The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system." What you'll do We seek a highly technical and detail-oriented ...
The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system." What you'll do We seek a highly technical and detail-oriented ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Bug Bounty & Vulnerability Disclosure Program Management * Design and evolve the bug bounty program, including scope, rules, and reward structures. * Manage platform selection, private vs. public ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Bug Bounty & Vulnerability Disclosure Program Management * Design and evolve the bug bounty program, including scope, rules, and reward structures. * Manage platform selection, private vs. public ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $500K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $500K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
Senior Product Security Engineer
OR · On-site +1
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
Senior Product Security Engineer
OR · On-site +1
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
Senior Vulnerability Engineer
$117K - $160K/yr
You will also support offensive security initiatives, including penetration testing, red teaming, and bug bounty programs, ensuring findings are actionable and embedded into engineering workflows.
Senior Vulnerability Engineer
$117K - $160K/yr
You will also support offensive security initiatives, including penetration testing, red teaming, and bug bounty programs, ensuring findings are actionable and embedded into engineering workflows.
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
Vulnerability Response Manager - Apple Information Security
Austin, TX · On-site
$208K - $313K/yr
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
Vulnerability Response Manager - Apple Information Security
Austin, TX · On-site
$208K - $313K/yr
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
Vulnerability Response Manager - Apple Information Security
Austin, TX · On-site
$208K - $313K/yr
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
Vulnerability Response Manager - Apple Information Security
Austin, TX · On-site
$208K - $313K/yr
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
Senior Product Security Engineer
$117K - $160K/yr
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
Senior Product Security Engineer
$117K - $160K/yr
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
Partner cross-functionally with Product Engineering, Legal, Security Engineering Platform, Data teams and XFN partners to execute rigorous, agent enabled cross-brand Bug Bounty Program, Penetration ...
Partner cross-functionally with Product Engineering, Legal, Security Engineering Platform, Data teams and XFN partners to execute rigorous, agent enabled cross-brand Bug Bounty Program, Penetration ...
Senior Application Security Engineer (Offensive / Red Team)
$117K - $160K/yr
Bug Bounty Program Management: Manage the bug bounty program end to end - triage, impact assessment, risk scoring (CVSS), locating vulnerable code, providing mitigation guidance, thorough re-testing ...
Senior Application Security Engineer (Offensive / Red Team)
$117K - $160K/yr
Bug Bounty Program Management: Manage the bug bounty program end to end - triage, impact assessment, risk scoring (CVSS), locating vulnerable code, providing mitigation guidance, thorough re-testing ...
Head of Security
San Francisco, CA · On-site
... Bug Bounty Program • Implement security controls across Merge, from infrastructure to CI • Implement and run manual and automated security practices to mitigate vulnerabilities • Assist with ...
Head of Security
San Francisco, CA · On-site
... Bug Bounty Program • Implement security controls across Merge, from infrastructure to CI • Implement and run manual and automated security practices to mitigate vulnerabilities • Assist with ...
Senior Cybersecurity Engineer
Houston, TX · On-site
$109K - $149K/yr
... the bug bounty and responsible disclosure program, including vulnerability triage and researcher communications. • Evaluate AI-powered tools and agentic AI platforms from a security perspective ...
Senior Cybersecurity Engineer
Houston, TX · On-site
$109K - $149K/yr
... the bug bounty and responsible disclosure program, including vulnerability triage and researcher communications. • Evaluate AI-powered tools and agentic AI platforms from a security perspective ...
Penetration Tester
San Francisco, CA · On-site
Experience in Red Teaming and bug bounty programs preferred Ideal Candidate: * 5-8 years of security testing experience * Proven ability to mentor teams and implement enterprise security solutions
Quick apply
Penetration Tester
San Francisco, CA · On-site
Experience in Red Teaming and bug bounty programs preferred Ideal Candidate: * 5-8 years of security testing experience * Proven ability to mentor teams and implement enterprise security solutions
Principal Product Security Engineer
New York, NY · On-site
$190K - $220K/yr
Triage and drive to remediation submissions from our external bug bounty program * Participate in our security incident response process * Make recommendations to external teams and stakeholders ...
