing, handle bug bounty reports, and collaborate with various teams to enhance Adobe's security initiatives. Responsibilities : • Support the ...
Product Security Engineer
San Jose, CA · On-site
In this role, you will manage product security testing, handle bug bounty reports, and collaborate with various teams to enhance Adobe's security initiatives. Responsibilities : • Support the ...
Validate bug bounty vulnerabilities. * Translate business requirements into technical specifications. * Troubleshoot complex issues and support Engineering teams. * Document designs, processes, and ...
Validate bug bounty vulnerabilities. * Translate business requirements into technical specifications. * Troubleshoot complex issues and support Engineering teams. * Document designs, processes, and ...
Review, verify, and reproduce AI-related penetration testing and bug bounty submissions, including distinguishing genuine AI risks from false positives. Define AI testing scope for penetration ...
Review, verify, and reproduce AI-related penetration testing and bug bounty submissions, including distinguishing genuine AI risks from false positives. Define AI testing scope for penetration ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels. * Independently validate, reproduce ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels. * Independently validate, reproduce ...
Product Security Engineer
San Jose, CA · On-site
Review, verify, and reproduce AI-related penetration testing and bug bounty submissions, including distinguishing genuine AI risks from false positives. Define AI testing scope for penetration ...
Product Security Engineer
San Jose, CA · On-site
Review, verify, and reproduce AI-related penetration testing and bug bounty submissions, including distinguishing genuine AI risks from false positives. Define AI testing scope for penetration ...
Senior Vulnerability Engineer
$117.20K - $160.70K/yr
You will also support offensive security initiatives, including penetration testing, red teaming, and bug bounty programs, ensuring findings are actionable and embedded into engineering workflows.
Senior Vulnerability Engineer
$117.20K - $160.70K/yr
You will also support offensive security initiatives, including penetration testing, red teaming, and bug bounty programs, ensuring findings are actionable and embedded into engineering workflows.
Senior Product Security Engineer
San Francisco, CA · On-site
$134.90K - $185K/yr
... from triaging bug bounty submissions to driving remediation efforts with engineering teams. • Mature and scale our Secure SDLC and bug bounty programs to keep pace with a rapidly growing ...
Senior Product Security Engineer
San Francisco, CA · On-site
$134.90K - $185K/yr
... from triaging bug bounty submissions to driving remediation efforts with engineering teams. • Mature and scale our Secure SDLC and bug bounty programs to keep pace with a rapidly growing ...
... from triaging bug bounty submissions to driving remediation efforts with engineering teams. • Mature and scale our Secure SDLC and bug bounty programs to keep pace with a rapidly growing ...
... from triaging bug bounty submissions to driving remediation efforts with engineering teams. • Mature and scale our Secure SDLC and bug bounty programs to keep pace with a rapidly growing ...
Sr. Application Security Engineer
Redmond, WA · On-site
$65.75 - $88/hr
In this role, you will assess security issues, provide design feedback to developers, and ensure customer data protection while monitoring bug bounty submissions. Responsibilities : • Design and ...
Sr. Application Security Engineer
Redmond, WA · On-site
$65.75 - $88/hr
In this role, you will assess security issues, provide design feedback to developers, and ensure customer data protection while monitoring bug bounty submissions. Responsibilities : • Design and ...
Member of Technical Staff (Software Engineer, Security)
New York, NY · On-site +1
$220K - $405K/yr
Develop and operate systems and workflows that support the bug bounty and vulnerability disclosure program, including intake, triage, prioritization, and remediation tracking. * Partner with product ...
Member of Technical Staff (Software Engineer, Security)
New York, NY · On-site +1
$220K - $405K/yr
Develop and operate systems and workflows that support the bug bounty and vulnerability disclosure program, including intake, triage, prioritization, and remediation tracking. * Partner with product ...
Support Bug Bounty Programs : Participate in and enhance the bug bounty program by validating submissions, providing detailed analysis, and collaborating with researchers and internal stakeholders to ...
Support Bug Bounty Programs : Participate in and enhance the bug bounty program by validating submissions, providing detailed analysis, and collaborating with researchers and internal stakeholders to ...
