ZipRecruiter

Log In

1

Freelance Bug Bounty Program Jobs (NOW HIRING)

MoonPay

Senior Security Engineer - Automation

$117K - $160K/yr

We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...

MoonPay

Senior Security Engineer - Automation

New York, NY

$125K - $171K/yr

We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...

Landry's, LLC.

Senior Cybersecurity Engineer

Houston, TX · On-site

$105K - $145K/yr

Provide application security guidance and support the bug bounty and responsible disclosure program, including vulnerability triage and researcher communications. * Evaluate AI-powered tools and ...

Replit

SOC Engineer

Foster City, CA · On-site

$180K - $250K/yr

Experience working with bug bounty programs or coordinated vulnerability disclosure workflows. * Experience in fast-paced, cloud-native, or AI/ML-driven environments. What We Value * Curiosity ...

Verkada

Staff+ Product Security Engineer

San Mateo, CA · On-site

Create and operate a bug bounty program * Triage and recommend solutions for security bugs from tools, third party assessments and bug bounties * Collaborate with the CISO and security team to grow ...

Accenture Federal Services

CNO Developer

Chantilly, VA · On-site

$129K - $177K/yr

Desire to contribute to CTF events, bug bounty programs, and speaking at the security conferences * Rapid Prototype Software Development Security Clearance: * Active TS/SCI level clearance. Must be ...

Outreach

Technical Program Manager - Security

Seattle, WA · Remote

$130K - $170K/yr

Experience managing cross-functional, large-scale technical security programs, including the Security Vulnerability Program, Security Exceptions Program, and Bug Bounty Program * Familiar with ...

Outreach

Technical Program Manager - Security

Seattle, WA · On-site +1

$130K - $170K/yr

Experience managing cross-functional, large-scale technical security programs, including the Security Vulnerability Program, Security Exceptions Program, and Bug Bounty Program * Familiar with ...

Outreach

Technical Program Manager - Security

Seattle, WA · Remote

$130K - $170K/yr

Experience managing cross-functional, large-scale technical security programs, including the Security Vulnerability Program, Security Exceptions Program, and Bug Bounty Program * Familiar with ...

Futran Tech Solutions Pvt. Ltd.

AppSec SME

$60.25 - $80.25/hr

Monitor and track the Bug bounty vulnerabilities and remediation closure * Track the coverage of ... Manage the program and communicate with client team * Identify, manage risks and provide risks ...

next page

Showing results 1-20

All JobsBug Bounty Program JobsFreelance Bug Bounty Program Jobs

Freelance Bug Bounty Program information

See salary details

$9

$22

$68

How much do freelance bug bounty program jobs pay per hour?

As of Jun 14, 2026, the average hourly pay for freelance bug bounty program in the United States is $22.97, according to ZipRecruiter salary data. Most workers in this role earn between $18.75 and $18.75 per hour, depending on experience, location, and employer.

How much will Apple pay you if you find a bug?

As a bug bounty hunter participating in Apple's bug bounty program, rewards can range from a few thousand dollars to over $100,000 for critical vulnerabilities. The payout depends on the severity and impact of the bug, with Apple offering higher rewards for more significant security flaws. Participants typically need technical skills, knowledge of security testing, and adherence to program rules to qualify for payments.

What are freelance bug bounty programs?

Freelance bug bounty programs are initiatives run by companies or platforms that invite independent security researchers—often called ethical hackers—to identify and report vulnerabilities in their software or systems. Participants work on a freelance basis, choosing which programs to join and which vulnerabilities to hunt for, and are typically rewarded with monetary payouts or recognition for valid findings. This model helps organizations discover and fix security issues before they can be exploited maliciously, while providing freelancers with income and experience in cybersecurity. Anyone with the necessary skills can participate, making it a flexible career or side job for security enthusiasts.

Will Facebook pay $500 if you find a bug in their code?

As a freelance bug bounty hunter, you can earn rewards like $500 or more for discovering valid security vulnerabilities in Facebook's code through their bug bounty program. Payment amounts vary depending on the severity and impact of the bug, and participating requires following specific submission guidelines and having technical skills in security testing. Not all bugs qualify for rewards, and programs often have minimum payout thresholds.

