1

Freelance Bug Bounty Program Jobs (NOW HIRING)

Application Security Engineer

$60.25 - $80.25/hr

Triage vulnerabilities from the bug bounty program, collaborating with external researchers and internal engineering teams to resolve discovered flaws. * Collaborate with Dev/QA teams throughout the ...

Senior Product Security Engineer

$117K - $160K/yr

Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...

... Bug Bounty Program • Implement security controls across Merge, from infrastructure to CI • Implement and run manual and automated security practices to mitigate vulnerabilities • Assist with ...

... bug bounty program Company : Rippling is a workforce management platform that unifies HR, IT, and finance operations into a single system. Founded in 2016, the company is headquartered in San ...

Senior Product Security Engineer

Seattle, WA · On-site

$130K - $178K/yr

... bug bounty program Company : Rippling is a workforce management platform that unifies HR, IT, and finance operations into a single system. Founded in 2016, the company is headquartered in San ...

... bug bounty program Company : Rippling is a workforce management platform that unifies HR, IT, and finance operations into a single system. Founded in 2016, the company is headquartered in San ...

Background in bug bounty programs or red teaming * Familiarity with AI or machine learning ... Freelance perks: autonomy, variety, and global collaboration * Make a meaningful impact on how AI ...

Experience in Red Teaming and bug bounty programs preferred Ideal Candidate: * 5-8 years of security testing experience * Proven ability to mentor teams and implement enterprise security solutions

Senior Product Security Engineer

Manhattan, NY · On-site

$126K - $172K/yr

... bug bounty program Company : Rippling is a workforce management platform that unifies HR, IT, and finance operations into a single system. Founded in 2016, the company is headquartered in San ...

Senior Product Security Engineer

San Francisco, CA · On-site

$134K - $185K/yr

... bug bounty program Company : Rippling is a workforce management platform that unifies HR, IT, and finance operations into a single system. Founded in 2016, the company is headquartered in San ...

next page

Showing results 1-20

Freelance Bug Bounty Program information

See salary details

$9

$22

$68

How much do freelance bug bounty program jobs pay per hour?

As of Jul 5, 2026, the average hourly pay for freelance bug bounty program in the United States is $22.97, according to ZipRecruiter salary data. Most workers in this role earn between $18.75 and $18.75 per hour, depending on experience, location, and employer.

What are freelance bug bounty programs?

Freelance bug bounty programs are initiatives run by companies or platforms that invite independent security researchers—often called ethical hackers—to identify and report vulnerabilities in their software or systems. Participants work on a freelance basis, choosing which programs to join and which vulnerabilities to hunt for, and are typically rewarded with monetary payouts or recognition for valid findings. This model helps organizations discover and fix security issues before they can be exploited maliciously, while providing freelancers with income and experience in cybersecurity. Anyone with the necessary skills can participate, making it a flexible career or side job for security enthusiasts.

What companies pay bug bounties?

Many technology companies, including Google, Microsoft, Facebook, Apple, and Uber, run bug bounty programs that pay security researchers for discovering vulnerabilities. These programs are often hosted on platforms like HackerOne and Bugcrowr, and they typically offer rewards based on the severity of the findings and the quality of reports. Participating as a freelance bug bounty hunter requires skills in security testing, knowledge of bug bounty platforms, and adherence to program rules.

Will Facebook pay $500 if you find a bug in their code?

As a freelance bug bounty hunter, you can earn rewards like $500 or more for discovering valid security vulnerabilities in Facebook's code through their bug bounty program. Payment amounts vary depending on the severity and impact of the bug, and participating requires following the program's rules and submitting detailed reports. Successful hunters often use skills in security testing tools and adhere to responsible disclosure practices.

What are the key skills and qualifications needed to thrive as a Freelance Bug Bounty Hunter, and why are they important?

To thrive as a Freelance Bug Bounty Hunter, you need a solid understanding of web application security, programming/scripting languages, and vulnerability assessment methodologies—often demonstrated by hands-on experience or certifications like OSCP. Familiarity with tools such as Burp Suite, Nmap, Metasploit, and various bug bounty platforms is essential for effective testing and reporting. Standout soft skills include analytical thinking, persistence, attention to detail, and clear written communication for submitting thorough vulnerability reports. These skills are crucial for identifying and responsibly disclosing security flaws, earning rewards, and building a strong reputation in the cybersecurity community.

