1

Bug Bounty Program Jobs (NOW HIRING)

CNO Developer

Chantilly, VA · On-site

$130K - $178K/yr

... events, bug bounty programs, and speaking at the security conferences • Rapid Prototype Software Development Company : Accenture Federal Services is a leading US federal services company and ...

CNO Developer

Chantilly, VA · On-site

$130K - $178K/yr

... events, bug bounty programs, and speaking at the security conferences • Rapid Prototype Software Development Company : Accenture Federal Services is a leading US federal services company and ...

... bug bounty program. • Help respond to product security incidents. • Design and build technical systems to prevent spam, fraud, and abuse. • Partner closely with product teams to identify and ...

... bug bounty program. • Help respond to product security incidents. • Design and build technical systems to prevent spam, fraud, and abuse. • Partner closely with product teams to identify and ...

... bug bounty program. • Help respond to product security incidents. • Design and build technical systems to prevent spam, fraud, and abuse. • Partner closely with product teams to identify and ...

Head of Security

San Francisco, CA · On-site

$240K - $280K/yr

Manage our Bug Bounty Program * Implement security controls across Merge, from infrastructure to CI * Implement and run manual and automated security practices to mitigate vulnerabilities * Assist ...

... the bug bounty program, including triage, response processes, and improvements to vulnerability management workflows. • Develop security standards, playbooks, and training programs that make ...

Hands-on experience in offensive security (eg, through bug bounty programs or CTFs) The salary range for this role is $160,000 - $240,000. The salary for this position is determined based on a ...

... Bug Bounty & Vulnerability Management Be the primary owner of our ImmuneFi program - triaging, reproducing, and responding to incoming submissions daily Prioritize and track vulnerabilities through ...

AppSec SME

$60.25 - $80.25/hr

Monitor and track the Bug bounty vulnerabilities and remediation closure * Track the coverage of ... Manage the program and communicate with client team * Identify, manage risks and provide risks ...

Help run penetration testing, offensive security exercises, and support our bug bounty program. * Help respond to product security incidents. Anti-Abuse * Design and build technical systems to ...

We already run Drata for GRC, Infisical for secrets management, and a private bug bounty program via Bugcrowd. You are not starting from zero. * Autonomy and Ownership: You will have the visibility ...

next page

Showing results 1-20

Bug Bounty Program information

See salary details

$16

$49

$78

How much do bug bounty program jobs pay per hour?

As of Jul 17, 2026, the average hourly pay for bug bounty program in the United States is $49.60, according to ZipRecruiter salary data. Most workers in this role earn between $31.73 and $66.83 per hour, depending on experience, location, and employer.

What are some common challenges faced by professionals managing a Bug Bounty Program?

Professionals overseeing a Bug Bounty Program often encounter challenges such as efficiently triaging a high volume of vulnerability reports, ensuring clear communication with security researchers, and balancing quick response times with thorough investigation. Additionally, maintaining strong relationships with both internal development teams and external participants is crucial for program success. Staying updated on evolving security threats and continually refining program policies are ongoing responsibilities that require adaptability and collaboration.

What are the key skills and qualifications needed to thrive as a Bug Bounty Program participant, and why are they important?

To excel in a Bug Bounty Program, you need strong knowledge of cybersecurity fundamentals, vulnerability assessment, and web or software exploitation techniques, often backed by practical experience or certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Nmap, and Metasploit, as well as bug bounty platforms like HackerOne or Bugcrowd, is typically required. Critical thinking, persistence, and clear written communication are crucial soft skills for effectively identifying vulnerabilities and reporting them to organizations. These skills ensure you can discover security flaws efficiently, responsibly disclose them, and build a positive reputation in the cybersecurity community.

What is a Bug Bounty Program?

A Bug Bounty Program is an initiative offered by organizations that invites ethical hackers and security researchers to identify and report vulnerabilities in the company’s software, websites, or systems. Participants are typically rewarded with monetary compensation, recognition, or other incentives based on the severity of the bugs they find. These programs help organizations strengthen their security by leveraging the broader cybersecurity community, thus identifying issues before malicious hackers can exploit them. Bug bounty programs are widely used by tech companies to enhance security and build trust with users.

