The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system." What you'll do We seek a highly technical and detail-oriented ...
The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system." What you'll do We seek a highly technical and detail-oriented ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Bug Bounty & Vulnerability Disclosure Program Management * Design and evolve the bug bounty program, including scope, rules, and reward structures. * Manage platform selection, private vs. public ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Bug Bounty & Vulnerability Disclosure Program Management * Design and evolve the bug bounty program, including scope, rules, and reward structures. * Manage platform selection, private vs. public ...
SOC Engineer
Foster City, CA · On-site
$180K - $250K/yr
Experience working with bug bounty programs or coordinated vulnerability disclosure workflows. * Experience in fast-paced, cloud-native, or AI/ML-driven environments. What We Value * Curiosity ...
SOC Engineer
Foster City, CA · On-site
$180K - $250K/yr
Experience working with bug bounty programs or coordinated vulnerability disclosure workflows. * Experience in fast-paced, cloud-native, or AI/ML-driven environments. What We Value * Curiosity ...
Preferred : • Published security research, CVEs, or notable bug bounty findings. • Strong CTF ... program analysis tools. • Experience with ML for code or security. • You have built complex ...
New
Preferred : • Published security research, CVEs, or notable bug bounty findings. • Strong CTF ... program analysis tools. • Experience with ML for code or security. • You have built complex ...
New
Senior Application Security Engineer
San Francisco, CA · On-site
$160K - $240K/yr
Hands-on experience in offensive security (eg, through bug bounty programs or CTFs) The salary range for this role is $160,000 - $240,000. The salary for this position is determined based on a ...
Senior Application Security Engineer
San Francisco, CA · On-site
$160K - $240K/yr
Hands-on experience in offensive security (eg, through bug bounty programs or CTFs) The salary range for this role is $160,000 - $240,000. The salary for this position is determined based on a ...
AppSec SME
$60.25 - $80.25/hr
Monitor and track the Bug bounty vulnerabilities and remediation closure * Track the coverage of ... Manage the program and communicate with client team * Identify, manage risks and provide risks ...
AppSec SME
$60.25 - $80.25/hr
Monitor and track the Bug bounty vulnerabilities and remediation closure * Track the coverage of ... Manage the program and communicate with client team * Identify, manage risks and provide risks ...
SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...
SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...
SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...
SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...
SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...
SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...
Archon Labs - Blockchain Developer
San Francisco, CA · On-site +1
Experience with formal verification, bug bounty programs, or audit coordination. * Familiarity with time-series and relational data models. * Exposure to infrastructure basics such as containers and ...
Archon Labs - Blockchain Developer
San Francisco, CA · On-site +1
Experience with formal verification, bug bounty programs, or audit coordination. * Familiarity with time-series and relational data models. * Exposure to infrastructure basics such as containers and ...
Software Engineer, Security
San Francisco, CA · On-site
$180K - $300K/yr
SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...
Software Engineer, Security
San Francisco, CA · On-site
$180K - $300K/yr
SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...
Relocate to SF: Software Engineer, Security
San Francisco, CA · On-site
$180K - $300K/yr
SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...
Relocate to SF: Software Engineer, Security
San Francisco, CA · On-site
$180K - $300K/yr
SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...
SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...
SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...
Senior Engineer, Application Security
Jacksonville, FL · On-site
$54.25 - $72.50/hr
... bug bounty programs. * Developer Education - Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via ...
Senior Engineer, Application Security
Jacksonville, FL · On-site
$54.25 - $72.50/hr
... bug bounty programs. * Developer Education - Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via ...
We are seeking an Entry-Level Penetration Tester (Junior Pentester) to support our cybersecurity ... Participation in CTFs (Capture the Flag) or bug bounty programs * Familiarity with cloud ...
We are seeking an Entry-Level Penetration Tester (Junior Pentester) to support our cybersecurity ... Participation in CTFs (Capture the Flag) or bug bounty programs * Familiarity with cloud ...
Senior Engineer, Application Security
$54.50 - $72.75/hr
... bug bounty programs. * Developer Education - Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via ...
Senior Engineer, Application Security
$54.50 - $72.75/hr
... bug bounty programs. * Developer Education - Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via ...
You'll bring depth in security fundamentals and program design as a member of a small, high ... Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team's work demands.
You'll bring depth in security fundamentals and program design as a member of a small, high ... Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team's work demands.
Senior / Staff Security Engineer, Red Team
New York, NY · On-site
$200K - $300K/yr
Run our Hackerone bug bounty program. * Talk to Radar customers and prospects, hear their feedback, incorporate it into your work and make them successful. You should: * Have experience working on ...
Senior / Staff Security Engineer, Red Team
New York, NY · On-site
$200K - $300K/yr
Run our Hackerone bug bounty program. * Talk to Radar customers and prospects, hear their feedback, incorporate it into your work and make them successful. You should: * Have experience working on ...
Product Manager
Washington, DC · On-site
Projects include reforming digital services that provide military families access to critical benefits, running bug bounty programs to identify vulnerabilities and better secure defense systems ...
Product Manager
Washington, DC · On-site
Projects include reforming digital services that provide military families access to critical benefits, running bug bounty programs to identify vulnerabilities and better secure defense systems ...
Projects include reforming digital services that provide military families access to critical benefits, running bug bounty programs to identify vulnerabilities and better secure defense systems ...
Projects include reforming digital services that provide military families access to critical benefits, running bug bounty programs to identify vulnerabilities and better secure defense systems ...
