1

Bug Bounty Manager Jobs (NOW HIRING)

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...

Technical Program Manager, Bug Bounty

Seattle, WA · On-site

$146K - $190K/yr

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...

Key job responsibilities - Researching, reproducing, and responding to security issues reported through the bug bounty program - Technical Escalation - Managing relationships with external security ...

Key job responsibilities - Researching, reproducing, and responding to security issues reported through the bug bounty program - Technical Escalation - Managing relationships with external security ...

Product Security Engineer

Lehi, UT · On-site

$67.61 - $84.51/hr

Triage incoming vulnerability reports from the bug bounty platform, assess validity, impact, and ... Communicate with external researchers to request clarifications, provide status updates, and manage ...

Strategic Bug Bounty Management: Oversee the organization's bug bounty program, identifying trends in submissions to suggest broad architectural security changes. Qualifications Twilio values diverse ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Senior Vulnerability Engineer

$117K - $160K/yr

Correlate red team, penetration testing, and bug bounty findings with vulnerability data to identify systemic weaknesses Requirements * 5-8+ years of experience in vulnerability management, security ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Vulnerability Management : Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security ...

next page

Showing results 1-20

Bug Bounty Manager information

What does a typical week look like for a Bug Bounty Manager in terms of responsibilities and collaboration?

A Bug Bounty Manager typically spends the week overseeing vulnerability reports, coordinating with security researchers, and prioritizing remediation efforts with engineering teams. They review incoming submissions, validate findings, and communicate with both internal stakeholders and external participants to ensure clear understanding and timely resolution of issues. Collaboration is key in this role, as managers often work closely with developers, legal, and compliance teams to align on security priorities and program updates. Additionally, they may analyze program metrics and provide feedback to improve the bounty process.

What are the key skills and qualifications needed to thrive as a Bug Bounty Manager, and why are they important?

To thrive as a Bug Bounty Manager, you need expertise in cybersecurity, vulnerability management, and a solid understanding of software development, typically supported by a degree in computer science or related field. Familiarity with bug bounty platforms (such as HackerOne or Bugcrowd), vulnerability tracking tools, and relevant certifications like CISSP or CEH is important. Strong communication, analytical thinking, and stakeholder management skills help you coordinate between security researchers and internal teams. These skills ensure effective vulnerability reporting, timely remediation, and the overall security posture of the organization.

What are Bug Bounty Managers?

Bug Bounty Managers are professionals responsible for overseeing bug bounty programs, which incentivize security researchers to find and report vulnerabilities in a company's software or systems. They coordinate the design, implementation, and management of these programs, ensuring that reported issues are validated, prioritized, and addressed efficiently. Bug Bounty Managers also communicate with security researchers, internal security teams, and stakeholders to improve the organization's security posture. Their role is crucial in fostering a collaborative relationship between the organization and the security community.

What is the difference between Bug Bounty Manager vs Security Analyst?

AspectBug Bounty ManagerSecurity Analyst
Required CredentialsCertifications like OSCP, CEH, or CISSP; experience in bug bounty programsCertifications such as CISSP, GIAC, or CEH; strong knowledge of security protocols
Work EnvironmentFocus on managing bug bounty programs, coordinating with researchers, and analyzing reportsMonitoring security systems, conducting vulnerability assessments, and incident response
Employer & Industry UsageTech companies, cybersecurity firms, organizations running bug bounty programsCorporate security teams, government agencies, consulting firms

The Bug Bounty Manager primarily oversees bug bounty initiatives, managing researcher collaborations and triaging reports. In contrast, a Security Analyst focuses on analyzing security threats, conducting assessments, and maintaining overall security posture. Both roles require security certifications and a strong understanding of vulnerabilities, but their daily tasks and focus areas differ significantly.

