1

Bug Finding Jobs in California (NOW HIRING)

Lead Application Security Engineer

San Francisco, CA ยท On-site

$69.25 - $92.50/hr

... tests, bug bounty programs, or responsible disclosure programs end to end. โ€ข Track record of ... You can write a Slack post that engineers actually want to read, a finding writeup that's genuinely ...

A proven track record of finding critical vulnerabilities (via bug bounties, VDPs, or professional engagements) paired with the analytical, defensive mindset required to hunt threats and isolate ...

Member of Technical Staff, QA

San Francisco, CA ยท On-site

$180K - $280K/yr

Self-directed: you read the PR, open the product, and start finding what's broken without waiting for a spec. * Strong written communication, especially in bug reports and test plans. * Customer ...

next page

Showing results 1-20

Bug Finding information

See California salary details

$22

$52

$79

How much do bug finding jobs pay per hour?

As of Jul 17, 2026, the average hourly pay for bug finding in California is $52.02, according to ZipRecruiter salary data. Most workers in this role earn between $44.38 and $58.85 per hour, depending on experience, location, and employer.

Can you make money bug hunting?

Bug finding, or security testing, can be a paid profession where individuals identify vulnerabilities in software or websites. Many companies offer bug bounty programs that pay researchers for discovering security flaws, often based on the severity of the bug and verified reports. Successful bug hunters typically need technical skills, knowledge of security tools, and sometimes certifications to earn money through this work.

What are the typical challenges faced by someone working in Bug Finding, and how can they overcome them?

Professionals in Bug Finding often encounter challenges such as identifying elusive or intermittent bugs, reproducing issues accurately, and prioritizing defects based on their impact. Staying up-to-date with rapidly evolving technologies and learning new testing tools can also be demanding. Overcoming these challenges involves cultivating strong problem-solving skills, staying engaged with industry best practices, and collaborating closely with development teams for efficient troubleshooting. Continuous learning and open communication are key to ensuring both individual success and the delivery of reliable software products.

Does Google pay for finding bugs?

Google offers a Vulnerability Reward Program that pays security researchers and bug finders for discovering and responsibly reporting security vulnerabilities in their products. Payments vary based on the severity and impact of the bug, with rewards ranging from hundreds to thousands of dollars. Participants typically need to follow specific submission guidelines and have technical skills in security testing and bug reporting.

What jobs pay $500,000 a year in the US?

High-paying roles related to bug finding or cybersecurity, such as senior security engineers, penetration testers, or cybersecurity consultants, can reach or exceed $500,000 annually with extensive experience, specialized skills, and certifications like CISSP or OSCP. These positions often involve working in large organizations, government agencies, or consulting firms and may include bonuses or profit sharing that contribute to total compensation.

What are the key skills and qualifications needed to thrive in the Bug Finding position, and why are they important?

To thrive in a Bug Finding role, strong analytical thinking, attention to detail, and proficiency in programming languages and software testing methodologies are essential, often supported by a background in computer science or related fields. Familiarity with tools like Selenium, JIRA, Bugzilla, and knowledge of common debugging and automation frameworks is highly valued, and certifications such as ISTQB can be advantageous. Persistence, effective communication, and problem-solving abilities help professionals collaborate with developers and relay findings clearly. These competencies ensure that software products are thoroughly evaluated, resulting in higher quality releases and enhanced user satisfaction.

What jobs deal with bugs?

Jobs that deal with bugs include software testers, quality assurance analysts, and software developers who perform debugging to identify and fix errors in code. These roles often require knowledge of programming languages, testing tools, and attention to detail to ensure software functions correctly before release.

What is a Bug Finding job?

A Bug Finding job involves identifying, analyzing, and reporting software defects that may impact functionality, security, or user experience. Professionals in this role use manual testing, automated tools, and debugging techniques to uncover issues in applications or systems. They often work closely with developers and QA teams to ensure software quality and reliability. Effective bug finding helps companies maintain smooth operations, improve user satisfaction, and prevent costly errors.