Entry Level Bug Bounty Program information
See salary details
$16.35 - $22.01
6% of jobs
$22.01 - $27.67
14% of jobs
$31.30 is the 25th percentile. Wages below this are outliers.
$27.67 - $33.33
7% of jobs
$33.33 - $38.99
1% of jobs
$38.99 - $44.65
13% of jobs
The median wage is $47.88 / hr.
$44.65 - $50.31
15% of jobs
$50.31 - $55.97
3% of jobs
$55.97 - $61.63
9% of jobs
$65.30 is the 75th percentile. Wages above this are outliers.
$61.63 - $67.29
11% of jobs
$67.29 - $72.95
15% of jobs
$72.95 - $78.61
6% of jobs
$16
$49
$78
How much do entry level bug bounty program jobs pay per hour?
As of Jun 15, 2026, the average hourly pay for entry level bug bounty program in the United States is $49.60, according to ZipRecruiter salary data. Most workers in this role earn between $31.73 and $66.83 per hour, depending on experience, location, and employer.
What is the difference between Entry Level Bug Bounty Program vs Entry Level Penetration Tester?
| Aspect | Entry Level Bug Bounty Program | Entry Level Penetration Tester |
|---|---|---|
| Credentials | Basic cybersecurity knowledge, certifications like CompTIA Security+ | Similar certifications, possibly more technical training |
| Work Environment | Remote, freelance, or platform-based | Often in-house or consulting firms, some remote options |
| Industry Usage | Widely used in tech and cybersecurity sectors | Common in security consulting and IT firms |
| Search & Comparison Intent | Focus on crowdsourced vulnerability discovery | Focus on simulated or real-world security testing |
While both roles involve cybersecurity skills, an Entry Level Bug Bounty Program typically involves participating in online platforms to find vulnerabilities remotely, often on a freelance basis. An Entry Level Penetration Tester conducts more structured security assessments, often within organizations or consulting firms. Both require foundational cybersecurity knowledge, but their work environments and approaches differ significantly.
Will Facebook pay $500 if you find a bug in their code?
As an entry level bug bounty program participant, Facebook's bug bounty rewards vary depending on the severity and impact of the vulnerability discovered. While some bugs may be rewarded with hundreds or thousands of dollars, there is no fixed $500 payout for all bugs, and rewards are determined by Facebook's security team based on the quality of the report. Participants should review Facebook's bug bounty program guidelines on platforms like HackerOne for specific payout details.
How to start a career in bug bounty?
To start a career in bug bounty programs, learn cybersecurity fundamentals, web and application security, and familiarize yourself with common vulnerabilities like those listed in the OWASP Top Ten. Develop skills in using tools such as Burp Suite, Wireshark, and vulnerability scanners, and participate in platforms like HackerOne or Bugcrowd to practice and build a reputation. Earning relevant certifications like the OSCP or CEH can also enhance your credibility in the field.
How to get started with bug bounty programs?
To get started with bug bounty programs as an entry-level security researcher, familiarize yourself with common web vulnerabilities such as SQL injection and cross-site scripting, and learn to use tools like Burp Suite and OWASP ZAP. Review program rules on platforms like HackerOne or Bugcrowd, and practice testing on intentionally vulnerable applications to build skills and understanding of responsible disclosure.
How much can a beginner earn from bug bounty?
Entry level bug bounty hunters can earn from a few hundred to several thousand dollars per bug, depending on the severity and impact of the vulnerability. Beginners typically start with smaller payouts but can increase earnings as they gain skills, experience, and reputation in the bug bounty community. Consistent participation and knowledge of security tools improve earning potential over time.
More about Entry Level Bug Bounty Program jobs
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Entry Level Bug Bounty Program jobs? States with the most job openings for Entry Level Bug Bounty Program jobs include:
What job categories do people searching Entry Level Bug Bounty Program jobs look for? The top searched job categories for Entry Level Bug Bounty Program jobs are:
Job description
Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
- Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program
- Communicate clearly and effectively with security researchers to follow up on unclear reports, drive report clarity, and increase engagement with top hackers
- Understand the root cause of security vulnerabilities to help product and engineering teams fix them, and advise on the right mitigation strategies
- Drive the lifecycle of submissions through to resolution, coordinating with product and engineering stakeholders
- Act as the security bridge between external researchers and internal teams to facilitate rapid and effective remediation
- Conduct in-depth data analysis on bug reports and vulnerability patterns to identify systemic risks and inform new security initiatives
- Provide tactical support for vulnerability management triage processes to augment the team as needed
- Prepare and implement improvements to the overall bug bounty program
- Provide feedback and requirements for tool development to enhance triage and security workflows, leveraging opportunities for automation
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- Proven ability to follow bug reports and accurately triage security vulnerabilities
- Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs)
- Competent in offensive security tools (e.g., Burp Suite, custom scripting)
- Ability to think like an attacker to understand the impact of vulnerabilities
- Proficient in clear communication, conveying technical concepts to various stakeholders
- Experience in one of the following areas
- Bug bounty program or triaging security vulnerability reports
- Knowledge of Stripe products and general security expertise
- Experience in technical support, operations, or similar roles with technical systems exposure
- Prior participation in or experience with bug bounty programs
- Experience analyzing source code for security vulnerabilities
- Proficiency in scripting languages (e.g., Python, Ruby) for automation
- Familiarity with cloud-based services (e.g., AWS, GCP)
- Certifications such as OSWA or BSCP
About Stripe
Sourced by ZipRecruiter
Industry
Software development
Company size
1,001 - 5,000 Employees
Headquarters location
San Francisco, CA, US
Year founded
2010