About the team In this role, you'll join Stripe's Vulnerability Management team, whose mission is ... The bug bounty program is an important pillar of this mission, acting as a critical line of defense ...
About the team In this role, you'll join Stripe's Vulnerability Management team, whose mission is ... The bug bounty program is an important pillar of this mission, acting as a critical line of defense ...
Evaluate SAST/DAST findings and manage issues in Jira. * Validate bug bounty vulnerabilities. * Translate business requirements into technical specifications. * Troubleshoot complex issues and ...
Evaluate SAST/DAST findings and manage issues in Jira. * Validate bug bounty vulnerabilities. * Translate business requirements into technical specifications. * Troubleshoot complex issues and ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels. * Independently validate, reproduce ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels. * Independently validate, reproduce ...
In this role, you will collaborate with Engineering, Product, and Security teams to coordinate and manage product security testing, handle bug bounty reports, and publish Security Testing Reports to ...
In this role, you will collaborate with Engineering, Product, and Security teams to coordinate and manage product security testing, handle bug bounty reports, and publish Security Testing Reports to ...
Product Security Engineer
San Jose, CA · On-site
In this role, you will collaborate with Engineering, Product, and Security teams to coordinate and manage product security testing, handle bug bounty reports, and publish Security Testing Reports to ...
Product Security Engineer
San Jose, CA · On-site
In this role, you will collaborate with Engineering, Product, and Security teams to coordinate and manage product security testing, handle bug bounty reports, and publish Security Testing Reports to ...
Senior Vulnerability Engineer
$117K - $160K/yr
Correlate red team, penetration testing, and bug bounty findings with vulnerability data to identify systemic weaknesses Requirements * 5-8+ years of experience in vulnerability management, security ...
Senior Vulnerability Engineer
$117K - $160K/yr
Correlate red team, penetration testing, and bug bounty findings with vulnerability data to identify systemic weaknesses Requirements * 5-8+ years of experience in vulnerability management, security ...
Lead the overall Security Product Engineering, Bug Bounty and Mythos era Vulnerability Management direction and roadmap execution. * Coach and mentor highly skilled engineers as a "player-coach ...
Lead the overall Security Product Engineering, Bug Bounty and Mythos era Vulnerability Management direction and roadmap execution. * Coach and mentor highly skilled engineers as a "player-coach ...
Triage and manage the bug bounty program: read incoming submissions daily, reproduce valid findings, separate signal from noise, assign severity, and route confirmed issues to engineering with enough ...
New
Triage and manage the bug bounty program: read incoming submissions daily, reproduce valid findings, separate signal from noise, assign severity, and route confirmed issues to engineering with enough ...
New
Senior Product Security Engineer
OR · On-site +1
Vulnerability Management : Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security ...
Senior Product Security Engineer
OR · On-site +1
Vulnerability Management : Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security ...
Member of Technical Staff (Software Engineer, Security)
New York, NY · On-site +1
$220K - $405K/yr
Experience operating or contributing to bug bounty or vulnerability management programs is a plus. * Familiarity with cloud infrastructure (AWS preferred) and modern SaaS environments. * Ability to ...
Member of Technical Staff (Software Engineer, Security)
New York, NY · On-site +1
$220K - $405K/yr
Experience operating or contributing to bug bounty or vulnerability management programs is a plus. * Familiarity with cloud infrastructure (AWS preferred) and modern SaaS environments. * Ability to ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $500K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes ... Experience managing a vulnerability pipeline - from discovery through prioritization to verified ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $500K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes ... Experience managing a vulnerability pipeline - from discovery through prioritization to verified ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes ... Experience managing a vulnerability pipeline - from discovery through prioritization to verified ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes ... Experience managing a vulnerability pipeline - from discovery through prioritization to verified ...
Senior Product Security Engineer
$117K - $160K/yr
Vulnerability Management : Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security ...
Senior Product Security Engineer
$117K - $160K/yr
Vulnerability Management : Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security ...
Security Engineer
New York, NY · On-site
... Bug Bounty & Vulnerability Management Be the primary owner of our ImmuneFi program - triaging, reproducing, and responding to incoming submissions daily Prioritize and track vulnerabilities through ...
Security Engineer
New York, NY · On-site
... Bug Bounty & Vulnerability Management Be the primary owner of our ImmuneFi program - triaging, reproducing, and responding to incoming submissions daily Prioritize and track vulnerabilities through ...
AppSec SME
$60.25 - $80.25/hr
AppSec SME Job Details: * "Create project plan along with communication and risk management plan * Monitor and track the Bug bounty vulnerabilities and remediation closure * Track the coverage of the ...
AppSec SME
$60.25 - $80.25/hr
AppSec SME Job Details: * "Create project plan along with communication and risk management plan * Monitor and track the Bug bounty vulnerabilities and remediation closure * Track the coverage of the ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
... management) DUTIES: Develop, configure, and maintain automated applications and infrastructure ... Lead and administer the HackerOne bug bounty and vulnerability disclosure program and collaborate ...
