1

Freelance Bug Bounty Program Jobs (NOW HIRING)

Technical Program Manager, Bug Bounty

Seattle, WA · On-site

$146K - $190K/yr

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...

Technical Program Manager, Bug Bounty

Seattle, WA · On-site

$146K - $190K/yr

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...

Technical Program Manager, Bug Bounty

Seattle, WA · On-site

$146K - $190K/yr

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...

Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for ...

Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Bug Bounty Program Management: Own and expand Vercel's bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...

Senior Vulnerability Engineer

$117K - $160K/yr

You will also support offensive security initiatives, including penetration testing, red teaming, and bug bounty programs, ensuring findings are actionable and embedded into engineering workflows.

next page

Showing results 1-20

Freelance Bug Bounty Program information

See salary details

$9

$22

$68

How much do freelance bug bounty program jobs pay per hour?

As of Jul 5, 2026, the average hourly pay for freelance bug bounty program in the United States is $22.97, according to ZipRecruiter salary data. Most workers in this role earn between $18.75 and $18.75 per hour, depending on experience, location, and employer.

What are freelance bug bounty programs?

Freelance bug bounty programs are initiatives run by companies or platforms that invite independent security researchers—often called ethical hackers—to identify and report vulnerabilities in their software or systems. Participants work on a freelance basis, choosing which programs to join and which vulnerabilities to hunt for, and are typically rewarded with monetary payouts or recognition for valid findings. This model helps organizations discover and fix security issues before they can be exploited maliciously, while providing freelancers with income and experience in cybersecurity. Anyone with the necessary skills can participate, making it a flexible career or side job for security enthusiasts.

What companies pay bug bounties?

Many technology companies, including Google, Microsoft, Facebook, Apple, and Uber, run bug bounty programs that pay security researchers for discovering vulnerabilities. These programs are often hosted on platforms like HackerOne and Bugcrowr, and they typically offer rewards based on the severity of the findings and the quality of reports. Participating as a freelance bug bounty hunter requires skills in security testing, knowledge of bug bounty platforms, and adherence to program rules.

Will Facebook pay $500 if you find a bug in their code?

As a freelance bug bounty hunter, you can earn rewards like $500 or more for discovering valid security vulnerabilities in Facebook's code through their bug bounty program. Payment amounts vary depending on the severity and impact of the bug, and participating requires following the program's rules and submitting detailed reports. Successful hunters often use skills in security testing tools and adhere to responsible disclosure practices.

What are the key skills and qualifications needed to thrive as a Freelance Bug Bounty Hunter, and why are they important?

To thrive as a Freelance Bug Bounty Hunter, you need a solid understanding of web application security, programming/scripting languages, and vulnerability assessment methodologies—often demonstrated by hands-on experience or certifications like OSCP. Familiarity with tools such as Burp Suite, Nmap, Metasploit, and various bug bounty platforms is essential for effective testing and reporting. Standout soft skills include analytical thinking, persistence, attention to detail, and clear written communication for submitting thorough vulnerability reports. These skills are crucial for identifying and responsibly disclosing security flaws, earning rewards, and building a strong reputation in the cybersecurity community.

What are some common challenges faced by freelancers participating in bug bounty programs, and how can they be overcome?

Freelancers in bug bounty programs often face challenges such as intense competition from other researchers, staying updated with the latest security vulnerabilities, and navigating varying program rules. To overcome these, it's important to continually hone your technical skills, engage with the security community for knowledge sharing, and thoroughly review each program's scope and guidelines before submitting reports. Building a reputation for high-quality, well-documented submissions can also help you stand out and secure more consistent rewards.

What is the difference between Freelance Bug Bounty Program vs Freelance Penetration Tester?

AspectFreelance Bug Bounty ProgramFreelance Penetration Tester
CredentialsKnowledge of security testing, bug reportingCertifications like OSCP, CEH, CISSP often preferred
Work EnvironmentRemote, project-based, online platformsRemote or on-site, client-specific engagements
Industry UsageTech companies, cybersecurity platformsConsulting firms, corporate security teams
Search & Comparison IntentFocus on bug bounty programs, online testingFocus on security assessments, penetration testing

While both roles involve security testing, Freelance Bug Bounty Programs primarily focus on identifying vulnerabilities through online platforms and reporting bugs, often without formal certifications. Freelance Penetration Testers conduct comprehensive security assessments, often requiring certifications and on-site work. The choice depends on your skills, certifications, and preferred work environment.

How much do freelance bug bounty hunters make?

Freelance bug bounty hunters can earn from a few hundred to several thousand dollars per bug, with top earners making over $100,000 annually by identifying critical vulnerabilities. Earnings depend on the severity of the bugs found, the scope of the program, and the hunter's skills and experience.

How much does Amazon pay for bug bounty?