More about Bug Bounty Manager jobs
What cities are hiring for Bug Bounty Manager jobs? Cities with the most Bug Bounty Manager job openings:
What are the most commonly searched types of Bug Bounty jobs? The most popular types of Bug Bounty jobs are:
What states have the most Bug Bounty Manager jobs? States with the most job openings for Bug Bounty Manager jobs include:
What job categories do people searching Bug Bounty Manager jobs look for? The top searched job categories for Bug Bounty Manager jobs are:
Infographic showing various Bug Bounty Manager job openings in the United States as of July 2026, with employment types broken down into 7% Locum Tenens, 1% Internship, 66% Full Time, 6% Part Time, 1% Nights, and 19% Summer. Highlights an 87% Physical, 1% Hybrid, and 12% Remote job distribution.
Product Security Engineer - Bug Bounty

Product Security Engineer - Bug Bounty

Ursus, Inc.

Lehi, UT • On-site

Full-time

Posted 5 days ago


Job description

Job Summary:
Ursus, Inc. is a staffing agency representing a global leader in creative software, offering innovative tools for digital media creation, design, and marketing. They are seeking a Product Security Engineer to support their Bug Bounty program on a 6-month contract engagement, where the engineer will be responsible for triaging vulnerability reports and coordinating with internal teams for remediation.
Responsibilities:
• Triage incoming vulnerability reports submitted via the bug bounty platform, assessing validity, impact, and scope.
• Assign CVSS scores and severity ratings accurately, following internal severity guidelines and industry standards.
• Reproduce proof-of-concept (PoC) exploits to validate reported vulnerabilities across web, API, and mobile surfaces.
• Communicate clearly and professionally with external researchers: request clarifications, provide status updates, and manage expectations.
• Coordinate with product engineering teams to route confirmed vulnerabilities for remediation.
• Identify duplicate, out-of-scope, or informational reports and close them with clear, respectful explanations.
• Contribute to internal documentation, triage runbooks, and severity calibration guidelines.
• Flag systemic or critical findings to Bug Bounty team for escalation as needed.
Qualifications:
Required:
• 3+ years of experience in application security, penetration testing, or a bug bounty/vulnerability disclosure role.
• Strong understanding of CVSS v3.1 scoring and hands-on experience applying it to real-world vulnerabilities.
• Proficiency in common web vulnerability classes: XSS, SQL injection, SSRF, IDOR, authentication flaws, and business logic issues.
• Ability to reproduce and validate PoC exploits using tools such as Burp Suite, browser DevTools, curl, and custom scripts.
• Familiarity with bug bounty platforms (e.g., HackerOne, Bugcrowd) and responsible disclosure processes.
• Solid written communication skills — able to write clear, constructive responses to researchers of all skill levels.
• Familiarity with attacker techniques used by external researchers against LLM systems and generative AI products.
• Knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.
Preferred:
• Experience with cloud environments (AWS, Azure, GCP) and API security testing.
• Hands-on experience in penetration testing of AI/ML and LLM-powered products, including chat interfaces, agentic workflows, and inference APIs.
• Prior participation in bug bounty programs as a researcher.
• Familiarity with OWASP Top 10, CWE taxonomy, and CVE assignment processes.
• Background working within a large enterprise or SaaS security organization.
Company:
Ursus, Inc., has been recognized by Staffing Industry Analysts (SIA) for four consecutive years as the fastest-growing technical and creative staffing firm in the United States. Founded in 2015, the company is headquartered in San Francisco, USA, with a team of 201-500 employees. The company is currently Growth Stage.

Ursus logo

About Ursus

Sourced by ZipRecruiter

Ursus is a recognized leader in providing technical and creative staffing solutions. Hyper - focused on you - ( the candidate, the client, the partner, the employee ) and how to make your engagement with us the best possible experience it can be while delivering results. Whether you are looking for your next career move, scaling a growing team, adding a trusted partner to your staffing program or completing a project, we’re here for U!

Industry

Recruiting and staffing services

Company size

11 - 50 Employees

Headquarters location

Morgan Hill, CA, US

Year founded

2015