They are seeking a Product Security Engineer to support their Bug Bounty program on a 6-month ... manage expectations. • Coordinate with product engineering teams to route confirmed ...
They are seeking a Product Security Engineer to support their Bug Bounty program on a 6-month ... manage expectations. • Coordinate with product engineering teams to route confirmed ...
Technical Program Manager, Bug Bounty
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Technical Program Manager, Bug Bounty
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Technical Program Manager, Bug Bounty
Seattle, WA · On-site
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Technical Program Manager, Bug Bounty
Seattle, WA · On-site
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Technical Program Manager, Bug Bounty
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Technical Program Manager, Bug Bounty
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Key job responsibilities - Researching, reproducing, and responding to security issues reported through the bug bounty program - Technical Escalation - Managing relationships with external security ...
Key job responsibilities - Researching, reproducing, and responding to security issues reported through the bug bounty program - Technical Escalation - Managing relationships with external security ...
Key job responsibilities - Researching, reproducing, and responding to security issues reported through the bug bounty program - Technical Escalation - Managing relationships with external security ...
Key job responsibilities - Researching, reproducing, and responding to security issues reported through the bug bounty program - Technical Escalation - Managing relationships with external security ...
Product Security Engineer, Bug Bounty: 26-01903
Lehi, UT · On-site
$75 - $80/hr
Proven experience in bug bounty or vulnerability disclosure. * Strong command of CVSS scoring and ... Experience in software security and vulnerability management is preferred for this position. ABOUT ...
Product Security Engineer, Bug Bounty: 26-01903
Lehi, UT · On-site
$75 - $80/hr
Proven experience in bug bounty or vulnerability disclosure. * Strong command of CVSS scoring and ... Experience in software security and vulnerability management is preferred for this position. ABOUT ...
Product Security Engineer
Lehi, UT · On-site
$67.61 - $84.51/hr
Triage incoming vulnerability reports from the bug bounty platform, assess validity, impact, and ... Communicate with external researchers to request clarifications, provide status updates, and manage ...
Quick apply
Product Security Engineer
Lehi, UT · On-site
$67.61 - $84.51/hr
Triage incoming vulnerability reports from the bug bounty platform, assess validity, impact, and ... Communicate with external researchers to request clarifications, provide status updates, and manage ...
Product Security Engineer
Lehi, UT · On-site
We are seeking a Product Security Engineer to support our Bug Bounty program on a 6-month contract ... and manage expectations. * Coordinate with product engineering teams to route confirmed ...
Product Security Engineer
Lehi, UT · On-site
We are seeking a Product Security Engineer to support our Bug Bounty program on a 6-month contract ... and manage expectations. * Coordinate with product engineering teams to route confirmed ...
Technical Program Manager, Security Vulnerability Management
Seattle, WA · On-site +1
$146K - $178K/yr
Manage the Bug Bounty Program from intake through remediation and disclosure. Manage the bug bounty tool and vendor relationship. * Measure and improve upon the Bug Bounty Program effectiveness ...
Technical Program Manager, Security Vulnerability Management
Seattle, WA · On-site +1
$146K - $178K/yr
Manage the Bug Bounty Program from intake through remediation and disclosure. Manage the bug bounty tool and vendor relationship. * Measure and improve upon the Bug Bounty Program effectiveness ...
Strategic Bug Bounty Management: Oversee the organization's bug bounty program, identifying trends in submissions to suggest broad architectural security changes. Qualifications Twilio values diverse ...
Strategic Bug Bounty Management: Oversee the organization's bug bounty program, identifying trends in submissions to suggest broad architectural security changes. Qualifications Twilio values diverse ...
Technical Program Manager, Security Vulnerability Management
Seattle, WA · Remote
$146K - $178K/yr
Manage the Bug Bounty Program from intake through remediation and disclosure. Manage the bug bounty tool and vendor relationship. * Measure and improve upon the Bug Bounty Program effectiveness ...
Technical Program Manager, Security Vulnerability Management
Seattle, WA · Remote
$146K - $178K/yr
Manage the Bug Bounty Program from intake through remediation and disclosure. Manage the bug bounty tool and vendor relationship. * Measure and improve upon the Bug Bounty Program effectiveness ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels. * Independently validate, reproduce ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels. * Independently validate, reproduce ...
Lead the end to end technical onboarding and configuration of Bug Bounty, Vulnerability Disclosure ... Collaborate closely with the Customer Relationship Managers and sales teams to align technical ...
Lead the end to end technical onboarding and configuration of Bug Bounty, Vulnerability Disclosure ... Collaborate closely with the Customer Relationship Managers and sales teams to align technical ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Vulnerability Engineer
$117K - $160K/yr
Correlate red team, penetration testing, and bug bounty findings with vulnerability data to identify systemic weaknesses Requirements * 5-8+ years of experience in vulnerability management, security ...