Amazon's bug bounty program, through its AWS and other platforms, offers rewards that can range from a few hundred to tens of thousands of dollars for critical vulnerabilities. The payout depends on the severity and impact of the security issue, with high-severity bugs typically earning higher rewards. Bug bounty hunters often use skills in security testing, reverse engineering, and vulnerability research to participate effectively.
More about Freelance Bug Bounty Program jobs
What cities are hiring for Freelance Bug Bounty Program jobs? Cities with the most Freelance Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Freelance Bug Bounty Program jobs? States with the most job openings for Freelance Bug Bounty Program jobs include:
What job categories do people searching Freelance Bug Bounty Program jobs look for? The top searched job categories for Freelance Bug Bounty Program jobs are:
Infographic showing various Freelance Bug Bounty Program job openings in the United States as of June 2026, with employment types broken down into 81% Full Time, and 19% Part Time. Highlights an 77% Physical, 2% Hybrid, and 21% Remote job distribution, with an average salary of $47,772 per year, or $23 per hour.
Technical Program Manager, Bug Bounty

Technical Program Manager, Bug Bounty

Amazon

Seattle, WA • On-site

$146K - $190K/yr

Full-time

Posted 13 days ago


Amazon rating

7.4

Company rating: 7.4 out of 10

Based on 6,925 frontline employees who took The Breakroom Quiz

6th of 39 rated national retailers


Job description

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex, cross-functional programs that improve how we identify, triage, and resolve externally reported security vulnerabilities. You'll work across engineering, security, and business teams to improve processes, remove roadblocks, and ensure researchers have the access and support they need to help raise our security bar.
You'll partner with internal teams to close vulnerabilities quickly and effectively, and you'll help shape the future of how Amazon engages with the global security research community

This is a fast-paced, high-impact role that requires strong ownership, sound judgment, and the ability to dive deep into technical problems while keeping stakeholders aligned.
Key job responsibilities
- Lead technical programs that improve how Amazon responds to externally reported vulnerabilities
- Define and scale internal processes for vulnerability intake, triage, and resolution
- Build durable solutions that reduce repeat issues through automation, better tooling, and improved service team accountability
- Collaborate with partner teams to improve test account support and ensure researchers have the access they need to test securely and effectively
- Communicate clearly and regularly with senior leaders, engineering teams, and external researchers
- Own the long-term roadmap for specific areas of the Bug Bounty program and influence the broader team strategy
A day in the life
You will spend most days working with engineers, builder teams, and partner teams to improve how we handle bug bounty findings. You might be mapping out a plan to improve processes, coordinating across teams to roll out new tools, or identifying where we need better support for internal owners. Some days will focus on clearing blockers and aligning stakeholders

Others will focus on building the right systems to scale the program as Amazon grows.
About the team
The Bug Bounty team helps protect Amazon and its customers by working with external security researchers who report vulnerabilities in our public-facing services. We partner with security engineers and builder teams across the company to investigate findings, improve our response processes, and build systems that scale. Our mission is to raise the security bar across Amazon by learning from every bug

We value clear thinking, sound judgment, and strong ownership, and we work every day to make Amazon more secure for customers around the world.
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences

Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness

Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture

When we feel supported in the workplace and at home, there's nothing we can't achieve.


What Amazon employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom


Amazon logo

About Amazon

Sourced by ZipRecruiter

Amazon.com, Inc., commonly known as Amazon, is an American multinational technology company. It was founded by Jeff Bezos in 1994 and initially started as an online marketplace for books. Since then, Amazon has expanded its operations and become one of the largest e-commerce companies in the world. Amazon's primary business is its online retail platform, where customers can purchase a vast array of products, including electronics, clothing, books, home goods, and much more. The company offers a convenient and user-friendly shopping experience, with features such as fast shipping, customer reviews, and personalized recommendations. In addition to its e-commerce platform, Amazon has diversified its business into various other areas. One of its notable ventures is Amazon Web Services (AWS), a comprehensive cloud computing platform that provides services such as storage, compute power, and database management to individuals and businesses. AWS has become a leader in the cloud computing industry, powering many websites and applications worldwide. Amazon has also developed its own consumer electronics, including the popular Amazon Kindle e-reader, Fire tablets, Fire TV streaming devices, and the Alexa-powered Echo smart speakers. The Alexa voice assistant, integrated into these devices, allows users to interact with their devices using voice commands, perform tasks, and access information. Furthermore, Amazon has expanded into media and entertainment. It operates Prime Video, a streaming service that offers a wide range of movies, TV shows, and original content. Amazon Music provides a platform for streaming and purchasing digital music, while Audible offers audiobooks and other audio content. The company's commitment to customer satisfaction and convenience is demonstrated by its membership program, Amazon Prime. Prime members receive various benefits, including free two-day shipping, access to streaming services, exclusive deals, and more.

Industry

It services, book publishers, retail, real estate and computer and electronic product manufacturing

Company size

10,000+ Employees

Headquarters location

Seattle, WA, US