Product Security Engineer
$45 - $50/hr
Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for ...
Product Security Engineer
$45 - $50/hr
Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for ...
Product Security Engineer
$45 - $50/hr
Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for ...
Product Security Engineer
$45 - $50/hr
Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for ...
... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH Master, Security+ Key Responsibilities: * Develop and deliver training programs on ISSO, ISSM roles ...
Quick apply
... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH Master, Security+ Key Responsibilities: * Develop and deliver training programs on ISSO, ISSM roles ...
Bug Bounty Program information
How do I join a bug bounty program?
To join a bug bounty program, you typically need to register on the platform hosting the program, such as HackerOne or Bugcrowd, and agree to their rules and scope. Developing skills in web security, using tools like Burp Suite or OWASP ZAP, and understanding responsible disclosure are essential. Some programs may require prior experience or certifications like OSCP or CEH.
What are some common challenges faced by professionals managing a Bug Bounty Program?
Professionals overseeing a Bug Bounty Program often encounter challenges such as efficiently triaging a high volume of vulnerability reports, ensuring clear communication with security researchers, and balancing quick response times with thorough investigation. Additionally, maintaining strong relationships with both internal development teams and external participants is crucial for program success. Staying updated on evolving security threats and continually refining program policies are ongoing responsibilities that require adaptability and collaboration.
How much do bug bounties get paid?
Bug bounty programs pay security researchers based on the severity and impact of the vulnerabilities they discover, with rewards ranging from $100 to over $100,000 for critical issues. Payments vary depending on the program, the organization, and the complexity of the bug, and researchers often use platforms like HackerOne or Bugcrowd to participate.
Which bug bounty pays the most?
Bug bounty programs from large technology companies like Apple, Google, and Microsoft tend to offer the highest payouts, often reaching hundreds of thousands of dollars for critical vulnerabilities. Successful bug bounty hunters typically have strong technical skills, knowledge of security testing tools, and experience in identifying high-impact security flaws.
What are the key skills and qualifications needed to thrive as a Bug Bounty Program participant, and why are they important?
To excel in a Bug Bounty Program, you need strong knowledge of cybersecurity fundamentals, vulnerability assessment, and web or software exploitation techniques, often backed by practical experience or certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Nmap, and Metasploit, as well as bug bounty platforms like HackerOne or Bugcrowd, is typically required. Critical thinking, persistence, and clear written communication are crucial soft skills for effectively identifying vulnerabilities and reporting them to organizations. These skills ensure you can discover security flaws efficiently, responsibly disclose them, and build a positive reputation in the cybersecurity community.
What is a Bug Bounty Program?
A Bug Bounty Program is an initiative offered by organizations that invites ethical hackers and security researchers to identify and report vulnerabilities in the company’s software, websites, or systems. Participants are typically rewarded with monetary compensation, recognition, or other incentives based on the severity of the bugs they find. These programs help organizations strengthen their security by leveraging the broader cybersecurity community, thus identifying issues before malicious hackers can exploit them. Bug bounty programs are widely used by tech companies to enhance security and build trust with users.
Will Facebook pay $500 if you find a bug in their code?
As a bug bounty program participant, Facebook's bug bounty rewards vary depending on the severity and impact of the vulnerability found. While some reports have received payments of $500 or more, the amount is not guaranteed and depends on the quality and significance of the bug. Participants should review Facebook's bug bounty guidelines for specific payout details and submission criteria.
What is the difference between Bug Bounty Program vs Penetration Tester?
| Aspect | Bug Bounty Program | Penetration Tester |
|---|---|---|
| Credentials | Knowledge of security vulnerabilities, bug reporting skills | Certifications like OSCP, CEH, CISSP often preferred |
| Work Environment | Remote, project-based, crowdsourced | Consulting firms, in-house teams, on-site or remote |
| Industry Usage | Tech companies, startups, open security initiatives | Security firms, corporate security teams, government agencies |
| Search/Comparison Intent | Understanding crowdsourced bug finding vs professional testing | Comparing freelance or company-based security assessments |
The main difference is that Bug Bounty Programs are crowdsourced initiatives where individuals report vulnerabilities remotely, often without formal certifications. Penetration Testers are professionals with certifications who perform targeted security assessments, usually in a consulting or in-house setting. Both roles focus on identifying security flaws but differ in structure, credentials, and work environment.