SOC Engineer
Foster City, CA · On-site
$180K - $250K/yr
In this role, you will stay on top of emerging threats-from 0-days and active exploitation campaigns to bug bounty findings and customer-reported issues-and rapidly determine their relevance and ...
SOC Engineer
Foster City, CA · On-site
$180K - $250K/yr
In this role, you will stay on top of emerging threats-from 0-days and active exploitation campaigns to bug bounty findings and customer-reported issues-and rapidly determine their relevance and ...
Senior Application Security Engineer II
$60.25 - $80.25/hr
Manage our bug bounty program including triage, assessing impact, risk scoring (CVSS), helping to locate the vulnerable code, providing mitigation guidance, performing thorough re-testing, and ...
Senior Application Security Engineer II
$60.25 - $80.25/hr
Manage our bug bounty program including triage, assessing impact, risk scoring (CVSS), helping to locate the vulnerable code, providing mitigation guidance, performing thorough re-testing, and ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $500K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $500K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Penetration Tester
San Francisco, CA · On-site
Experience in Red Teaming and bug bounty programs preferred Ideal Candidate: * 5-8 years of security testing experience * Proven ability to mentor teams and implement enterprise security solutions
Quick apply
Penetration Tester
San Francisco, CA · On-site
Experience in Red Teaming and bug bounty programs preferred Ideal Candidate: * 5-8 years of security testing experience * Proven ability to mentor teams and implement enterprise security solutions
General Application
San Francisco, CA · On-site
Collectively, we've led security at some of the world's largest companies and published AI research at Stanford. * CEO Jack Cable is a top-ranked bug bounty hunter who previously led Secure by Design ...
General Application
San Francisco, CA · On-site
Collectively, we've led security at some of the world's largest companies and published AI research at Stanford. * CEO Jack Cable is a top-ranked bug bounty hunter who previously led Secure by Design ...
AppSec SME
$60.25 - $80.25/hr
Monitor and track the Bug bounty vulnerabilities and remediation closure * Track the coverage of the network and application penetration testing * Validation of Vulnerabilities for false positive ...
AppSec SME
$60.25 - $80.25/hr
Monitor and track the Bug bounty vulnerabilities and remediation closure * Track the coverage of the network and application penetration testing * Validation of Vulnerabilities for false positive ...
Security Engineer
New York, NY · On-site
About the Role: We're looking for a Security Engineer who is equally at home hardening a CI/CD pipeline, reviewing a change to the authentication system on the backend, and triaging a bug bounty ...
Security Engineer
New York, NY · On-site
About the Role: We're looking for a Security Engineer who is equally at home hardening a CI/CD pipeline, reviewing a change to the authentication system on the backend, and triaging a bug bounty ...
Senior Security Engineer II, Application Security (Remote Eligible)
$117.20K - $160.70K/yr
Run Bug Bounty Operations: Serve as the expert validation layer for Smartsheet's bug bounty program, reproducing and assessing complex, multi-step researcher submissions requiring authenticated ...
Senior Security Engineer II, Application Security (Remote Eligible)
$117.20K - $160.70K/yr
Run Bug Bounty Operations: Serve as the expert validation layer for Smartsheet's bug bounty program, reproducing and assessing complex, multi-step researcher submissions requiring authenticated ...
Bug Bounty information
See salary details
$12.98 - $14.16
2% of jobs
$14.16 - $15.34
4% of jobs
$15.34 - $16.52
7% of jobs
$17.55 is the 25th percentile. Wages below this are outliers.
$16.52 - $17.70
13% of jobs
$17.70 - $18.88
19% of jobs
The median wage is $19.22 / hr.
$18.88 - $20.06
15% of jobs
$20.06 - $21.24
12% of jobs
$21.54 is the 75th percentile. Wages above this are outliers.
$21.24 - $22.42
11% of jobs
$22.42 - $23.60
9% of jobs
$23.60 - $24.78
7% of jobs
$24.78 - $25.96
1% of jobs
$12
$20
$25
How much do bug bounty jobs pay per hour?