... management) DUTIES: Develop, configure, and maintain automated applications and infrastructure ... Lead and administer the HackerOne bug bounty and vulnerability disclosure program and collaborate ...
Bug Bounty Manager information
What does a typical week look like for a Bug Bounty Manager in terms of responsibilities and collaboration?
A Bug Bounty Manager typically spends the week overseeing vulnerability reports, coordinating with security researchers, and prioritizing remediation efforts with engineering teams. They review incoming submissions, validate findings, and communicate with both internal stakeholders and external participants to ensure clear understanding and timely resolution of issues. Collaboration is key in this role, as managers often work closely with developers, legal, and compliance teams to align on security priorities and program updates. Additionally, they may analyze program metrics and provide feedback to improve the bounty process.
What are the key skills and qualifications needed to thrive as a Bug Bounty Manager, and why are they important?
To thrive as a Bug Bounty Manager, you need expertise in cybersecurity, vulnerability management, and a solid understanding of software development, typically supported by a degree in computer science or related field. Familiarity with bug bounty platforms (such as HackerOne or Bugcrowd), vulnerability tracking tools, and relevant certifications like CISSP or CEH is important. Strong communication, analytical thinking, and stakeholder management skills help you coordinate between security researchers and internal teams. These skills ensure effective vulnerability reporting, timely remediation, and the overall security posture of the organization.
What are Bug Bounty Managers?
Bug Bounty Managers are professionals responsible for overseeing bug bounty programs, which incentivize security researchers to find and report vulnerabilities in a company's software or systems. They coordinate the design, implementation, and management of these programs, ensuring that reported issues are validated, prioritized, and addressed efficiently. Bug Bounty Managers also communicate with security researchers, internal security teams, and stakeholders to improve the organization's security posture. Their role is crucial in fostering a collaborative relationship between the organization and the security community.
What is the difference between Bug Bounty Manager vs Security Analyst?
| Aspect | Bug Bounty Manager | Security Analyst |
|---|---|---|
| Required Credentials | Certifications like OSCP, CEH, or CISSP; experience in bug bounty programs | Certifications such as CISSP, GIAC, or CEH; strong knowledge of security protocols |
| Work Environment | Focus on managing bug bounty programs, coordinating with researchers, and analyzing reports | Monitoring security systems, conducting vulnerability assessments, and incident response |
| Employer & Industry Usage | Tech companies, cybersecurity firms, organizations running bug bounty programs | Corporate security teams, government agencies, consulting firms |
The Bug Bounty Manager primarily oversees bug bounty initiatives, managing researcher collaborations and triaging reports. In contrast, a Security Analyst focuses on analyzing security threats, conducting assessments, and maintaining overall security posture. Both roles require security certifications and a strong understanding of vulnerabilities, but their daily tasks and focus areas differ significantly.
More about Bug Bounty Manager jobs
What cities are hiring for Bug Bounty Manager jobs? Cities with the most Bug Bounty Manager job openings:
What are the most commonly searched types of Bug Bounty jobs? The most popular types of Bug Bounty jobs are:
What states have the most Bug Bounty Manager jobs? States with the most job openings for Bug Bounty Manager jobs include:
What job categories do people searching Bug Bounty Manager jobs look for? The top searched job categories for Bug Bounty Manager jobs are:
Job description
Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
- Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program
- Communicate clearly and effectively with security researchers to follow up on unclear reports, drive report clarity, and increase engagement with top hackers
- Understand the root cause of security vulnerabilities to help product and engineering teams fix them, and advise on the right mitigation strategies
- Drive the lifecycle of submissions through to resolution, coordinating with product and engineering stakeholders
- Act as the security bridge between external researchers and internal teams to facilitate rapid and effective remediation
- Conduct in-depth data analysis on bug reports and vulnerability patterns to identify systemic risks and inform new security initiatives
- Provide tactical support for vulnerability management triage processes to augment the team as needed
- Prepare and implement improvements to the overall bug bounty program
- Provide feedback and requirements for tool development to enhance triage and security workflows, leveraging opportunities for automation
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- Proven ability to follow bug reports and accurately triage security vulnerabilities
- Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs)
- Competent in offensive security tools (e.g., Burp Suite, custom scripting)
- Ability to think like an attacker to understand the impact of vulnerabilities
- Proficient in clear communication, conveying technical concepts to various stakeholders
- Experience in one of the following areas
- Bug bounty program or triaging security vulnerability reports
- Knowledge of Stripe products and general security expertise
- Experience in technical support, operations, or similar roles with technical systems exposure
- Prior participation in or experience with bug bounty programs
- Experience analyzing source code for security vulnerabilities
- Proficiency in scripting languages (e.g., Python, Ruby) for automation
- Familiarity with cloud-based services (e.g., AWS, GCP)
- Certifications such as OSWA or BSCP
About Stripe
Sourced by ZipRecruiter
Industry
Software development
Company size
1,001 - 5,000 Employees
Headquarters location
San Francisco, CA, US
Year founded
2010