ZipRecruiter

Log In

1

Bug Bounty Program Jobs (NOW HIRING)

World

Staff Product Security Engineer

... bug bounty programs to keep pace with a rapidly growing engineering organization. Qualifications : Required : • 12+ years of hands-on experience in Product Security, Application Security, or Cloud ...

Tines

Senior Product Security Engineer

$117K - $160K/yr

Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...

World

Senior Product Security Engineer

$117K - $160K/yr

... bug bounty programs to keep pace with a rapidly growing engineering organization. Qualifications : Required : • 6+ years of hands-on experience in Product Security, Application Security, or Cloud ...

MoonPay

Senior Application Security Engineer

OR · Remote

$114K - $156K/yr

Investigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation. * Own and continuously improve application ...

MM International

Penetration Tester

San Francisco, CA · On-site

Experience in Red Teaming and bug bounty programs preferred Ideal Candidate: * 5-8 years of security testing experience * Proven ability to mentor teams and implement enterprise security solutions

MoonPay

Senior Application Security Engineer

New York, NY · Remote

$125K - $171K/yr

Investigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation. * Own and continuously improve application ...

Verkada

Security Engineer, Core Command

San Mateo, CA · On-site

... bug bounty program • Triage and recommend solutions for security bugs from tools, third party assessments and bug bounties • Collaborate with the CISO and security team to grow the broader ...

MoonPay

Senior Application Security Engineer

Meridian, ID · Remote

$111K - $152K/yr

Investigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation. * Own and continuously improve application ...

MoonPay

Senior Security Engineer - Automation

$117K - $160K/yr

We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...

Merge

Security Engineer

San Francisco, CA · On-site

... our bug bounty program end to end: triage, response, remediation, and researcher communication • Partner with Engineering to embed secure design patterns and security review into how we ship ...

next page

Showing results 1-20

All JobsBug Bounty Program Jobs

Bug Bounty Program information

See salary details

$16

$49

$78

How much do bug bounty program jobs pay per hour?

As of Jun 26, 2026, the average hourly pay for bug bounty program in the United States is $49.60, according to ZipRecruiter salary data. Most workers in this role earn between $31.73 and $66.83 per hour, depending on experience, location, and employer.

How do I join a bug bounty program?

To join a bug bounty program, you typically need to register on the platform hosting the program, such as HackerOne or Bugcrowd, and agree to their rules and scope. Developing skills in web security, using tools like Burp Suite or OWASP ZAP, and understanding responsible disclosure are essential. Some programs may require prior experience or certifications like OSCP or CEH.

What are some common challenges faced by professionals managing a Bug Bounty Program?

Professionals overseeing a Bug Bounty Program often encounter challenges such as efficiently triaging a high volume of vulnerability reports, ensuring clear communication with security researchers, and balancing quick response times with thorough investigation. Additionally, maintaining strong relationships with both internal development teams and external participants is crucial for program success. Staying updated on evolving security threats and continually refining program policies are ongoing responsibilities that require adaptability and collaboration.

How much do bug bounties get paid?

Bug bounty programs pay security researchers based on the severity and impact of the vulnerabilities they discover, with rewards ranging from $100 to over $100,000 for critical issues. Payments vary depending on the program, the organization, and the complexity of the bug, and researchers often use platforms like HackerOne or Bugcrowd to participate.

Which bug bounty pays the most?

Bug bounty programs from large technology companies like Apple, Google, and Microsoft tend to offer the highest payouts, often reaching hundreds of thousands of dollars for critical vulnerabilities. Successful bug bounty hunters typically have strong technical skills, knowledge of security testing tools, and experience in identifying high-impact security flaws.

What are the key skills and qualifications needed to thrive as a Bug Bounty Program participant, and why are they important?

To excel in a Bug Bounty Program, you need strong knowledge of cybersecurity fundamentals, vulnerability assessment, and web or software exploitation techniques, often backed by practical experience or certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Nmap, and Metasploit, as well as bug bounty platforms like HackerOne or Bugcrowd, is typically required. Critical thinking, persistence, and clear written communication are crucial soft skills for effectively identifying vulnerabilities and reporting them to organizations. These skills ensure you can discover security flaws efficiently, responsibly disclose them, and build a positive reputation in the cybersecurity community.

What is a Bug Bounty Program?

A Bug Bounty Program is an initiative offered by organizations that invites ethical hackers and security researchers to identify and report vulnerabilities in the company’s software, websites, or systems. Participants are typically rewarded with monetary compensation, recognition, or other incentives based on the severity of the bugs they find. These programs help organizations strengthen their security by leveraging the broader cybersecurity community, thus identifying issues before malicious hackers can exploit them. Bug bounty programs are widely used by tech companies to enhance security and build trust with users.