What are some common challenges faced by freelancers participating in bug bounty programs, and how can they be overcome?

Freelancers in bug bounty programs often face challenges such as intense competition from other researchers, staying updated with the latest security vulnerabilities, and navigating varying program rules. To overcome these, it's important to continually hone your technical skills, engage with the security community for knowledge sharing, and thoroughly review each program's scope and guidelines before submitting reports. Building a reputation for high-quality, well-documented submissions can also help you stand out and secure more consistent rewards.

What is the difference between Freelance Bug Bounty Program vs Freelance Penetration Tester?

AspectFreelance Bug Bounty ProgramFreelance Penetration Tester
CredentialsKnowledge of security testing, bug reportingCertifications like OSCP, CEH, CISSP often preferred
Work EnvironmentRemote, project-based, online platformsRemote or on-site, client-specific engagements
Industry UsageTech companies, cybersecurity platformsConsulting firms, corporate security teams
Search & Comparison IntentFocus on bug bounty programs, online testingFocus on security assessments, penetration testing

While both roles involve security testing, Freelance Bug Bounty Programs primarily focus on identifying vulnerabilities through online platforms and reporting bugs, often without formal certifications. Freelance Penetration Testers conduct comprehensive security assessments, often requiring certifications and on-site work. The choice depends on your skills, certifications, and preferred work environment.

How much do freelance bug bounty hunters make?

Freelance bug bounty hunters can earn from a few hundred to several thousand dollars per bug, with top earners making over $100,000 annually by identifying critical vulnerabilities. Earnings depend on the severity of the bugs found, the scope of the program, and the hunter's skills and experience.

How much does Amazon pay for bug bounty?

Amazon's bug bounty program, through its AWS and other platforms, offers rewards that can range from a few hundred to tens of thousands of dollars for critical vulnerabilities. The payout depends on the severity and impact of the security issue, with high-severity bugs typically earning higher rewards. Bug bounty hunters often use skills in security testing, reverse engineering, and vulnerability research to participate effectively.
More about Freelance Bug Bounty Program jobs
What cities are hiring for Freelance Bug Bounty Program jobs? Cities with the most Freelance Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Freelance Bug Bounty Program jobs? States with the most job openings for Freelance Bug Bounty Program jobs include:
What job categories do people searching Freelance Bug Bounty Program jobs look for? The top searched job categories for Freelance Bug Bounty Program jobs are:
Infographic showing various Freelance Bug Bounty Program job openings in the United States as of June 2026, with employment types broken down into 81% Full Time, and 19% Part Time. Highlights an 77% Physical, 2% Hybrid, and 21% Remote job distribution, with an average salary of $47,772 per year, or $23 per hour.
Vulnerability Response Manager - Apple Information Security

