The bug bounty program is an important pillar of this mission, acting as a critical line of defense ... Understand the root cause of security vulnerabilities to help product and engineering teams fix ...
The bug bounty program is an important pillar of this mission, acting as a critical line of defense ... Understand the root cause of security vulnerabilities to help product and engineering teams fix ...
Senior Vulnerability Engineer
$117K - $160K/yr
Keeper's cybersecurity software is trusted by millions of people and thousands of organizations ... Correlate red team, penetration testing, and bug bounty findings with vulnerability data to ...
Senior Vulnerability Engineer
$117K - $160K/yr
Keeper's cybersecurity software is trusted by millions of people and thousands of organizations ... Correlate red team, penetration testing, and bug bounty findings with vulnerability data to ...
Validate bug bounty vulnerabilities. * Translate business requirements into technical ... Bachelor's in Computer Science, Cybersecurity, or equivalent. * 5+ years in software development ...
Validate bug bounty vulnerabilities. * Translate business requirements into technical ... Bachelor's in Computer Science, Cybersecurity, or equivalent. * 5+ years in software development ...
Senior Cybersecurity Engineer
Houston, TX · On-site
$109K - $149K/yr
... a Senior Cybersecurity Engineer to implement and manage security controls across various ... bug bounty and responsible disclosure program, including vulnerability triage and researcher ...
Senior Cybersecurity Engineer
Houston, TX · On-site
$109K - $149K/yr
... a Senior Cybersecurity Engineer to implement and manage security controls across various ... bug bounty and responsible disclosure program, including vulnerability triage and researcher ...
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners ... Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners ... Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive ...
Software Engineer
San Francisco, CA · On-site
$150K - $300K/yr
Our team has lived at the intersection of AI and cybersecurity. Collectively, we've led security at ... About Us * CEO Jack Cable is a top-ranked bug bounty hunter who previously led Secure by Design at ...
Software Engineer
San Francisco, CA · On-site
$150K - $300K/yr
Our team has lived at the intersection of AI and cybersecurity. Collectively, we've led security at ... About Us * CEO Jack Cable is a top-ranked bug bounty hunter who previously led Secure by Design at ...
Our team has lived at the intersection of AI and cybersecurity. Collectively, we've led security at ... About Us * CEO Jack Cable is a top-ranked bug bounty hunter who previously led Secure by Design at ...
Our team has lived at the intersection of AI and cybersecurity. Collectively, we've led security at ... About Us * CEO Jack Cable is a top-ranked bug bounty hunter who previously led Secure by Design at ...
Senior Cybersecurity Engineer
Houston, TX · On-site
$105K - $145K/yr
... engineering, while partnering with IT and application teams to embed security into day-to-day ... Provide application security guidance and support the bug bounty and responsible disclosure program ...
Senior Cybersecurity Engineer
Houston, TX · On-site
$105K - $145K/yr
... engineering, while partnering with IT and application teams to embed security into day-to-day ... Provide application security guidance and support the bug bounty and responsible disclosure program ...
Senior Application Security Engineer
$117K - $160K/yr
The Senior Application Security Engineer will lead the development of security measures, ensuring ... bug bounty and third party pentests. • Mentor security analysts and security champions on ...
Senior Application Security Engineer
$117K - $160K/yr
The Senior Application Security Engineer will lead the development of security measures, ensuring ... bug bounty and third party pentests. • Mentor security analysts and security champions on ...
Senior Product Security Engineer
OR · On-site +1
The Role We're seeking a Senior Product Security Engineer who is passionate about building and ... Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ...
Senior Product Security Engineer
OR · On-site +1
The Role We're seeking a Senior Product Security Engineer who is passionate about building and ... Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ...
Sr. Application Security Engineer
Redmond, WA · On-site
$65.75 - $88/hr
In this role, you will assess security issues, provide design feedback to developers, and ensure customer data protection while monitoring bug bounty submissions. Responsibilities : • Design and ...
Sr. Application Security Engineer
Redmond, WA · On-site
$65.75 - $88/hr
In this role, you will assess security issues, provide design feedback to developers, and ensure customer data protection while monitoring bug bounty submissions. Responsibilities : • Design and ...
We are seeking an experienced Cyber Security Instructor/Trainer to deliver high-quality training in ... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH ...
Quick apply
We are seeking an experienced Cyber Security Instructor/Trainer to deliver high-quality training in ... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH ...
General Application
San Francisco, CA · On-site
... bug bounty hunter who previously led Secure by Design at CISA. * CTO Ashwin Ramaswami is an ... engineer who has built large-scale systems at Skiff, Caldera, and Nooks, and has published research ...
General Application
San Francisco, CA · On-site
... bug bounty hunter who previously led Secure by Design at CISA. * CTO Ashwin Ramaswami is an ... engineer who has built large-scale systems at Skiff, Caldera, and Nooks, and has published research ...
We are seeking an experienced Cyber Security Instructor/Trainer to deliver high-quality training in ... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH ...
Quick apply
We are seeking an experienced Cyber Security Instructor/Trainer to deliver high-quality training in ... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH ...