Will Facebook pay $500 if you find a bug in their code?

As a bug bounty program participant, Facebook's bug bounty rewards vary depending on the severity and impact of the vulnerability found. While some reports have received payments of $500 or more, the amount is not guaranteed and depends on the quality and significance of the bug. Participants should review Facebook's bug bounty guidelines for specific payout details and submission criteria.

What is the difference between Bug Bounty Program vs Penetration Tester?

AspectBug Bounty ProgramPenetration Tester
CredentialsKnowledge of security vulnerabilities, bug reporting skillsCertifications like OSCP, CEH, CISSP often preferred
Work EnvironmentRemote, project-based, crowdsourcedConsulting firms, in-house teams, on-site or remote
Industry UsageTech companies, startups, open security initiativesSecurity firms, corporate security teams, government agencies
Search/Comparison IntentUnderstanding crowdsourced bug finding vs professional testingComparing freelance or company-based security assessments

The main difference is that Bug Bounty Programs are crowdsourced initiatives where individuals report vulnerabilities remotely, often without formal certifications. Penetration Testers are professionals with certifications who perform targeted security assessments, usually in a consulting or in-house setting. Both roles focus on identifying security flaws but differ in structure, credentials, and work environment.

More about Bug Bounty Program jobs
What cities are hiring for Bug Bounty Program jobs? Cities with the most Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Bug Bounty Program jobs? States with the most job openings for Bug Bounty Program jobs include:
What job categories do people searching Bug Bounty Program jobs look for? The top searched job categories for Bug Bounty Program jobs are:
Bug Bounty Program jobs near you
Infographic showing various Bug Bounty Program job openings in the United States as of June 2026, with employment types broken down into 50% Full Time, and 50% Contract. Highlights an 100% In-person job distribution, with an average salary of $103,178 per year, or $49.6 per hour.
Senior Product Security Engineer

Senior Product Security Engineer

Persona Identities, Inc

San Francisco, CA • On-site

$200K - $280K/yr

Full-time

Medical, Dental, Vision, Retirement, PTO

Posted 5 days ago

Job description

About Persona
Persona is the configurable identity platform built for businesses in a digital-first world. Verifying individuals and organizations is harder - but more important - than ever, with AI enabling fraudsters to launch sophisticated accounts at scale and regulations evolving rapidly.
We've built Persona to support practically every use case and industry - that's why we're able to serve a wide range of leading companies. For example, Reddit relies on Persona for age assurance and verification to comply with online safety regulations, protecting younger users while maintaining a seamless experience. Meanwhile, OpenAI relies on Persona to keep bad actors out, protecting one of the world's most powerful AI platforms from large-scale abuse in a time when AI is reshaping the way we work and live.
We're growing rapidly and looking for exceptional people to join us!
About the Role
Persona builds identity verification infrastructure where security isn't a layer we add later, it's core to everything we ship. When security fails at most companies, systems go down. At an identity verification company, real people's identities are compromised.
As AI tooling expands what engineers can build and how fast they can build it, the attack surface grows with it. Someone proactively needs to own that problem.
What you'll work on
This is a product security role embedded in a generalist security team. Right now that means:
  • Drive the full vulnerability lifecycle and how Persona responds to external threats.
  • Design and build autonomous systems and AI tooling that scale security across every team and product
  • Partner with product engineers to shape how new features and systems get built securely
  • Shape Persona's presence in the security research community - running the bug bounty program that powers it

Must-haves
  • 6+ years of software engineering experience
  • 3+ years in product security
  • You've translated security risk into product decisions with non-technical stakeholders
  • You've embedded security into an eng team's SDLC without becoming the team that says no to everything

Nice to have
  • Familiarity with SAST/DAST tooling, dependency scanning, or bug bounty programs
  • Compliance experience (SOC 2, HIPAA) in a cloud-native environment
  • You've built systems where data sensitivity wasn't an afterthought - HIPAA, financial data, identity, etc.

The team
Small and senior by design. High ownership from day one - this isn't a team where your work disappears into a large org.
Based in SF. Relocation assistance available.
Benefits and Perks
For full-time US-based employees (excluding internship and contractor opportunities), Persona offers a wide range of benefits, including medical, dental, and vision, 3% 401(k) contribution, unlimited PTO, quarterly mental health days, family planning benefits, professional development stipend, wellness benefits, among others.
For full-time UK employees, Persona offers a wide range of benefits, including private medical insurance, dental insurance, a 6% employer pension contribution, unlimited PTO, a monthly wellness stipend, professional development stipend, co-working stipend, and more.
As part of our interview process, all candidates will be asked to verify their identity with Persona. This step is used solely to confirm that candidates are who they say they are, and will have no impact on hiring decisions.

Apply