What are the key skills and qualifications needed to thrive as a Freelance Bug Bounty Hunter, and why are they important?

To thrive as a Freelance Bug Bounty Hunter, you need a solid understanding of web application security, programming/scripting languages, and vulnerability assessment methodologies—often demonstrated by hands-on experience or certifications like OSCP. Familiarity with tools such as Burp Suite, Nmap, Metasploit, and various bug bounty platforms is essential for effective testing and reporting. Standout soft skills include analytical thinking, persistence, attention to detail, and clear written communication for submitting thorough vulnerability reports. These skills are crucial for identifying and responsibly disclosing security flaws, earning rewards, and building a strong reputation in the cybersecurity community.

What are some common challenges faced by freelancers participating in bug bounty programs, and how can they be overcome?

Freelancers in bug bounty programs often face challenges such as intense competition from other researchers, staying updated with the latest security vulnerabilities, and navigating varying program rules. To overcome these, it's important to continually hone your technical skills, engage with the security community for knowledge sharing, and thoroughly review each program's scope and guidelines before submitting reports. Building a reputation for high-quality, well-documented submissions can also help you stand out and secure more consistent rewards.

What is the difference between Freelance Bug Bounty Program vs Freelance Penetration Tester?

AspectFreelance Bug Bounty ProgramFreelance Penetration Tester
CredentialsKnowledge of security testing, bug reportingCertifications like OSCP, CEH, CISSP often preferred
Work EnvironmentRemote, project-based, online platformsRemote or on-site, client-specific engagements
Industry UsageTech companies, cybersecurity platformsConsulting firms, corporate security teams
Search & Comparison IntentFocus on bug bounty programs, online testingFocus on security assessments, penetration testing

While both roles involve security testing, Freelance Bug Bounty Programs primarily focus on identifying vulnerabilities through online platforms and reporting bugs, often without formal certifications. Freelance Penetration Testers conduct comprehensive security assessments, often requiring certifications and on-site work. The choice depends on your skills, certifications, and preferred work environment.

In what states is it illegal to bounty hunt?

The legality of bounty hunting varies by state, and some states have restrictions or require licensing for activities related to bounty hunting or similar security roles. Freelance bug bounty programs generally operate online and are not restricted by state laws, but participants should ensure they comply with local regulations regarding cybersecurity and ethical hacking. It is advisable to review specific state laws and obtain any necessary permissions before engaging in such activities.

Will AI replace bug bounty?

The role of a bug bounty hunter involves identifying security vulnerabilities in software, which requires human expertise, creativity, and understanding of complex systems. While AI tools can assist in automating certain testing processes, they are unlikely to fully replace the critical thinking and nuanced analysis performed by skilled bug bounty hunters. Instead, AI is expected to serve as a complementary tool to enhance efficiency and coverage in security assessments.
More about Freelance Bug Bounty Program jobs
What cities are hiring for Freelance Bug Bounty Program jobs? Cities with the most Freelance Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Freelance Bug Bounty Program jobs? States with the most job openings for Freelance Bug Bounty Program jobs include:
What job categories do people searching Freelance Bug Bounty Program jobs look for? The top searched job categories for Freelance Bug Bounty Program jobs are:
Freelance Bug Bounty Program jobs near you