Vulnerability Response Manager - Apple Information Security

Apple

Austin, TX

$212K - $319K/yr

Full-time

Medical, Dental, Retirement

Posted 4 days ago


Apple rating

8.1

Company rating: 8.1 out of 10

Based on 666 frontline employees who took The Breakroom Quiz

5th of 30 rated technology retailers


Job description

Apple Information Security is seeking an experienced security engineering manager to lead the Vulnerability Response team across the United States and EMEIA regions. Apple's external perimeter spans thousands of services relied upon by billions of users worldwide, and this team is responsible for continuously identifying, analyzing, and remediating vulnerabilities across that surface. You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule development, emerging threat response, and custom security
tooling.
You will play a critical role in protecting Apple's services and customers by ensuring timely and thorough response to security risks, fostering engineering excellence, and driving strategic initiatives that strengthen Apple's overall security posture. This role is both strategic and operational, requiring deep technical expertise, strong leadership, and the ability to manage a geographically distributed team operating in a continuous response environment.
Description
As a manager on the Vulnerability Response team, you will lead the day-to-day operations of security engineers across the US and EMEIA regions, as well as oversee resources providing around-the-clock support. You will set team priorities, drive execution across multiple concurrent programs, and ensure operational continuity for a function that requires uninterrupted coverage. This includes direct participation in on-call escalation rotations, hands-on technical contributions such as penetration testing, variant analysis, security tool development, and strategic planning to evolve the team's capabilities over time.
You will partner closely with teams across Apple to ensure coordinated and effective vulnerability response. You will represent the team in cross-functional forums, advocate for security improvements with engineering leadership, and contribute to the development of policies, processes, and tooling that scale the team's impact. You will also maintain the professional standards and reputation through oversight of researcher engagement,
vulnerability adjudication, and program communications.","responsibilities":"Team Leadership: Lead, mentor, and grow a geographically distributed team of security engineers across the US and EMEIA regions. Set goals, support professional development, and oversee resources providing around-the-clock Tier 1 support.
Vulnerability Response Operations: Own the team's continuous vulnerability response function, including on-call escalation, emerging threat and zero-day assessment, and coordination of rapid remediation efforts across Apple's external perimeter.
Vulnerability Discovery and Remediation: Drive proactive security assessment programs, including penetration testing, variant analysis, and large-scale scanning initiatives, to identify and remediate vulnerabilities before they are discovered or exploited by external parties.
Security Program Management: Manage the lifecycle of external researcher engagement, report validation, risk assessment, and remediation coordination.
Security Tooling and Automation: Guide the development and maintenance of custom security tools and automation that support vulnerability detection, analysis, and remediation tracking at scale, including the application of emerging technologies to increase operational efficiency.
Cross-Functional Collaboration: Serve as a trusted security advisor to engineering, product, and leadership teams, partnering across security and infrastructure organizations to align vulnerability response priorities with broader security objectives and drive adoption of security improvements.
Preferred Qualifications
Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent professional experience.
Experience with cloud-native architectures, WAF technologies, and DNS security disciplines, with the ability to assess security implications across modern deployment and infrastructure environments.
Background in applying AI and machine learning techniques to security operations, including automated analysis, classification, or remediation workflows.
Relevant industry certifications such as CISSP, OSCP, OSCE, GPEN, or equivalent are helpful but not required.
Minimum Qualifications
8+ years of experience in information security, with demonstrated expertise in vulnerability management, web application penetration testing, and incident response for large-scale internet-facing services, including 3+ years of people management experience leading and developing teams of security engineers.
Strong technical proficiency in web application security, including hands-on experience identifying and remediating common vulnerability classes, and software development skills in one or more of Python, Go, or Bash.
Experience managing or contributing to a vulnerability disclosure or bug bounty program, including researcher engagement, vulnerability validation, and coordinated disclosure processes.
Experience with vulnerability scanning tools and methodologies at enterprise scale, including both commercial and open-source solutions.
Demonstrated ability to manage geographically distributed teams across multiple time zones, with willingness to participate in on-call rotations, including weekends, as part of a tiered escalation model.
Excellent written and verbal communication skills, with the ability to articulate complex security issues and risk to both technical and non-technical audiences.
Pay & Benefits
At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $212,600 and $319,800, and your base pay will depend on your skills, qualifications, experience, and location.
Apple employees also have the opportunity to become an Apple shareholder through participation in Apple's discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple's Employee Stock Purchase Plan. You'll also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses - including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation. Learn more about Apple Benefits
Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.

What Apple employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom


Apple logo

About Apple

Sourced by ZipRecruiter

Imagine what you could do here! At Apple, new ideas have a way of becoming extraordinary products, services, and customer experiences very quickly. Bring passion and dedication to your job and there's no telling what you could accomplish. Dynamic, intelligent people and inspiring, innovative technologies are the norm here. The people who work here have reinvented entire industries with all Apple Hardware products. The same real passion for innovation that goes into our products also applies to our practices strengthening our dedication to leave the world better than we found it.

Industry

Computer and electronic product manufacturing

Company size

10,000+ Employees

Headquarters location

Cupertino, CA, US

Year founded

1976