Senior Vulnerability Engineer
$117K - $160K/yr
Correlate red team, penetration testing, and bug bounty findings with vulnerability data to identify systemic weaknesses Requirements * 5-8+ years of experience in vulnerability management, security ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Quick apply
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Staff+ Application Security Engineer
San Francisco, CA · On-site +1
$320K - $485K/yr
Prior ownership of a bug bounty program, vulnerability disclosure program, or vulnerability-management infrastructure at scale * Background building security automation or developer-facing security ...
Staff+ Application Security Engineer
San Francisco, CA · On-site +1
$320K - $485K/yr
Prior ownership of a bug bounty program, vulnerability disclosure program, or vulnerability-management infrastructure at scale * Background building security automation or developer-facing security ...
Senior Product Security Engineer
OR · On-site +1
Vulnerability Management : Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security ...
Senior Product Security Engineer
OR · On-site +1
Vulnerability Management : Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security ...
Bug Bounty Manager information
What does a typical week look like for a Bug Bounty Manager in terms of responsibilities and collaboration?
What are the key skills and qualifications needed to thrive as a Bug Bounty Manager, and why are they important?
What are Bug Bounty Managers?
What is the difference between Bug Bounty Manager vs Security Analyst?
| Aspect | Bug Bounty Manager | Security Analyst |
|---|---|---|
| Required Credentials | Certifications like OSCP, CEH, or CISSP; experience in bug bounty programs | Certifications such as CISSP, GIAC, or CEH; strong knowledge of security protocols |
| Work Environment | Focus on managing bug bounty programs, coordinating with researchers, and analyzing reports | Monitoring security systems, conducting vulnerability assessments, and incident response |
| Employer & Industry Usage | Tech companies, cybersecurity firms, organizations running bug bounty programs | Corporate security teams, government agencies, consulting firms |
The Bug Bounty Manager primarily oversees bug bounty initiatives, managing researcher collaborations and triaging reports. In contrast, a Security Analyst focuses on analyzing security threats, conducting assessments, and maintaining overall security posture. Both roles require security certifications and a strong understanding of vulnerabilities, but their daily tasks and focus areas differ significantly.

Job description
Ursus, Inc. is a staffing agency representing a global leader in creative software, offering innovative tools for digital media creation, design, and marketing. They are seeking a Product Security Engineer to support their Bug Bounty program on a 6-month contract engagement, where the engineer will be responsible for triaging vulnerability reports and coordinating with internal teams for remediation.
Responsibilities:
• Triage incoming vulnerability reports submitted via the bug bounty platform, assessing validity, impact, and scope.
• Assign CVSS scores and severity ratings accurately, following internal severity guidelines and industry standards.
• Reproduce proof-of-concept (PoC) exploits to validate reported vulnerabilities across web, API, and mobile surfaces.
• Communicate clearly and professionally with external researchers: request clarifications, provide status updates, and manage expectations.
• Coordinate with product engineering teams to route confirmed vulnerabilities for remediation.
• Identify duplicate, out-of-scope, or informational reports and close them with clear, respectful explanations.
• Contribute to internal documentation, triage runbooks, and severity calibration guidelines.
• Flag systemic or critical findings to Bug Bounty team for escalation as needed.
Qualifications:
Required:
• 3+ years of experience in application security, penetration testing, or a bug bounty/vulnerability disclosure role.
• Strong understanding of CVSS v3.1 scoring and hands-on experience applying it to real-world vulnerabilities.
• Proficiency in common web vulnerability classes: XSS, SQL injection, SSRF, IDOR, authentication flaws, and business logic issues.
• Ability to reproduce and validate PoC exploits using tools such as Burp Suite, browser DevTools, curl, and custom scripts.
• Familiarity with bug bounty platforms (e.g., HackerOne, Bugcrowd) and responsible disclosure processes.
• Solid written communication skills — able to write clear, constructive responses to researchers of all skill levels.
• Familiarity with attacker techniques used by external researchers against LLM systems and generative AI products.
• Knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.
Preferred:
• Experience with cloud environments (AWS, Azure, GCP) and API security testing.
• Hands-on experience in penetration testing of AI/ML and LLM-powered products, including chat interfaces, agentic workflows, and inference APIs.
• Prior participation in bug bounty programs as a researcher.
• Familiarity with OWASP Top 10, CWE taxonomy, and CVE assignment processes.
• Background working within a large enterprise or SaaS security organization.
Company:
Ursus, Inc., has been recognized by Staffing Industry Analysts (SIA) for four consecutive years as the fastest-growing technical and creative staffing firm in the United States. Founded in 2015, the company is headquartered in San Francisco, USA, with a team of 201-500 employees. The company is currently Growth Stage.
About Ursus
Sourced by ZipRecruiter
Ursus is a recognized leader in providing technical and creative staffing solutions. Hyper - focused on you - ( the candidate, the client, the partner, the employee ) and how to make your engagement with us the best possible experience it can be while delivering results. Whether you are looking for your next career move, scaling a growing team, adding a trusted partner to your staffing program or completing a project, we’re here for U!
Industry
Recruiting and staffing services
Company size
11 - 50 Employees
Headquarters location
Morgan Hill, CA, US
Year founded
2015