Lead the overall Security Product Engineering, Bug Bounty and Mythos era Vulnerability Management direction and roadmap execution. * Coach and mentor highly skilled engineers as a "player-coach ...
Lead the overall Security Product Engineering, Bug Bounty and Mythos era Vulnerability Management direction and roadmap execution. * Coach and mentor highly skilled engineers as a "player-coach ...
Bug Bounty Program Management: Own and expand Vercel's bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues ...
Bug Bounty Program Management: Own and expand Vercel's bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues ...
Engineer, Production Engineering
San Francisco, CA · On-site
$140K - $320K/yr
Penetration Testing & Bug Bounty: Manage our HackerOne engagement - coordinating pentests, triaging incoming bug bounty reports, and driving remediation. * Product Security: Audit application code ...
Engineer, Production Engineering
San Francisco, CA · On-site
$140K - $320K/yr
Penetration Testing & Bug Bounty: Manage our HackerOne engagement - coordinating pentests, triaging incoming bug bounty reports, and driving remediation. * Product Security: Audit application code ...
Member of Technical Staff (Software Engineer, Security)
New York, NY · On-site +1
$220K - $405K/yr
Experience operating or contributing to bug bounty or vulnerability management programs is a plus. * Familiarity with cloud infrastructure (AWS preferred) and modern SaaS environments. * Ability to ...
Member of Technical Staff (Software Engineer, Security)
New York, NY · On-site +1
$220K - $405K/yr
Experience operating or contributing to bug bounty or vulnerability management programs is a plus. * Familiarity with cloud infrastructure (AWS preferred) and modern SaaS environments. * Ability to ...
Senior Security Engineer
$117K - $160K/yr
... management program across our compute fleet (EC2, containers, and Kubernetes nodes) so ... from bug bounty, third-party pentests, and cloud security posture scans. • Mentor security ...
Senior Security Engineer
$117K - $160K/yr
... management program across our compute fleet (EC2, containers, and Kubernetes nodes) so ... from bug bounty, third-party pentests, and cloud security posture scans. • Mentor security ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
Security Engineer
New York, NY · On-site
... Bug Bounty & Vulnerability Management Be the primary owner of our ImmuneFi program - triaging, reproducing, and responding to incoming submissions daily Prioritize and track vulnerabilities through ...
Security Engineer
New York, NY · On-site
... Bug Bounty & Vulnerability Management Be the primary owner of our ImmuneFi program - triaging, reproducing, and responding to incoming submissions daily Prioritize and track vulnerabilities through ...
AppSec SME
$60.25 - $80.25/hr
AppSec SME Job Details: * "Create project plan along with communication and risk management plan * Monitor and track the Bug bounty vulnerabilities and remediation closure * Track the coverage of the ...
AppSec SME
$60.25 - $80.25/hr
AppSec SME Job Details: * "Create project plan along with communication and risk management plan * Monitor and track the Bug bounty vulnerabilities and remediation closure * Track the coverage of the ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes ... Experience managing a vulnerability pipeline - from discovery through prioritization to verified ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes ... Experience managing a vulnerability pipeline - from discovery through prioritization to verified ...
Senior Product Security Engineer
$117K - $160K/yr
Vulnerability Management : Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security ...
Senior Product Security Engineer
$117K - $160K/yr
Vulnerability Management : Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security ...
Active bug bounty researcher with published findings, CVE credits, or hall of fame recognition. * Penetration testing program management experience: scope definition, vendor coordination, and finding ...
Active bug bounty researcher with published findings, CVE credits, or hall of fame recognition. * Penetration testing program management experience: scope definition, vendor coordination, and finding ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
... Security Manager (ISSM), Risk Management Framework (RMF), and cybersecurity risk management ... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH ...
Quick apply
... Security Manager (ISSM), Risk Management Framework (RMF), and cybersecurity risk management ... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH ...
... Security Manager (ISSM), Risk Management Framework (RMF), and cybersecurity risk management ... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH ...
Quick apply
... Security Manager (ISSM), Risk Management Framework (RMF), and cybersecurity risk management ... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH ...
Red Team Engineer/ Offensive Security Lead
$104K - $138K/yr
Experience with infrastructure-as-code or configuration management security (Chef/InSpec a plus) * Bug bounty program operations experience (HackerOne, Bugcrowd, or similar platforms) Salary: $150 ...
New
Red Team Engineer/ Offensive Security Lead
$104K - $138K/yr
Experience with infrastructure-as-code or configuration management security (Chef/InSpec a plus) * Bug bounty program operations experience (HackerOne, Bugcrowd, or similar platforms) Salary: $150 ...
New
CNO Developer
Chantilly, VA · On-site
$129K - $177K/yr
Building, configuring, managing virtualized systems * Comfortable and willing to operate/maintain ... Desire to contribute to CTF events, bug bounty programs, and speaking at the security conferences
CNO Developer
Chantilly, VA · On-site
$129K - $177K/yr
Building, configuring, managing virtualized systems * Comfortable and willing to operate/maintain ... Desire to contribute to CTF events, bug bounty programs, and speaking at the security conferences
Senior Security Engineer, Application & Platform Security
San Francisco, CA · On-site
$190K - $280K/yr
Intake, triage, prioritization, remediation tracking, and management of our bug bounty and responsible disclosure program. * Champion secure-by-design principles. Partner with engineering and product ...
Senior Security Engineer, Application & Platform Security
San Francisco, CA · On-site
$190K - $280K/yr
Intake, triage, prioritization, remediation tracking, and management of our bug bounty and responsible disclosure program. * Champion secure-by-design principles. Partner with engineering and product ...
Head of Security
San Francisco, CA · On-site
... Manage our Bug Bounty Program • Implement security controls across Merge, from infrastructure to CI • Implement and run manual and automated security practices to mitigate vulnerabilities • ...
Head of Security
San Francisco, CA · On-site
... Manage our Bug Bounty Program • Implement security controls across Merge, from infrastructure to CI • Implement and run manual and automated security practices to mitigate vulnerabilities • ...
Bug Bounty Manager information
What does a typical week look like for a Bug Bounty Manager in terms of responsibilities and collaboration?
What are the key skills and qualifications needed to thrive as a Bug Bounty Manager, and why are they important?
What are Bug Bounty Managers?
What is the difference between Bug Bounty Manager vs Security Analyst?
| Aspect | Bug Bounty Manager | Security Analyst |
|---|---|---|
| Required Credentials | Certifications like OSCP, CEH, or CISSP; experience in bug bounty programs | Certifications such as CISSP, GIAC, or CEH; strong knowledge of security protocols |
| Work Environment | Focus on managing bug bounty programs, coordinating with researchers, and analyzing reports | Monitoring security systems, conducting vulnerability assessments, and incident response |
| Employer & Industry Usage | Tech companies, cybersecurity firms, organizations running bug bounty programs | Corporate security teams, government agencies, consulting firms |
The Bug Bounty Manager primarily oversees bug bounty initiatives, managing researcher collaborations and triaging reports. In contrast, a Security Analyst focuses on analyzing security threats, conducting assessments, and maintaining overall security posture. Both roles require security certifications and a strong understanding of vulnerabilities, but their daily tasks and focus areas differ significantly.

Full-time
Medical, Dental, Vision, Life, Retirement, PTO
Re-posted 5 days ago
DoorDash rating
6.4
Based on 182 frontline employees who took The Breakroom Quiz
12th of 23 rated food delivery companies
Job description
At DoorDash we're building the industry's most scalable and reliable delivery network to support our three-sided marketplace of consumers, merchants, and Dashers. Security is paramount to the success of our business, and DoorDash Security aspires to be the world's most admired security team. We are committed to building the world's most trusted on-demand, logistics engine for delivery! We're expanding our team of great minds to help us secure and maintain a 24x7, no downtime, global infrastructure system that powers DoorDash's multi-sided marketplace of consumers, merchants, and dashers.
About the Role
Our Security Engineering team is looking for an Engineering Manager, Proactive Security to set and lead the technical direction for Security Product Engineering at DoorDash globally.
You will be a part of our inclusive, collaborative global team responsible for building "paved road" Security Product controls directly into our Customer, Merchant and Dasher products to ensure a safe, secure and resilient delivery network. This is a US or Canada remote position reporting directly to the Director of our Security Engineering team.
You're excited about this opportunity because you will...
- Set and execute the technical vision for Security Product Engineering Pods, Bug Bounty and Vuln Management teams, ensuring alignment with DoorDash business objectives.
- Lead the overall Security Product Engineering, Bug Bounty and Mythos era Vulnerability Management direction and roadmap execution.
- Coach and mentor highly skilled engineers as a "player-coach" leaning in to understand Customer, Merchant and Dasher security problems at the lowest level and lead the team to build the right proactive controls. Success is not measured in shipping code, it's measured in annihilating and improving classes of vulnerabilities.
- Partner cross-functionally with Product Engineering, Legal, Security Engineering Platform, Data teams and XFN partners to build "paved road" proactive security controls that enable secure by design practices into DoorDash products. Examples of Security Products this team has built include PassKeys, Secured Agentic Security, AI Guardrails, Authentication for Merchants Tablets, Secure Remote Merchant Tablet Access and many upcoming initiatives.
- Partner cross-functionally with Product Engineering, Legal, Security Engineering Platform, Data teams and XFN partners to execute rigorous, agent enabled cross-brand Bug Bounty Program, Penetration Testing Program and Vulnerability Management Program against Mythos era equipped adversaries.
- Build and maintain high Operational Excellence (OE) security services (e.g. Vuln Management Data Lakes) to ensure we operate with excellence, rigor and durable standards to ensure minimal downtime.
- Influence and enable the secure and responsible adoption of AI tools from a Proactive Security perspective.
- 12+ years of experience as a Security Product Engineer at an Internet scale organization with 3+ years of demonstrated technical leadership leading teams building outcomes at global scale.
- Track record of shifting the industry in how Internet scale companies deliver security products across global economies.
- Master's degree in Computer Science, Security Engineering, a related field or equivalent work experience.
- Demonstrated technical leadership in Account Security, Product Security Engineering, AI Security across Business to Consumer, Business to Business, and Business to Vendor security controls.
- Demonstrated technical leadership designing technical Security Engineering controls and processes to meet required regulatory requirements.
- Demonstrated technical leadership in designing scalable, AI enabled and ergonomic Security Review processes.
- Exceptional problem solving of complex, systemic issues that require audacious thinking, rigor and creativity.
- Exceptional analytical and investigative abilities with hands-on experience leading root cause analysis for security incidents and driving long term roadmaps to remediate.
- Exceptional verbal and written communication skills - you will confidently shape and lead the Security Product Engineering function globally and influence stakeholders across core engineering and product teams to security preserving control outcomes.
Compensation
The successful candidate's starting pay will fall within the pay range listed below and is determined based on job-related factors including, but not limited to, skills, experience, qualifications, work location, and market conditions. Base salary is localized according to an employee's work location. Ranges are market-dependent and may be modified in the future.
In addition to base salary, the compensation for this role includes opportunities for equity grants. Talk to your recruiter for more information.
DoorDash cares about you and your overall well-being. That's why we offer a comprehensive benefits package to all regular employees, which includes a 401(k) plan with employer matching, 16 weeks of paid parental leave, wellness benefits, commuter benefits match, paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act). DoorDash also offers medical, dental, and vision benefits, 11 paid holidays, disability and basic life insurance, family-forming assistance, and a mental health program, among others.
To learn more about our benefits, visit our careers page here.
See below for paid time off details:
- For salaried roles: flexible paid time off/vacation, plus 80 hours of paid sick time per year.
- For hourly roles: vacation accrued at about 1 hour for every 25.97 hours worked (e.g. about 6.7 hours/month if working 40 hours/week; about 3.4 hours/month if working 20 hours/week), and paid sick time accrued at 1 hour for every 30 hours worked (e.g. about 5.8 hours/month if working 40 hours/week; about 2.9 hours/month if working 20 hours/week).
The national base pay range for this position within the United States, including Illinois and Colorado.
$193,800-$285,000 USD
About DoorDash
At DoorDash, our mission to empower local economies shapes how our team members move quickly, learn, and reiterate in order to make impactful decisions that display empathy for our range of users-from Dashers to merchant partners to consumers. We are a technology and logistics company that started by enabling door-to-door delivery, and we are looking for team members who can help us go from a company that is known as the place you order food to a company that people turn to for any and all goods.
DoorDash is growing rapidly and changing constantly, which gives our team members the opportunity to share their unique perspectives, solve new challenges, and own their careers. We're committed to supporting employees' happiness, healthiness, and overall well-being by providing comprehensive benefits and perks including premium healthcare, wellness expense reimbursement, paid parental leave and more.
Our Commitment to Diversity and Inclusion
We're committed to growing and empowering a more inclusive community within our company, industry, and cities. That's why we hire and cultivate diverse teams of people from all backgrounds, experiences, and perspectives. We believe that true innovation happens when everyone has room at the table and the tools, resources, and opportunity to excel.
Statement of Non-Discrimination: In keeping with our beliefs and goals, no employee or applicant will face discrimination or harassment based on: race, color, ancestry, national origin, religion, age, gender, marital/domestic partner status, sexual orientation, gender identity or expression, disability status, or veteran status. Above and beyond discrimination and harassment based on "protected categories," we also strive to prevent other subtler forms of inappropriate behavior (i.e., stereotyping) from ever gaining a foothold in our office. Whether blatant or hidden, barriers to success have no place at DoorDash. We value a diverse workforce - people who identify as women, non-binary or gender non-conforming, LGBTQIA+, American Indian or Native Alaskan, Black or African American, Hispanic or Latinx, Native Hawaiian or Other Pacific Islander, differently-abled, caretakers and parents, and veterans are strongly encouraged to apply. Thank you to the Level Playing Field Institute for this statement of non-discrimination.
Pursuant to the San Francisco Fair Chance Ordinance, Los Angeles Fair Chance Initiative for Hiring Ordinance, and any other state or local hiring regulations, we will consider for employment any qualified applicant, including those with arrest and conviction records, in a manner consistent with the applicable regulation.
If you need any accommodations, please inform your recruiting contact upon initial connection.
Notice to Applicants for Jobs Located in NYC or Remote Jobs Associated With Office in NYC Only
We used Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT in NYC. As part of the hiring and/or promotion process, we provided Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound from August 21, 2023, through December 21, 2023. We resumed using Covey Scout for Inbound again on June 29, 2024, and ceased using Covey Scout for Inbound on April 30, 2026.
The Covey tool has been reviewed by an independent auditor. Results of the audit may be viewed here: https://getcovey.com/nyc-local-law-144.
About DoorDash
Sourced by ZipRecruiter
At DoorDash, our mission to empower local economies shapes how our team members move quickly, learn, and reiterate in order to make impactful decisions that display empathy for our range of users--from Dashers to merchant partners to consumers. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team members who can help us go from a company that is known for delivering food to a company that people turn to for any and all goods. DoorDash is growing rapidly and changing constantly, which gives our team members the opportunity to share their unique perspectives, solve new challenges, and own their careers. We're committed to supporting employees' happiness, healthiness, and overall well-being by providing comprehensive benefits and perks including premium healthcare, wellness expense reimbursement, paid parental leave and more.
Industry
Transportation equipment manufacturing
Company size
10,000+ Employees
Headquarters location
San Francisco, CA, US
Year founded
2013