Principal Product Security Engineer

SoundCloud

New York, NY • On-site

$190K - $220K/yr

Full-time

Medical, Dental, Vision, Retirement, PTO

Posted 27 days ago

Job description

SoundCloud empowers artists and fans to connect and share through music. Founded in 2007, SoundCloud is an artist-first platform empowering artists to build and grow their careers by providing them with the most progressive tools, services, and resources. With over 400+ million tracks from 40 million artists, the future of music is SoundCloud.
We are looking for a Principal Product Security Engineer to join our Security team!
As a Product Security Engineer, you will collaborate cross-functionally with engineering teams to identify and address potential vulnerabilities in our products and services. You will advocate and shape security best practices across SoundCloud's Engineering, Product, and Design ("EPD") organization. This position offers a unique opportunity to play a direct, pivotal role in safeguarding our products against emerging cyber threats to our platform, artists and creators, and listeners and fans.
Key Responsibilities:
  • Identify security anti-patterns in our codebases and architecture and drive cross-functional initiatives to systemically address them
  • Help guide our Engineering and Product teams around the safe and responsible use of agentic AI in our products and Software Development Lifecycle (SDLC)
  • Drive efforts to automate the security of our SDLC, including our CI/CD pipelines
  • Secure our AWS, GCP, and on-prem infrastructure through implementing proper access control and guardrails
  • Conduct secure code reviews and threat modeling exercises to identify and remediate potential security vulnerabilities
  • Define, implement, and oversee processes and policies in our Vulnerability Management Program
  • Triage and drive to remediation submissions from our external bug bounty program
  • Participate in our security incident response process
  • Make recommendations to external teams and stakeholders about how to improve the consumer security of our platform
  • Promote security best practices through educational initiatives such as CTFs and technical talks
  • Improve internal tooling, processes, and documentation
  • Help to define the Product Security program and team strategy
  • Mentor and onboard team members

Experience and Background:
  • 8+ years of product or application security experience, or other relevant software engineering experience
  • Deep expertise in designing secure architecture
  • Enthusiasm about collaborating with engineering and product teams to proactively address security issues in products
  • Experience conducting threat modeling exercises and secure code reviews
  • Experience configuring DevSecOps tools (e.g. SAST, SCA, Secret Scanning)
  • Experience managing bug bounty programs
  • Familiarity with languages such as Javascript, Go, Ruby, Python, or Scala
  • Experience working with cloud providers (AWS, GCP) and Developer SaaS solutions (GitHub, Jira)
  • Familiarity with IaC tools such as Terraform and CloudFormation
  • Ability to effectively communicate risk to technical and non-technical audiences
  • Experience with data analysis (SQL) in order to determine scope and impact of vulnerabilities
  • Knowledge of industry-standard security frameworks and regulations, such as GDPR, CCPA, SOC2, NIS2, and OWASP is a plus
  • Experience with vulnerability management is a plus
  • Experience threat modelling and securing Generative AI applications & use-cases in the context of the EU AI Act is a plus
  • Experience with data governance is a plus

The salary range for this role is $190,000 - $220,000 annually. The final salary offered will be determined based on relative experience, skills, internal equity, and location. We also offer a generous total rewards program - read more about additional benefits and perks below!
About us:
  • We are a multinational company with offices in the US (New York and Los Angeles), Germany (Berlin), and the UK (London)
  • We provide a flexible work culture that offers the opportunity to collaborate and connect in person at our offices as well as accommodating work from home
  • We are deeply committed to ensuring diversity, equity and inclusion at all levels of our organization and fostering a community where everyone's voice, perspective and experience is respected and heard
  • We believe a strong team is made by investing in employees through mentorship, workshops and enrichment opportunities
Benefits:
  • Comprehensive health benefits including medical, dental, and vision plans, as well as mental health resources
  • Robust 401k program
  • Employee Equity Plan
  • Generous professional development allowance
  • Interested in a gym membership, photography course or book? We have a Creativity and Wellness benefit!
  • Flexible vacation and public holiday policy where you can take up to 35 days of PTO annually
  • 16 paid weeks for all parents (birthing and non-birthing), regardless of gender, to welcome newborns, adopted and foster children
  • Various snacks, goodies, and 2 free lunches weekly when at the office
Diversity, Equity and Inclusion at SoundCloud
SoundCloud is for everyone. Diversity and open expression are fundamental to our organization; they help us lead what's next in music by understanding and empowering our creators and fans, no matter their identity. We acknowledge the challenges in the music industry, and strive to influence an inclusive culture where everyone can contribute respectfully and thrive, especially the historically marginalized communities that many of our creators, fans and SoundClouders identify with. We are dedicated to creating an inclusive environment at SoundCloud for everyone, regardless of gender identity, sexual orientation, race, ethnicity, migration background, national origin, age, disability status, or care-giver status.
At SoundCloud you can find your community or elevate your allyship by joining a Diversity Resource Group. Diversity Resource Groups are employee-organized groups focused on supporting and promoting the interests of a particular underrepresented community in order to build a more inclusive culture at SoundCloud. Anyone can join, whether you share the identity or strive to be an ally.

Apply