What are the most commonly searched types of Bug Bounty Program jobs in Utah? The most popular types of Bug Bounty Program jobs in Utah are:
What are popular job titles related to Bug Bounty Program jobs in Utah? For Bug Bounty Program jobs in Utah, the most frequently searched job titles are:
What job categories do people searching Bug Bounty Program jobs in Utah look for? The top searched job categories for Bug Bounty Program jobs in Utah are:
What cities in Utah are hiring for Bug Bounty Program jobs? Cities in Utah with the most Bug Bounty Program job openings:
$45 - $50/hr
Contractor
Medical, Dental, Vision, Life, Retirement, PTO
Posted 3 days ago
Job description
Description
About the Role
Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for external vulnerability reports submitted through the program, working closely with internal engineering and security teams to ensure timely, accurate triage and resolution.
Responsibilities
Triage incoming vulnerability reports submitted via the bug bounty platform, assessing validity, impact, and scope.
Assign CVSS scores and severity ratings accurately, following Adobe’s internal severity guidelines and industry standards.
Reproduce proof-of-concept (PoC) exploits to validate reported vulnerabilities across web, API, and mobile surfaces.
Communicate clearly and professionally with external researchers: request clarifications, provide status updates, and manage expectations.
Coordinate with product engineering teams to route confirmed vulnerabilities for remediation.
Identify duplicate, out-of-scope, or informational reports and close them with clear, respectful explanations.
Contribute to internal documentation, triage runbooks, and severity calibration guidelines.
Flag systemic or critical findings to Bug Bounty team for escalation as needed.
Required Qualifications
3+ years of experience in application security, penetration testing, or a bug bounty / vulnerability disclosure role.
Strong understanding of CVSS v3.1 scoring and hands-on experience applying it to real-world vulnerabilities.
Proficiency in common web vulnerability classes: XSS, SQL injection, SSRF, IDOR, authentication flaws, and business logic issues.
Ability to reproduce and validate PoC exploits using tools such as Burp Suite, browser DevTools, curl, and custom scripts.
Familiarity with bug bounty platforms (e.g., HackerOne, Bugcrowd) and responsible disclosure processes.
Solid written communication skills — able to write clear, constructive responses to researchers of all skill levels.
Familiarity with attacker techniques used by external researchers against LLM systems and generative AI products.
Knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.
Skills
Application security, cvss, hackerone, owasp 10 frameworks, security testing, ai vulnerabilities, ai expertise, owasp 10 LLM
Top Skills Details
Application security,cvss,hackerone,owasp 10 frameworks,security testing
Additional Skills & Qualifications
Experience with cloud environments (AWS, Azure, GCP) and API security testing.
Hands-on experience in penetration testing of AI/ML and LLM-powered products, including chat interfaces, agentic workflows, and inference APIs.
Prior participation in bug bounty programs as a researcher.
Familiarity with OWASP Top 10, CWE taxonomy, and CVE assignment processes.
Background working within a large enterprise or SaaS security organization.
Job Type & LocationThis is a Contract position based out of Lehi, UT.
Pay and BenefitsThe pay range for this position is $45.00 - $50.00/hr.
Eligibility requirements apply to some benefits and may depend on your job
classification and length of employment. Benefits are subject to change and may be
subject to specific elections, plan, or program terms. If eligible, the benefits
available for this temporary role may include the following:
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
This is a hybrid position in Lehi,UT.
Application DeadlineThis position is anticipated to close on Jun 30, 2026.
About TEKsystemsWe're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
About TEKsystems and TEKsystems Global ServicesWe’re a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We’re a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We’re strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We’re building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.
The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
San Francisco Fair Chance Ordinance: Pursuant to the San Francisco Fair Chance Ordinance, for all positions located in the city and county of San Francisco, we will consider for employment qualified applicants with arrest and conviction records.
Massachusetts Lie Detector: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Use of Artificial Intelligence (AI): We may use Artificial Intelligence (AI) to support parts of our hiring process, including sourcing, screening, and evaluating candidates. AI helps assess applications and qualifications, but final decisions are made by our hiring team. By applying, you acknowledge and agree that your application may be reviewed using AI tools.