What are the most commonly searched types of Bug Finding jobs in California? The most popular types of Bug Finding jobs in California are:
What are popular job titles related to Bug Finding jobs in California? For Bug Finding jobs in California, the most frequently searched job titles are:
What job categories do people searching Bug Finding jobs in California look for? The top searched job categories for Bug Finding jobs in California are:
Infographic showing various Bug Finding job openings in California as of July 2026, with employment types broken down into 17% Locum Tenens, 74% Full Time, 5% Part Time, 1% Temporary, and 3% Contract. Highlights an 84% Physical, 3% Hybrid, and 13% Remote job distribution, with an average salary of $108,199 per year, or $52 per hour.
Lead Application Security Engineer

Lead Application Security Engineer

Ivo

San Francisco, CA โ€ข On-site

$69.25 - $92.50/hr

Full-time

Re-posted 4 days ago


Job description

Job Summary:
Ivo is building the AI contract intelligence platform of choice for major companies like Uber and Meta. They are seeking a Lead Application Security Engineer to own the security of the Ivo platform, ensuring the protection of sensitive contracts through hands-on testing, code review, and security program management.
Responsibilities:
โ€ข Own application security across Ivo's web app, API surface, and the systems behind them.
โ€ข Find and fix bugs. Hunt for vulnerabilities in our own product through hands-on testing, code review, and offensive-minded experimentation, and partner with engineers to ship the fix.
โ€ข Lead manual code review for security-sensitive changes: authentication, authorization, multi-tenancy, integrations, and customer data handling.
โ€ข Run threat modeling with engineering as new features and products are designed, across the full product surface including LLM and agent components.
โ€ข Manage our pen test program and ad-hoc engagements end to end. Scope work, manage vendors, triage findings, and drive remediation to closure with engineering.
โ€ข Run our responsible disclosure program, including researcher communications, validation, payments, and ongoing relationships with trusted external researchers.
โ€ข Build and maintain our application security tooling: SAST, DAST, SCA, secrets detection, and IaC scanning, with a strong bias toward signal over noise.
โ€ข Embed security into the SDLC: PR-time checks, security champions, design review gates, and secure-by-default patterns engineers actually want to use.
โ€ข Conduct deep reviews of identity and access surfaces (Firebase Auth, WorkOS, SSO, SAML, SCIM, RBAC) and partner with product on customer-facing security features.
โ€ข Investigate suspected security issues and lead application-layer incident response alongside engineering.
โ€ข Contribute application security input to enterprise security reviews, SOC 2 Type II, ISO 27001, ISO 42001, and customer-facing trust documentation.
โ€ข Mentor engineers on secure coding and be the go-to expert when teams have a security question.
Qualifications:
Required:
โ€ข 4+ years in application security, product security, or offensive security at a SaaS company, including time owning security for a production platform.
โ€ข Strong hands-on web application pen testing skills. You can find real bugs in real code, not just run scanners.
โ€ข Deep experience reviewing code in TypeScript / Node and Python. You're comfortable reading and writing code, not just reviewing it.
โ€ข Strong background in web application security: OWASP Top 10, auth and authorization design (OAuth, OIDC, SAML, SSO), multi-tenant isolation, and modern API security.
โ€ข Practical experience with cloud security in GCP and Azure, plus container and Kubernetes security (AKS or similar).
โ€ข Experience managing pen tests, bug bounty programs, or responsible disclosure programs end to end.
โ€ข Track record of partnering with engineering rather than blocking them. You ship paved roads, not tickets.
โ€ข Excellent written communication. You can write a Slack post that engineers actually want to read, a finding writeup that's genuinely actionable, and a security review that an enterprise prospect respects.
โ€ข A strong internal sense of urgency and a bias toward shipping today rather than tomorrow.
Preferred:
โ€ข Experience securing AI / LLM features in production: prompt injection defenses, agent guardrails, and AI-specific threat modeling.
โ€ข Series B or earlier experience where you built or scaled a security function from limited scaffolding.
โ€ข OSCP, OSWE, or comparable hands-on offensive security credentials.
โ€ข CVE credit, published research, or contributions to open-source security tooling.
โ€ข Experience designing security as customer-facing product (SSO domain verification, SCIM, IP allowlisting, audit logging, RBAC).
โ€ข Background supporting enterprise customers in regulated industries.
Company:
Ivo is an AI-powered contract intelligence platform helping enterprise legal teams streamline contract review and negotiation processes. Founded in 2021, the company is headquartered in San Francisco, USA, with a team of 51-200 employees. The company is currently Growth Stage.