1

Bug Bounty Program Jobs in Colorado (NOW HIRING)

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Security Engineer

Denver, CO · On-site

$115K - $130K/yr

Mature Ibotta's bug bounty program to scale with AI generated submissions and attack surface. * Analyze Ibotta's application architecture to identify weaknesses and develop opportunities for ...

The role focuses on vulnerability intake, triage, and validation, including managing submissions from the Vulnerability Disclosure and Bug Bounty Programs and evaluating false positive review ...

Experience with AI red teaming, adversarial ML testing tools such as Garak,PyRIT, orCounterfit, AI bug bounty programs, or AI security research. * Familiarity with AI governance frameworks and ...

Experience with AI red teaming, adversarial ML testing tools such as Garak, PyRIT, or Counterfit, AI bug bounty programs, or AI security research. * Familiarity with AI governance frameworks and ...

Bug Bounty Program information

What are some common challenges faced by professionals managing a Bug Bounty Program?

Professionals overseeing a Bug Bounty Program often encounter challenges such as efficiently triaging a high volume of vulnerability reports, ensuring clear communication with security researchers, and balancing quick response times with thorough investigation. Additionally, maintaining strong relationships with both internal development teams and external participants is crucial for program success. Staying updated on evolving security threats and continually refining program policies are ongoing responsibilities that require adaptability and collaboration.

What are the key skills and qualifications needed to thrive as a Bug Bounty Program participant, and why are they important?

To excel in a Bug Bounty Program, you need strong knowledge of cybersecurity fundamentals, vulnerability assessment, and web or software exploitation techniques, often backed by practical experience or certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Nmap, and Metasploit, as well as bug bounty platforms like HackerOne or Bugcrowd, is typically required. Critical thinking, persistence, and clear written communication are crucial soft skills for effectively identifying vulnerabilities and reporting them to organizations. These skills ensure you can discover security flaws efficiently, responsibly disclose them, and build a positive reputation in the cybersecurity community.

What is a Bug Bounty Program?

A Bug Bounty Program is an initiative offered by organizations that invites ethical hackers and security researchers to identify and report vulnerabilities in the company’s software, websites, or systems. Participants are typically rewarded with monetary compensation, recognition, or other incentives based on the severity of the bugs they find. These programs help organizations strengthen their security by leveraging the broader cybersecurity community, thus identifying issues before malicious hackers can exploit them. Bug bounty programs are widely used by tech companies to enhance security and build trust with users.

What is the difference between Bug Bounty Program vs Penetration Tester?

AspectBug Bounty ProgramPenetration Tester
CredentialsKnowledge of security vulnerabilities, bug reporting skillsCertifications like OSCP, CEH, CISSP often preferred
Work EnvironmentRemote, project-based, crowdsourcedConsulting firms, in-house teams, on-site or remote
Industry UsageTech companies, startups, open security initiativesSecurity firms, corporate security teams, government agencies
Search/Comparison IntentUnderstanding crowdsourced bug finding vs professional testingComparing freelance or company-based security assessments

The main difference is that Bug Bounty Programs are crowdsourced initiatives where individuals report vulnerabilities remotely, often without formal certifications. Penetration Testers are professionals with certifications who perform targeted security assessments, usually in a consulting or in-house setting. Both roles focus on identifying security flaws but differ in structure, credentials, and work environment.

What are the most commonly searched types of Bug Bounty Program jobs in Colorado? The most popular types of Bug Bounty Program jobs in Colorado are:
What are popular job titles related to Bug Bounty Program jobs in Colorado? For Bug Bounty Program jobs in Colorado, the most frequently searched job titles are:
What job categories do people searching Bug Bounty Program jobs in Colorado look for? The top searched job categories for Bug Bounty Program jobs in Colorado are:
What cities in Colorado are hiring for Bug Bounty Program jobs? Cities in Colorado with the most Bug Bounty Program job openings:
Senior Application Security Engineer

Senior Application Security Engineer

Recurly

Broomfield, CO

$59.25 - $79/hr

Full-time

Medical, Dental, Vision, Life, Retirement

Posted 28 days ago


Job description

As a member of the Application Security team, you will help prevent and mitigate vulnerabilities by collaborating with the rest of the organization and contributing product security enhancements. You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments, and work with developers to prevent security problems before they happen. This position will require a close working relationship with our development teams and their management to be successful. This is a highly visible role in the company to ensure that Recurly remains ahead of emerging application threats.

Technology/Services you will use: 

Programming Languages (Ruby, Go, Rust, JavaScript), Cloud Armor WAF, Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools, Software Composition Analysis (SCA) tools, Bug Bounty Programs, Containers, Git and similar.

The Application Security team shares the following responsibilities. The ideal candidate will be flexible and prepared to contribute across all of these areas as needed:

Manage the end-to-end engineering and integration of AI/ML-driven security solutions into our DevSecOps pipeline and existing application security processes to maximize efficiency and coverage

Architect, build, and maintain the infrastructure and tooling necessary to successfully deploy and operate new AI-powered security capabilities

Proactively evaluate, pilot, and champion innovative ways to leverage artificial intelligence for vulnerability detection, threat modeling, and risk assessment optimization

Use threat modeling to provide security guidance to Engineers

Deliver secure development training

Complete security code reviews of new features and bug fixes

Complete security assessments of new products, services, and vendors

Perform risk assessments to add items to the security backlog and prioritize that backlog

Triage, reproduce, and work with application teams to fix bug bounty and pentest findings

Review security posture and roadmap, make suggestions, and bring new ideas to the table

Implement tooling into the DevSecOps pipeline to automate security testing

Coordinate with SecOps to ensure that incident response plans for application-related incidents are up-to-date and valid

Respond to incidents for high severity application vulnerabilities

Implement Product Security features to increase the overall security of the application

Triage and manage the results of automated scanning tools

Conduct penetration tests on significant code changes being released

Requirements

Strong candidates should possess a blend of experience in the following:

Developing in multiple programming languages

Collaborating closely with development teams in a DevSecOps environment

Managing Bug Bounty programs

Demonstrated experience engineering and managing the integration of AI/ML models or tools into security pipelines (DevSecOps).

Enthusiasm for exploring and implementing emerging technologies, specifically AI, to solve complex security challenges and increase team efficiencyUsing Static and Dynamic Code Analysis tools

Building security checks into the CI/CD pipeline

Conducting application analysis with Burp Suite

Working with Terraform, Graylog, GCP, and Kubernetes

Performing website application penetration testing

Benefits

As a full-time employee, Recurly offers competitive benefits programs, perks and options designed to fit your needs and the needs of your family. We offer medical, dental and vision benefits and a menu from which to choose options that work best for you and eligible dependents. We also offer life insurance, short and long-term disability, hospital indemnity, critical illness coverage, employee accident protection, health savings account (HSA) with company contribution & flexible spending account (FSA) options, employee assistance program, Legal and Pet Insurance.

Other perks may include:

401(k) Retirement Plan and company match

Flex Time Off

Company Events

Training/Development

Tuition reimbursement

Commuter benefits

Volunteer opportunities

Recurly is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to gender, age, race, religion, or any other classification which is protected by applicable law. Recurly is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at talent@recurly.com