1

Freelance Bug Bounty Program Jobs (NOW HIRING)

... bug bounty program Company : Rippling is a workforce management platform that unifies HR, IT, and finance operations into a single system. Founded in 2016, the company is headquartered in San ...

Staff+ Application Security Engineer

$60.25 - $80.25/hr

Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with ...

Staff+ Application Security Engineer

$60.25 - $80.25/hr

Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with ...

Staff+ Application Security Engineer

Seattle, WA · On-site

$67 - $89.50/hr

Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with ...

Experience with bug bounty programs, penetration testing, or secure code review * Familiarity with ... Freelance perks: autonomy, flexibility, and global collaboration * Make a meaningful contribution ...

... our bug bounty program end to end: triage, response, remediation, and researcher communication • Partner with Engineering to embed secure design patterns and security review into how we ship ...

Manage a vulnerability management program, vulnerability scanning tools and the enterprise Bug Bounty program, tracking and prioritizing remediation against defined SLAs. * Help operate and improve ...

... our bug bounty program end to end: triage, response, remediation, and researcher communication • Partner with Engineering to embed secure design patterns and security review into how we ship ...

Manage a vulnerability management program, vulnerability scanning tools and the enterprise Bug Bounty program, tracking and prioritizing remediation against defined SLAs. * Help operate and improve ...

Apply Early

Manage a vulnerability management program, vulnerability scanning tools and the enterprise Bug Bounty program, tracking and prioritizing remediation against defined SLAs. * Help operate and improve ...

Application Security Engineer

Pittsburgh, PA · On-site

$57 - $76.25/hr

... Bug Bounty program, tracking and prioritizing remediation against defined SLAs. • Help operate and improve Bot Management, WAF, secrets management, and API security controls across Wolfe ...

CNO Developer

Chantilly, VA · On-site

$129K - $177K/yr

Desire to contribute to CTF events, bug bounty programs, and speaking at the security conferences * Rapid Prototype Software Development Security Clearance: * Active TS/SCI level clearance. Must be ...

next page

Showing results 1-20

Freelance Bug Bounty Program information

See salary details

$9

$22

$68

How much do freelance bug bounty program jobs pay per hour?

As of Jul 5, 2026, the average hourly pay for freelance bug bounty program in the United States is $22.97, according to ZipRecruiter salary data. Most workers in this role earn between $18.75 and $18.75 per hour, depending on experience, location, and employer.

What are freelance bug bounty programs?

Freelance bug bounty programs are initiatives run by companies or platforms that invite independent security researchers—often called ethical hackers—to identify and report vulnerabilities in their software or systems. Participants work on a freelance basis, choosing which programs to join and which vulnerabilities to hunt for, and are typically rewarded with monetary payouts or recognition for valid findings. This model helps organizations discover and fix security issues before they can be exploited maliciously, while providing freelancers with income and experience in cybersecurity. Anyone with the necessary skills can participate, making it a flexible career or side job for security enthusiasts.

What companies pay bug bounties?

Many technology companies, including Google, Microsoft, Facebook, Apple, and Uber, run bug bounty programs that pay security researchers for discovering vulnerabilities. These programs are often hosted on platforms like HackerOne and Bugcrowr, and they typically offer rewards based on the severity of the findings and the quality of reports. Participating as a freelance bug bounty hunter requires skills in security testing, knowledge of bug bounty platforms, and adherence to program rules.

Will Facebook pay $500 if you find a bug in their code?

As a freelance bug bounty hunter, you can earn rewards like $500 or more for discovering valid security vulnerabilities in Facebook's code through their bug bounty program. Payment amounts vary depending on the severity and impact of the bug, and participating requires following the program's rules and submitting detailed reports. Successful hunters often use skills in security testing tools and adhere to responsible disclosure practices.

What are the key skills and qualifications needed to thrive as a Freelance Bug Bounty Hunter, and why are they important?

To thrive as a Freelance Bug Bounty Hunter, you need a solid understanding of web application security, programming/scripting languages, and vulnerability assessment methodologies—often demonstrated by hands-on experience or certifications like OSCP. Familiarity with tools such as Burp Suite, Nmap, Metasploit, and various bug bounty platforms is essential for effective testing and reporting. Standout soft skills include analytical thinking, persistence, attention to detail, and clear written communication for submitting thorough vulnerability reports. These skills are crucial for identifying and responsibly disclosing security flaws, earning rewards, and building a strong reputation in the cybersecurity community.