As of May 31, 2026, the average hourly pay for bug bounty in the United States is $20.98, according to ZipRecruiter salary data. Most workers in this role earn between $17.31 and $22.12 per hour, depending on experience, location, and employer.
What is a Bug Bounty job?
A Bug Bounty job involves finding and reporting security vulnerabilities in software, websites, or systems in exchange for monetary rewards. Companies run bug bounty programs to leverage ethical hackers' skills in identifying potential threats before malicious hackers can exploit them. Bug bounty hunters typically work as independent security researchers and submit vulnerability reports to organizations through platforms like HackerOne, Bugcrowd, or Synack. Payments vary based on the severity of the discovered flaw, with critical vulnerabilities earning the highest rewards.
What are the key skills and qualifications needed to thrive in the Bug Bounty position, and why are they important?
To thrive as a Bug Bounty professional, you need a strong understanding of web application security, programming languages, and vulnerability assessment methodologies. Familiarity with tools such as Burp Suite, OWASP ZAP, and various penetration testing frameworks, as well as certifications like OSCP or CEH, is highly valued. Persistence, attention to detail, and effective written communication are essential soft skills in this role. These competencies enable professionals to discover, document, and report security flaws accurately, helping organizations improve their cyber defenses.
What are the typical daily responsibilities of someone participating in bug bounty programs?
As a bug bounty professional, your daily activities often involve researching target applications, actively probing for vulnerabilities using automated tools and manual techniques, and documenting your findings in detailed reports. You may spend significant time reproducing and validating security issues before responsibly disclosing them to the organization via official bug bounty platforms. Collaboration is usually asynchronous, with occasional interactions with in-house security teams for clarification or follow-up on reported issues. Managing your workflow and keeping up with evolving security trends are also essential parts of the job, ensuring your findings remain thorough and relevant.
More about Bug Bounty jobs
What cities are hiring for Bug Bounty jobs? Cities with the most Bug Bounty job openings:
What are the most commonly searched types of Bug Bounty jobs? The most popular types of Bug Bounty jobs are:
What states have the most Bug Bounty jobs? States with the most job openings for Bug Bounty jobs include:
What job categories do people searching Bug Bounty jobs look for? The top searched job categories for Bug Bounty jobs are:
Job description
Job Summary:
Adobe is seeking a dynamic Product Security Engineer to join their expanding team. In this role, you will manage product security testing, handle bug bounty reports, and collaborate with various teams to enhance Adobe's security initiatives.
Responsibilities:
• Support the security testing program’s initiatives to ensure comprehensive testing coverage for all products and collaborate closely with engineering and product teams to define scope, schedule, and successfully complete outsourced penetration tests.
• Review, verify, and reproduce AI-related penetration testing and bug bounty submissions, including distinguishing genuine AI risks from false positives.
• Define AI testing scope for penetration testing and bug bounty programs.
• Drive resolution of security issues through ongoing engagement with engineering teams.
• Capture all relevant data and results from testing to analyze metrics and enhance the effectiveness of security assessments.
• Build Security Testing reports for products to provide transparency into all security testing coverage and results.
• Validate, reproduce, and assess the severity of bug bounty reports, and provide support to product teams on existing issues.
• Communicate directly with external researchers regarding bug bounty reports on reported vulnerabilities.
• Lead initiatives, campaigns, and analytics on vulnerability data and propose initiatives for improvement.
• Triage, validate, and retest security vulnerabilities, and offer mentorship for product teams regarding remediation efforts.
• Develop dashboards in PowerBI to support data-driven analysis and remediation efforts.
Qualifications:
Required:
• Bachelor’s degree or equivalent experience in Computer Science, Engineering, or a related field, with at least 3-5 years of practical experience.
• In-depth knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.
• Strong understanding of common security concepts to support root-cause analysis and enable data-driven decisions on vulnerability patterns and trends.
• Proficiency with JIRA and PowerBI.
• Strong knowledge of LLM (Large Language Model) testing methodologies.