Principal Product Security Engineer
New York, NY · On-site
$190K - $220K/yr
Triage and drive to remediation submissions from our external bug bounty program * Participate in our security incident response process * Make recommendations to external teams and stakeholders ...
Senior Security Engineer - Automation
OR · Remote
$117K - $160K/yr
We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...
Quick apply
Senior Security Engineer - Automation
OR · Remote
$117K - $160K/yr
We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...
Freelance Bug Bounty Program information
See salary details
$9.38 - $14.79
1% of jobs
$16.15 is the 25th percentile. Wages below this are outliers.
$14.79 - $20.21
96% of jobs
$20.21 - $25.63
2% of jobs
$25.63 - $31.05
0% of jobs
$31.05 - $36.47
1% of jobs
$36.47 - $41.89
0% of jobs
$41.89 - $47.31
0% of jobs
$47.31 - $52.73
0% of jobs
$52.73 - $58.15
0% of jobs
$58.15 - $63.57
0% of jobs
$63.57 - $68.99
0% of jobs
$9
$22
$68
How much do freelance bug bounty program jobs pay per hour?
As of Jun 14, 2026, the average hourly pay for freelance bug bounty program in the United States is $22.97, according to ZipRecruiter salary data. Most workers in this role earn between $18.75 and $18.75 per hour, depending on experience, location, and employer.
How much will Apple pay you if you find a bug?
As a bug bounty hunter participating in Apple's bug bounty program, rewards can range from a few thousand dollars to over $100,000 for critical vulnerabilities. The payout depends on the severity and impact of the bug, with Apple offering higher rewards for more significant security flaws. Participants typically need technical skills, knowledge of security testing, and adherence to program rules to qualify for payments.
What are freelance bug bounty programs?
Freelance bug bounty programs are initiatives run by companies or platforms that invite independent security researchers—often called ethical hackers—to identify and report vulnerabilities in their software or systems. Participants work on a freelance basis, choosing which programs to join and which vulnerabilities to hunt for, and are typically rewarded with monetary payouts or recognition for valid findings. This model helps organizations discover and fix security issues before they can be exploited maliciously, while providing freelancers with income and experience in cybersecurity. Anyone with the necessary skills can participate, making it a flexible career or side job for security enthusiasts.
Will Facebook pay $500 if you find a bug in their code?
As a freelance bug bounty hunter, you can earn rewards like $500 or more for discovering valid security vulnerabilities in Facebook's code through their bug bounty program. Payment amounts vary depending on the severity and impact of the bug, and participating requires following specific submission guidelines and having technical skills in security testing. Not all bugs qualify for rewards, and programs often have minimum payout thresholds.
What are the key skills and qualifications needed to thrive as a Freelance Bug Bounty Hunter, and why are they important?
To thrive as a Freelance Bug Bounty Hunter, you need a solid understanding of web application security, programming/scripting languages, and vulnerability assessment methodologies—often demonstrated by hands-on experience or certifications like OSCP. Familiarity with tools such as Burp Suite, Nmap, Metasploit, and various bug bounty platforms is essential for effective testing and reporting. Standout soft skills include analytical thinking, persistence, attention to detail, and clear written communication for submitting thorough vulnerability reports. These skills are crucial for identifying and responsibly disclosing security flaws, earning rewards, and building a strong reputation in the cybersecurity community.
What are some common challenges faced by freelancers participating in bug bounty programs, and how can they be overcome?
Freelancers in bug bounty programs often face challenges such as intense competition from other researchers, staying updated with the latest security vulnerabilities, and navigating varying program rules. To overcome these, it's important to continually hone your technical skills, engage with the security community for knowledge sharing, and thoroughly review each program's scope and guidelines before submitting reports. Building a reputation for high-quality, well-documented submissions can also help you stand out and secure more consistent rewards.