What is the difference between Bug Bounty Program vs Penetration Tester?

AspectBug Bounty ProgramPenetration Tester
CredentialsKnowledge of security vulnerabilities, bug reporting skillsCertifications like OSCP, CEH, CISSP often preferred
Work EnvironmentRemote, project-based, crowdsourcedConsulting firms, in-house teams, on-site or remote
Industry UsageTech companies, startups, open security initiativesSecurity firms, corporate security teams, government agencies
Search/Comparison IntentUnderstanding crowdsourced bug finding vs professional testingComparing freelance or company-based security assessments

The main difference is that Bug Bounty Programs are crowdsourced initiatives where individuals report vulnerabilities remotely, often without formal certifications. Penetration Testers are professionals with certifications who perform targeted security assessments, usually in a consulting or in-house setting. Both roles focus on identifying security flaws but differ in structure, credentials, and work environment.

More about Bug Bounty Program jobs
What cities are hiring for Bug Bounty Program jobs? Cities with the most Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Bug Bounty Program jobs? States with the most job openings for Bug Bounty Program jobs include:
What job categories do people searching Bug Bounty Program jobs look for? The top searched job categories for Bug Bounty Program jobs are:
Infographic showing various Bug Bounty Program job openings in the United States as of July 2026, with employment types broken down into 34% Locum Tenens, 28% Full Time, 2% Part Time, and 36% Summer. Highlights an 87% Physical, 1% Hybrid, and 12% Remote job distribution, with an average salary of $103,178 per year, or $49.6 per hour.
Member of Technical Staff (Software Engineer, Security)

Member of Technical Staff (Software Engineer, Security)

Perplexity

New York, NY • On-site, Remote

$220K - $405K/yr

Full-time

Re-posted 26 days ago


Job description

About the Role
Perplexity is seeking a hands-on Software Engineer to build and evolve the software, automations, and systems that power our security operations. This role focuses on engineering security tools and internal AI-driven agents that improve detection and response, vulnerability management, and the overall security posture of our products and infrastructure.
Responsibilities
  • Design, build, and maintain software and automation that improves our detection and response program, including alert enrichment, triage workflows, and investigation tooling.
  • Implement and enhance internal AI agents and security bots that assist with monitoring, investigations, reporting, and other security operation tasks.
  • Develop and operate systems and workflows that support the bug bounty and vulnerability disclosure program, including intake, triage, prioritization, and remediation tracking.
  • Partner with product and engineering teams to threat model new features and systems, propose mitigations, and add guardrails into designs and implementations.
  • Contribute to secure-by-default libraries, services, and patterns that make it easy for teams to build secure features.
  • Integrate security signals from cloud, endpoints, SaaS, and applications into cohesive pipelines and data models that support detection and analysis.
  • Build automation to reduce manual work in incident response, containment, and remediation.
  • Collaborate with security engineers and other software engineers to review designs and code, and to continuously improve our security tooling and platforms.

Qualifications
  • 4+ years of experience as a software engineer with significant time spent building security-related tools, platforms, or automations, or in a security engineering role with strong software development responsibilities.
  • Proficiency in at least one major programming language (such as Python, Go, or TypeScript) and experience building production services, CLIs, or internal tools.
  • Experience integrating with security-relevant systems such as logging pipelines, SIEMs, EDR, cloud APIs, or identity platforms.
  • Practical experience with threat modeling, secure design, or application security reviews for services or features.
  • Experience operating or contributing to bug bounty or vulnerability management programs is a plus.
  • Familiarity with cloud infrastructure (AWS preferred) and modern SaaS environments.
  • Ability to work closely with cross-functional teams, own projects end-to-end, and ship pragmatic, high-impact improvements.
  • Bonus: Experience designing or improving AI-powered agents or automation used for security operations.