1

Bug Bounty Program Jobs in Florida (NOW HIRING)

And it's a rare chance to do that hands-on inside a program that helps protect the health data of ... validation, or Bug Bounty, with a track record of delivering engagements end to end: scoping ...

Senior Engineer, Offensive Security

Miami, FL · On-site

$109K - $150K/yr

And it's a rare chance to do that hands-on inside a program that helps protect the health data of ... validation, or Bug Bounty, with a track record of delivering engagements end to end: scoping ...

And it's a rare chance to do that hands-on inside a program that helps protect the health data of ... validation, or Bug Bounty, with a track record of delivering engagements end to end: scoping ...

Senior Engineer, Offensive Security

Tampa, FL · On-site

$108K - $148K/yr

And it's a rare chance to do that hands-on inside a program that helps protect the health data of ... validation, or Bug Bounty, with a track record of delivering engagements end to end: scoping ...

Senior Engineer, Offensive Security

Miami, FL · On-site

$109K - $150K/yr

And it's a rare chance to do that hands-on inside a program that helps protect the health data of ... validation, or Bug Bounty, with a track record of delivering engagements end to end: scoping ...

Senior Engineer, Offensive Security

Tampa, FL · On-site

$108K - $148K/yr

And it's a rare chance to do that hands-on inside a program that helps protect the health data of ... validation, or Bug Bounty, with a track record of delivering engagements end to end: scoping ...

Bug Bounty Program information

What are some common challenges faced by professionals managing a Bug Bounty Program?

Professionals overseeing a Bug Bounty Program often encounter challenges such as efficiently triaging a high volume of vulnerability reports, ensuring clear communication with security researchers, and balancing quick response times with thorough investigation. Additionally, maintaining strong relationships with both internal development teams and external participants is crucial for program success. Staying updated on evolving security threats and continually refining program policies are ongoing responsibilities that require adaptability and collaboration.

What are the key skills and qualifications needed to thrive as a Bug Bounty Program participant, and why are they important?

To excel in a Bug Bounty Program, you need strong knowledge of cybersecurity fundamentals, vulnerability assessment, and web or software exploitation techniques, often backed by practical experience or certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Nmap, and Metasploit, as well as bug bounty platforms like HackerOne or Bugcrowd, is typically required. Critical thinking, persistence, and clear written communication are crucial soft skills for effectively identifying vulnerabilities and reporting them to organizations. These skills ensure you can discover security flaws efficiently, responsibly disclose them, and build a positive reputation in the cybersecurity community.

What is a Bug Bounty Program?

A Bug Bounty Program is an initiative offered by organizations that invites ethical hackers and security researchers to identify and report vulnerabilities in the company’s software, websites, or systems. Participants are typically rewarded with monetary compensation, recognition, or other incentives based on the severity of the bugs they find. These programs help organizations strengthen their security by leveraging the broader cybersecurity community, thus identifying issues before malicious hackers can exploit them. Bug bounty programs are widely used by tech companies to enhance security and build trust with users.

What is the difference between Bug Bounty Program vs Penetration Tester?

AspectBug Bounty ProgramPenetration Tester
CredentialsKnowledge of security vulnerabilities, bug reporting skillsCertifications like OSCP, CEH, CISSP often preferred
Work EnvironmentRemote, project-based, crowdsourcedConsulting firms, in-house teams, on-site or remote
Industry UsageTech companies, startups, open security initiativesSecurity firms, corporate security teams, government agencies
Search/Comparison IntentUnderstanding crowdsourced bug finding vs professional testingComparing freelance or company-based security assessments

The main difference is that Bug Bounty Programs are crowdsourced initiatives where individuals report vulnerabilities remotely, often without formal certifications. Penetration Testers are professionals with certifications who perform targeted security assessments, usually in a consulting or in-house setting. Both roles focus on identifying security flaws but differ in structure, credentials, and work environment.

What are the most commonly searched types of Bug Bounty Program jobs in Florida? The most popular types of Bug Bounty Program jobs in Florida are:
What cities in Florida are hiring for Bug Bounty Program jobs? Cities in Florida with the most Bug Bounty Program job openings:
Infographic showing various Bug Bounty Program job openings in Florida as of July 2026, with employment types broken down into 27% Locum Tenens, 38% Full Time, 6% Part Time, 1% Temporary, and 28% Summer. Highlights an 87% Physical, 1% Hybrid, and 12% Remote job distribution.
Senior Engineer, Application Security

Senior Engineer, Application Security

Intercontinental Exchange Holdings, Inc.

Jacksonville, FL • On-site

$54.25 - $72.50/hr

Full-time

Re-posted 21 days ago


Job description

Overview
Job Purpose
An Intercontinental Exchange (ICE) IS AppSec Engineer is part of a team responsible for ensuring that ICE produces and maintains secure applications. The team member influences secure design, performs code analysis, identifies vulnerabilities through hands-on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams and management.
Responsibilities
  • Application Identification and Review - Operates the Application Development Security Lifecycle from design review through automated and hands-on testing.
  • Standards and Policies - Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS.
  • Secure Design - Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases.
  • Tool Management - Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application's security with static code analyzers (SAST), dynamic testing (DAST) tools, software composition scanners, Web Application Firewall (WAF) and bug bounty programs.
  • Developer Education - Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities.

Knowledge and Experience
  • University degree in Computer Science, Engineering, MIS, CIS, or related discipline
  • Software engineering experience in Java, C++, .NET and/or related languages
  • Expert at deploying, configuring, and using SAST, DAST, and Software Composition in large environments
  • Experience designing solutions to integrate transparently with the CI/CD pipeline
  • Familiar with application development in large cloud environments

Analyst, Engineer and Senior Engineer DistinctionSeniority is determined by experience and demonstration of exceptional competencies including:
  • Documenting and effectively publishing technology guidance and repeatable processes
  • Mentoring peers in groups and individually
  • Improving processes and introducing superior technology
  • Taking initiative to learn business goals, liaise with other departments, and identify ways to increase productivity in other ICE groups and offices

-
Intercontinental Exchange, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to legally protected characteristics.