• Hands-on experience in penetration testing of AI/ML and LLM-powered products, including chat interfaces, agentic workflows, and inference APIs.
• Ability to develop and complete AI-specific test cases.
• Familiarity with attacker techniques used by external researchers against LLM systems and generative AI products.
• Experience conducting vulnerability assessments and using Burp Suite.
• Dependability: Shows dedication, works independently, accepts accountability, adapts to change, sets personal standards, and remains focused under pressure.
• Ability to communicate professionally and effectively.
Preferred:
• Experience with automation and scripting is highly desirable.
Company:
Adobe is a software company that provides its users with digital marketing and media solutions. Founded in 1982, the company is headquartered in San Jose, USA, with a team of 10001+ employees. The company is currently Late Stage.
Adobe is seeking a dynamic Product Security Engineer to join their expanding team. In this role, you will manage product security testing, handle bug bounty reports, and collaborate with various teams to enhance Adobe's security initiatives.
Responsibilities:
• Support the security testing program’s initiatives to ensure comprehensive testing coverage for all products and collaborate closely with engineering and product teams to define scope, schedule, and successfully complete outsourced penetration tests.
• Review, verify, and reproduce AI-related penetration testing and bug bounty submissions, including distinguishing genuine AI risks from false positives.
• Define AI testing scope for penetration testing and bug bounty programs.
• Drive resolution of security issues through ongoing engagement with engineering teams.
• Capture all relevant data and results from testing to analyze metrics and enhance the effectiveness of security assessments.
• Build Security Testing reports for products to provide transparency into all security testing coverage and results.
• Validate, reproduce, and assess the severity of bug bounty reports, and provide support to product teams on existing issues.
• Communicate directly with external researchers regarding bug bounty reports on reported vulnerabilities.
• Lead initiatives, campaigns, and analytics on vulnerability data and propose initiatives for improvement.
• Triage, validate, and retest security vulnerabilities, and offer mentorship for product teams regarding remediation efforts.
• Develop dashboards in PowerBI to support data-driven analysis and remediation efforts.
Qualifications:
Required:
• Bachelor’s degree or equivalent experience in Computer Science, Engineering, or a related field, with at least 3-5 years of practical experience.
• In-depth knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.
• Strong understanding of common security concepts to support root-cause analysis and enable data-driven decisions on vulnerability patterns and trends.
• Proficiency with JIRA and PowerBI.
• Strong knowledge of LLM (Large Language Model) testing methodologies.
• Hands-on experience in penetration testing of AI/ML and LLM-powered products, including chat interfaces, agentic workflows, and inference APIs.
• Ability to develop and complete AI-specific test cases.
• Familiarity with attacker techniques used by external researchers against LLM systems and generative AI products.
• Experience conducting vulnerability assessments and using Burp Suite.
• Dependability: Shows dedication, works independently, accepts accountability, adapts to change, sets personal standards, and remains focused under pressure.
• Ability to communicate professionally and effectively.
Preferred:
• Experience with automation and scripting is highly desirable.
Company:
Adobe is a software company that provides its users with digital marketing and media solutions. Founded in 1982, the company is headquartered in San Jose, USA, with a team of 10001+ employees. The company is currently Late Stage.
About Adobe
Sourced by ZipRecruiter
Adobe for All is our vision to advance diversity, equity, and inclusion (DEI) across our company and in our communities. We’re focused on creating a more diverse and inclusive workforce; unleashing the full potential of every employee; and driving meaningful impact for Adobe, our industry, and society at large. Creativity has the power to unite us and inspire us to change the world. Through a vision we call Creativity for All, we’re empowering millions of people of all ages and backgrounds to express themselves, reach their full potential, and share their diverse perspectives with the world. We’re committed to advancing the responsible use of technology and driving a positive environmental impact through sustainability and climate action. Our innovations are making a significant impact across AI ethics, security, privacy, trust and safety, accessibility, and sustainability.
Industry
Computer and computer peripheral equipment and software wholesalers
Company size
10,000+ Employees
Headquarters location
San Jose, CA, US
Year founded
1982