What is the difference between Freelance Bug Bounty Program vs Freelance Penetration Tester?
| Aspect | Freelance Bug Bounty Program | Freelance Penetration Tester |
|---|---|---|
| Credentials | Knowledge of security testing, bug reporting | Certifications like OSCP, CEH, CISSP often preferred |
| Work Environment | Remote, project-based, online platforms | Remote or on-site, client-specific engagements |
| Industry Usage | Tech companies, cybersecurity platforms | Consulting firms, corporate security teams |
| Search & Comparison Intent | Focus on bug bounty programs, online testing | Focus on security assessments, penetration testing |
While both roles involve security testing, Freelance Bug Bounty Programs primarily focus on identifying vulnerabilities through online platforms and reporting bugs, often without formal certifications. Freelance Penetration Testers conduct comprehensive security assessments, often requiring certifications and on-site work. The choice depends on your skills, certifications, and preferred work environment.
In what states is it illegal to bounty hunt?
The legality of bounty hunting varies by state, and some states have restrictions or require licensing for activities related to bounty hunting or similar security roles. Freelance bug bounty programs generally operate online and are not restricted by state laws, but participants should ensure they comply with local regulations regarding cybersecurity and ethical hacking. It is advisable to review specific state laws and obtain any necessary permissions before engaging in such activities.
Will AI replace bug bounty?
The role of a bug bounty hunter involves identifying security vulnerabilities in software, which requires human expertise, creativity, and understanding of complex systems. While AI tools can assist in automating certain testing processes, they are unlikely to fully replace the critical thinking and nuanced analysis performed by skilled bug bounty hunters. Instead, AI is expected to serve as a complementary tool to enhance efficiency and coverage in security assessments.
More about Freelance Bug Bounty Program jobs
What cities are hiring for Freelance Bug Bounty Program jobs? Cities with the most Freelance Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Freelance Bug Bounty Program jobs? States with the most job openings for Freelance Bug Bounty Program jobs include:
What job categories do people searching Freelance Bug Bounty Program jobs look for? The top searched job categories for Freelance Bug Bounty Program jobs are:
Job description
Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
- Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program
- Communicate clearly and effectively with security researchers to follow up on unclear reports, drive report clarity, and increase engagement with top hackers
- Understand the root cause of security vulnerabilities to help product and engineering teams fix them, and advise on the right mitigation strategies
- Drive the lifecycle of submissions through to resolution, coordinating with product and engineering stakeholders
- Act as the security bridge between external researchers and internal teams to facilitate rapid and effective remediation
- Conduct in-depth data analysis on bug reports and vulnerability patterns to identify systemic risks and inform new security initiatives
- Provide tactical support for vulnerability management triage processes to augment the team as needed
- Prepare and implement improvements to the overall bug bounty program
- Provide feedback and requirements for tool development to enhance triage and security workflows, leveraging opportunities for automation
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- Proven ability to follow bug reports and accurately triage security vulnerabilities
- Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs)
- Competent in offensive security tools (e.g., Burp Suite, custom scripting)
- Ability to think like an attacker to understand the impact of vulnerabilities
- Proficient in clear communication, conveying technical concepts to various stakeholders
- Experience in one of the following areas
- Bug bounty program or triaging security vulnerability reports
- Knowledge of Stripe products and general security expertise
- Experience in technical support, operations, or similar roles with technical systems exposure
- Prior participation in or experience with bug bounty programs
- Experience analyzing source code for security vulnerabilities
- Proficiency in scripting languages (e.g., Python, Ruby) for automation
- Familiarity with cloud-based services (e.g., AWS, GCP)
- Certifications such as OSWA or BSCP
About Stripe
Sourced by ZipRecruiter
Industry
Software development
Company size
1,001 - 5,000 Employees
Headquarters location
San Francisco, CA, US
Year founded
2010