Member of Technical Staff (Software Engineer, Security)
New York, NY · On-site +1
$220K - $405K/yr
This role focuses on engineering security tools and internal AI-driven agents that improve ... Develop and operate systems and workflows that support the bug bounty and vulnerability disclosure ...
Member of Technical Staff (Software Engineer, Security)
New York, NY · On-site +1
$220K - $405K/yr
This role focuses on engineering security tools and internal AI-driven agents that improve ... Develop and operate systems and workflows that support the bug bounty and vulnerability disclosure ...
$45.25 - $60.50/hr
This role sits at the intersection of software engineering and cybersecurity, focusing on ... Accountabilities: * Own and manage bug bounty intake processes, including triaging reports ...
$45.25 - $60.50/hr
This role sits at the intersection of software engineering and cybersecurity, focusing on ... Accountabilities: * Own and manage bug bounty intake processes, including triaging reports ...
Senior Product Security Engineer
$117K - $160K/yr
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ... Proficiency in modern programming languages; experience with Ruby, TypeScript, and/or Rust is ...
Senior Product Security Engineer
$117K - $160K/yr
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ... Proficiency in modern programming languages; experience with Ruby, TypeScript, and/or Rust is ...
Security Engineer
New York, NY · On-site
About the Role: We're looking for a Security Engineer who is equally at home hardening a CI/CD pipeline, reviewing a change to the authentication system on the backend, and triaging a bug bounty ...
Security Engineer
New York, NY · On-site
About the Role: We're looking for a Security Engineer who is equally at home hardening a CI/CD pipeline, reviewing a change to the authentication system on the backend, and triaging a bug bounty ...
Cyber Security Bug Bounty Engineer information
See salary details
$40.5K - $53.2K
0% of jobs
$53.2K - $65.9K
0% of jobs
$65.9K - $78.5K
4% of jobs
$78.5K - $91.2K
9% of jobs
$103.4K is the 25th percentile. Wages below this are outliers.
$91.2K - $103.9K
13% of jobs
$103.9K - $116.6K
20% of jobs
The median wage is $120K / yr.
$116.6K - $129.3K
16% of jobs
$139.2K is the 75th percentile. Wages above this are outliers.
$129.3K - $142K
17% of jobs
$142K - $154.6K
12% of jobs
$154.6K - $167.3K
6% of jobs
$167.3K - $180K
3% of jobs
$40.5K
$122.9K
$180K
How much do cyber security bug bounty engineer jobs pay per year?
As of Jun 8, 2026, the average yearly pay for cyber security bug bounty engineer in the United States is $122,890.00, according to ZipRecruiter salary data. Most workers in this role earn between $102,000.00 and $142,000.00 per year, depending on experience, location, and employer.
What is the difference between Cyber Security Bug Bounty Engineer vs Penetration Tester?
| Aspect | Cyber Security Bug Bounty Engineer | Penetration Tester |
|---|---|---|
| Certifications | CEH, OSCP, CISSP | CEH, OSCP, CPT, CISSP |
| Work Environment | Independent, remote, crowdsourced programs | In-house or consulting, controlled environments |
| Employer & Industry | Tech companies, cybersecurity firms, open bug bounty platforms | Security firms, consulting agencies, internal security teams |
While both roles focus on identifying security vulnerabilities, a Cyber Security Bug Bounty Engineer primarily participates in external, crowdsourced bug bounty programs, often working independently. In contrast, a Penetration Tester typically works within organizations or consulting firms, conducting controlled security assessments. Both roles require similar certifications and skills but differ mainly in work environment and scope.
Job description
Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
- Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program
- Communicate clearly and effectively with security researchers to follow up on unclear reports, drive report clarity, and increase engagement with top hackers
- Understand the root cause of security vulnerabilities to help product and engineering teams fix them, and advise on the right mitigation strategies
- Drive the lifecycle of submissions through to resolution, coordinating with product and engineering stakeholders
- Act as the security bridge between external researchers and internal teams to facilitate rapid and effective remediation
- Conduct in-depth data analysis on bug reports and vulnerability patterns to identify systemic risks and inform new security initiatives
- Provide tactical support for vulnerability management triage processes to augment the team as needed
- Prepare and implement improvements to the overall bug bounty program
- Provide feedback and requirements for tool development to enhance triage and security workflows, leveraging opportunities for automation
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- Proven ability to follow bug reports and accurately triage security vulnerabilities
- Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs)
- Competent in offensive security tools (e.g., Burp Suite, custom scripting)
- Ability to think like an attacker to understand the impact of vulnerabilities
- Proficient in clear communication, conveying technical concepts to various stakeholders
- Experience in one of the following areas
- Bug bounty program or triaging security vulnerability reports
- Knowledge of Stripe products and general security expertise
- Experience in technical support, operations, or similar roles with technical systems exposure
- Prior participation in or experience with bug bounty programs
- Experience analyzing source code for security vulnerabilities
- Proficiency in scripting languages (e.g., Python, Ruby) for automation
- Familiarity with cloud-based services (e.g., AWS, GCP)
- Certifications such as OSWA or BSCP
About Stripe
Sourced by ZipRecruiter
Industry
Software development
Company size
1,001 - 5,000 Employees
Headquarters location
San Francisco, CA, US
Year founded
2010