What are some common challenges faced by freelancers participating in bug bounty programs, and how can they be overcome?

Freelancers in bug bounty programs often face challenges such as intense competition from other researchers, staying updated with the latest security vulnerabilities, and navigating varying program rules. To overcome these, it's important to continually hone your technical skills, engage with the security community for knowledge sharing, and thoroughly review each program's scope and guidelines before submitting reports. Building a reputation for high-quality, well-documented submissions can also help you stand out and secure more consistent rewards.

What is the difference between Freelance Bug Bounty Program vs Freelance Penetration Tester?

AspectFreelance Bug Bounty ProgramFreelance Penetration Tester
CredentialsKnowledge of security testing, bug reportingCertifications like OSCP, CEH, CISSP often preferred
Work EnvironmentRemote, project-based, online platformsRemote or on-site, client-specific engagements
Industry UsageTech companies, cybersecurity platformsConsulting firms, corporate security teams
Search & Comparison IntentFocus on bug bounty programs, online testingFocus on security assessments, penetration testing

While both roles involve security testing, Freelance Bug Bounty Programs primarily focus on identifying vulnerabilities through online platforms and reporting bugs, often without formal certifications. Freelance Penetration Testers conduct comprehensive security assessments, often requiring certifications and on-site work. The choice depends on your skills, certifications, and preferred work environment.

How much do freelance bug bounty hunters make?

Freelance bug bounty hunters can earn from a few hundred to several thousand dollars per bug, with top earners making over $100,000 annually by identifying critical vulnerabilities. Earnings depend on the severity of the bugs found, the scope of the program, and the hunter's skills and experience.

How much does Amazon pay for bug bounty?

Amazon's bug bounty program, through its AWS and other platforms, offers rewards that can range from a few hundred to tens of thousands of dollars for critical vulnerabilities. The payout depends on the severity and impact of the security issue, with high-severity bugs typically earning higher rewards. Bug bounty hunters often use skills in security testing, reverse engineering, and vulnerability research to participate effectively.
More about Freelance Bug Bounty Program jobs
What cities are hiring for Freelance Bug Bounty Program jobs? Cities with the most Freelance Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Freelance Bug Bounty Program jobs? States with the most job openings for Freelance Bug Bounty Program jobs include:
What job categories do people searching Freelance Bug Bounty Program jobs look for? The top searched job categories for Freelance Bug Bounty Program jobs are:
Infographic showing various Freelance Bug Bounty Program job openings in the United States as of June 2026, with employment types broken down into 81% Full Time, and 19% Part Time. Highlights an 77% Physical, 2% Hybrid, and 21% Remote job distribution, with an average salary of $47,772 per year, or $23 per hour.
Staff Product Security Engineer

Staff Product Security Engineer

Rippling

Seattle, WA • On-site

Full-time

Posted 8 days ago


Rippling rating

8.7

Company rating: 8.7 out of 10

Based on 13 frontline employees who took The Breakroom Quiz

43rd of 202 rated software companies


Job description

Job Summary:
Rippling is a company that provides a unified platform for HR, IT, and Finance. They are seeking a Staff Product Security Engineer to build and enhance their Product Security program, focusing on eliminating vulnerabilities and integrating security into their development lifecycle.
Responsibilities:
• Build guardrails and controls to eliminate full classes of vulnerabilities within the Rippling application
• Build security tooling and automations to help scale the Product Security team’s practices
• Threat-model application designs and solutions and provide security assessments.
• Audit source code and perform code review for critical application changes
• Mentor software engineering teams in security best practices
• Provide hands-on remediation guidance to development teams
• Review & establish software development practices that make security an essential part of the development process
• Develop / Integrate security into the Software Development Life Cycle
Qualifications:
Required:
• 10+ years of experience in an product security role
• Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities
• Deep understanding of securing web applications
• Fluency in Python, React, and Django Rest Framework
• Experience with manual source code review, and embedding security to code in production environments.
• Experience with deploying application security tools in the CI/CD pipeline
• Experience with securing software development lifecycle including building programs that eliminate full classes of vulnerabilities
Preferred:
• Good understanding of SSO, including OAUTH, SAML
• Experience with speaking at meetups or conferences
• Experience running a bug bounty program
Company:
Rippling is a workforce management platform that unifies HR, IT, and finance operations into a single system. Founded in 2016, the company is headquartered in San Francisco, USA, with a team of 1001-5000 employees. The company is currently Late Stage.

What Rippling employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom