1

Bug Bounty Manager Jobs (NOW HIRING)

... Manage our Bug Bounty Program • Implement security controls across Merge, from infrastructure to CI • Implement and run manual and automated security practices to mitigate vulnerabilities • ...

Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming ... Demonstrated ability to manage competing priorities and maintain operational excellence in a fast ...

Build tooling that scales security past one person: supply chain security, vulnerability management ... You've done some mix of vulnerability triage, bug bounty, disclosure, or incident response, and can ...

Prior experience selling crowdsourced security, Bug Bounty, or Attack Surface Management solutions. * Familiarity with Salesforce and sales engagement tools. * A four-year degree from an accredited ...

Build and maintain golden images and a patch management program across our compute fleet (EC2 ... Validate, triage, and coordinate security findings from bug bounty, third-party pentests, and cloud ...

... manage their Starlink account and equipment. In this role, you will continually assess Starlink ... You will also be responsible for monitoring and responding to bug bounty submissions. Ideally, you ...

CNO Developer

Chantilly, VA · On-site

$130K - $178K/yr

... management. Responsibilities : • Conducting CNO related software development; frontend ... bug bounty programs, and speaking at the security conferences • Rapid Prototype Software ...

... manage their Starlink account and equipment. In this role, you will continually assess Starlink ... You will also be responsible for monitoring and responding to bug bounty submissions. Ideally, you ...

CNO Developer

Chantilly, VA · On-site

$130K - $178K/yr

... managing virtualized systems • Comfortable and willing to operate/maintain customer-provided COTS ... bug bounty programs, and speaking at the security conferences • Rapid Prototype Software ...

... bug bounty program • Partner with engineering teams to design and deploy solutions which are ... Ramp is a financial technology company that develops software for corporate spend management ...

Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming ... Demonstrated ability to manage competing priorities and maintain operational excellence in a fast ...

... manage their Starlink account and equipment. In this role, you will continually assess Starlink ... You will also be responsible for monitoring and responding to bug bounty submissions. Ideally, you ...

Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming ... Demonstrated ability to manage competing priorities and maintain operational excellence in a fast ...

next page

Showing results 1-20

Bug Bounty Manager information

What does a typical week look like for a Bug Bounty Manager in terms of responsibilities and collaboration?

A Bug Bounty Manager typically spends the week overseeing vulnerability reports, coordinating with security researchers, and prioritizing remediation efforts with engineering teams. They review incoming submissions, validate findings, and communicate with both internal stakeholders and external participants to ensure clear understanding and timely resolution of issues. Collaboration is key in this role, as managers often work closely with developers, legal, and compliance teams to align on security priorities and program updates. Additionally, they may analyze program metrics and provide feedback to improve the bounty process.

What are the key skills and qualifications needed to thrive as a Bug Bounty Manager, and why are they important?

To thrive as a Bug Bounty Manager, you need expertise in cybersecurity, vulnerability management, and a solid understanding of software development, typically supported by a degree in computer science or related field. Familiarity with bug bounty platforms (such as HackerOne or Bugcrowd), vulnerability tracking tools, and relevant certifications like CISSP or CEH is important. Strong communication, analytical thinking, and stakeholder management skills help you coordinate between security researchers and internal teams. These skills ensure effective vulnerability reporting, timely remediation, and the overall security posture of the organization.

What are Bug Bounty Managers?

Bug Bounty Managers are professionals responsible for overseeing bug bounty programs, which incentivize security researchers to find and report vulnerabilities in a company's software or systems. They coordinate the design, implementation, and management of these programs, ensuring that reported issues are validated, prioritized, and addressed efficiently. Bug Bounty Managers also communicate with security researchers, internal security teams, and stakeholders to improve the organization's security posture. Their role is crucial in fostering a collaborative relationship between the organization and the security community.

What is the difference between Bug Bounty Manager vs Security Analyst?

AspectBug Bounty ManagerSecurity Analyst
Required CredentialsCertifications like OSCP, CEH, or CISSP; experience in bug bounty programsCertifications such as CISSP, GIAC, or CEH; strong knowledge of security protocols
Work EnvironmentFocus on managing bug bounty programs, coordinating with researchers, and analyzing reportsMonitoring security systems, conducting vulnerability assessments, and incident response
Employer & Industry UsageTech companies, cybersecurity firms, organizations running bug bounty programsCorporate security teams, government agencies, consulting firms

The Bug Bounty Manager primarily oversees bug bounty initiatives, managing researcher collaborations and triaging reports. In contrast, a Security Analyst focuses on analyzing security threats, conducting assessments, and maintaining overall security posture. Both roles require security certifications and a strong understanding of vulnerabilities, but their daily tasks and focus areas differ significantly.

More about Bug Bounty Manager jobs
What cities are hiring for Bug Bounty Manager jobs? Cities with the most Bug Bounty Manager job openings:
What are the most commonly searched types of Bug Bounty jobs? The most popular types of Bug Bounty jobs are:
What states have the most Bug Bounty Manager jobs? States with the most job openings for Bug Bounty Manager jobs include:
What job categories do people searching Bug Bounty Manager jobs look for? The top searched job categories for Bug Bounty Manager jobs are:
Infographic showing various Bug Bounty Manager job openings in the United States as of July 2026, with employment types broken down into 7% Locum Tenens, 1% Internship, 66% Full Time, 6% Part Time, 1% Nights, and 19% Summer. Highlights an 87% Physical, 1% Hybrid, and 12% Remote job distribution.
Head of Security

Head of Security

Merge

San Francisco, CA • On-site

Full-time

Posted 7 days ago


Job description

Job Summary:
Merge is the leading provider of agentic tools and customer-facing integrations for frontier LLMs, Fortune 500 organizations, and B2B SaaS companies. As the Director of Security at Merge, you will manage our security programs, including infrastructure, compliance, and security automation.
Responsibilities:
• Create and drive the security roadmap
• Manage our compliance automation programs (SOC 2, ISO 27001, HIPAA, etc.). We’ve already achieved these using Drata, and while you have a team to support you, you will take the lead.
• Ensure all engineers and employees of Merge treat security as a core part of our practices
• Manage our Bug Bounty Program
• Implement security controls across Merge, from infrastructure to CI
• Implement and run manual and automated security practices to mitigate vulnerabilities
• Assist with security reviews, threat modeling, disaster recovery practice, and code reviews
Qualifications:
Required:
• 7+ years of security engineering experience
• Ownership or leadership within areas of security at previous organizations, infosec being a plus
• An overall excitement around building a more secure engineering function and organization
• Ability to manage security programs
• Experience with and a desire to code in at least one major programming language
• A thorough understanding of networking and infrastructure, including load balancing, VPNs, Zero Trust, HTTPS, DNS, etc.
• Experience with multi-tenant cloud environments
Company:
Merge is one API to add hundreds of integrations to your product Founded in 2020, the company is headquartered in San Francisco, USA, with a team of 51-200 employees. The company is currently Growth Stage.