2

Entry Level Bug Bounty Program Jobs in California

Hands-on experience in offensive security (eg, through bug bounty programs or CTFs) The salary range for this role is $160,000 - $240,000. The salary for this position is determined based on a ...

SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...

Analyze vendor penetration test reports, vulnerability scan results, and bug bounty program outcomes to identify residual risk exposure. * Assess vendor DevSecOps maturity, including secure SDLC ...

... bug bounty programs, or internal testing • Contribute to maintaining documentation for secure ... Experience with security testing tools * Entry-level certifications such as Security+, eJPT, or ...

Apply Early

Application Security Engineer

Long Beach, CA · On-site +1

$108K - $140K/yr

... bug bounty programs, or internal testing • Contribute to maintaining documentation for secure ... Experience with security testing tools * Entry-level certifications such as Security+, eJPT, or ...

Entry Level Bug Bounty Program information

What is the difference between Entry Level Bug Bounty Program vs Entry Level Penetration Tester?

AspectEntry Level Bug Bounty ProgramEntry Level Penetration Tester
CredentialsBasic cybersecurity knowledge, certifications like CompTIA Security+Similar certifications, possibly more technical training
Work EnvironmentRemote, freelance, or platform-basedOften in-house or consulting firms, some remote options
Industry UsageWidely used in tech and cybersecurity sectorsCommon in security consulting and IT firms
Search & Comparison IntentFocus on crowdsourced vulnerability discoveryFocus on simulated or real-world security testing

While both roles involve cybersecurity skills, an Entry Level Bug Bounty Program typically involves participating in online platforms to find vulnerabilities remotely, often on a freelance basis. An Entry Level Penetration Tester conducts more structured security assessments, often within organizations or consulting firms. Both require foundational cybersecurity knowledge, but their work environments and approaches differ significantly.

What does entry mean?

In the context of an entry level bug bounty program, 'entry' typically refers to the starting level of participation, suitable for individuals with limited experience in cybersecurity or bug hunting. It indicates that the program is designed for beginners and may require basic knowledge of web security, common vulnerabilities, and testing tools. Participants often do not need advanced certifications and can learn on the job while developing their skills.

What is called entry?

In the context of an entry-level bug bounty program, 'entry' refers to the starting point for individuals new to cybersecurity or bug hunting. It typically involves basic skills such as understanding web applications, using testing tools, and following program guidelines to identify security vulnerabilities. Entry-level roles often require minimal prior experience and may offer training or mentorship opportunities.

Is it entry or entery?

The correct term for starting a career in a bug bounty program is 'entry level,' not 'entery.' Entry level positions typically require minimal experience and are suitable for beginners interested in cybersecurity and bug bounty hunting. There is no job title called 'entery' in this context.

What is the synonym of entry?

In the context of an entry level bug bounty program, the synonym of 'entry' is 'beginning' or 'initial,' referring to the starting position or beginner level. These roles typically require minimal experience and focus on learning and developing skills in cybersecurity and vulnerability testing.
What are the most commonly searched types of Bug Bounty Program jobs in California? The most popular types of Bug Bounty Program jobs in California are:
What are popular job titles related to Entry Level Bug Bounty Program jobs in California? For Entry Level Bug Bounty Program jobs in California, the most frequently searched job titles are:
What job categories do people searching Entry Level Bug Bounty Program jobs in California look for? The top searched job categories for Entry Level Bug Bounty Program jobs in California are:
Product Security Engineer (PSIRT - Product Security Incident Response Team)

Product Security Engineer (PSIRT - Product Security Incident Response Team)

Replit

Foster City, CA • On-site

$180K - $325K/yr

Full-time

Medical, Dental, Vision, Life, Retirement

Posted 15 days ago


Job description

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.
About the Role
We are looking for a highly skilled PSIRT Engineer to lead the vulnerability response program for Replit's cloud-native AI platform. You will own the lifecycle of security vulnerabilities affecting our products and services-from intake to validation, remediation coordination, and public disclosure.
This role requires strong technical ability to reproduce vulnerabilities, deep understanding of web/app/cloud exploit classes, and experience operating bug bounty and coordinated disclosure programs. You will work closely with Engineering, Cloud Security, SecOps, SRE, and IT teams to ensure vulnerabilities are fixed quickly and communicated responsibly.
What You'll Do
Vulnerability Intake, Triage & Validation
  • Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels.
  • Independently validate, reproduce, severity-score, and document findings.
  • Identify duplicates and maintain a clean vulnerability records pipeline.
  • Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC).
Remediation Coordination & SLA Management
  • Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation.
  • Provide detailed reproduction steps, proof-of-concepts, and technical analyses.
  • Track SLAs, remediation progress, regression testing, and systemic improvements.
  • Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance.
Bug Bounty & Vulnerability Disclosure Program Management
  • Design and evolve the bug bounty program, including scope, rules, and reward structures.
  • Manage platform selection, private vs. public launches, and community engagement.
  • Communicate clearly with researchers, provide clarifications, and handle feedback or disputes.
  • Determine reward payouts, bonus decisions, and recognition for top contributors.
Coordinated Disclosure & CVE Management
  • Lead the coordinated vulnerability disclosure process for internal and external findings.
  • Negotiate disclosure timelines with researchers and partners.
  • Coordinate CVE assignments and publications, and prepare customer/public advisories.

Required Skills
  • Experience running or triaging for bug bounty programs (HackerOne ideally).
  • Strong ability to triage, validate, and reproduce vulnerabilities independently.
  • Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc.
  • Familiarity with cloud platforms (GCP preferred) and SaaS architectures.
  • Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals.

Nice to Have
  • Scripting or automation experience (Python, Go, Bash).
  • Pentesting background or exposure to offensive security work.
  • Familiarity with compliance frameworks such as SOC 2 and ISO 27001.
  • Experience authoring public advisories or CVE writeups.
  • Hands-on experience with SIEM, Cloud Logging, and investigative tooling.

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.
Full-Time Employee Benefits Include:
Competitive Salary & Equity
401(k) Program with a 4% match (US Only)
Health, Dental, Vision and Life Insurance
Short Term and Long Term Disability
Paid Parental, Medical, Caregiver Leave
Flexible Time Off (FTO) + Holidays
Commuter Benefits (In-Office Only)
Monthly Wellness Stipend
Autonomous Work Environment
In Office Set-Up Reimbursement (In-Office Only)
Quarterly Team Gatherings
In Office Amenities (In-Office Only)
Want to learn more about what we are up to?
  • Meet the Replit Agent
  • Replit: Make an app for that
  • Replit Blog
  • Amjad TED Talk

Interviewing + Culture at Replit
  • Operating Principles
  • Reasons not to work at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.