ZipRecruiter

Log In

1

Freelance Bug Bounty Program Jobs (NOW HIRING)

Merge API

Head of Security

San Francisco, CA · Remote

$240K - $280K/yr

Manage our Bug Bounty Program * Implement security controls across Merge, from infrastructure to CI * Implement and run manual and automated security practices to mitigate vulnerabilities * Assist ...

Etherfi

Security Engineer

New York, NY · On-site

... Bug Bounty & Vulnerability Management Be the primary owner of our ImmuneFi program - triaging, reproducing, and responding to incoming submissions daily Prioritize and track vulnerabilities through ...

Merge LLC

Head of Security

Manhattan, NY · Remote

$240K - $280K/yr

Manage our Bug Bounty Program * Implement security controls across Merge, from infrastructure to CI * Implement and run manual and automated security practices to mitigate vulnerabilities * Assist ...

Merge LLC

Head of Security

San Francisco, CA · Remote

$240K - $280K/yr

Manage our Bug Bounty Program * Implement security controls across Merge, from infrastructure to CI * Implement and run manual and automated security practices to mitigate vulnerabilities * Assist ...

Figma

Security Engineer

San Francisco, CA · Remote

Help run penetration testing, offensive security exercises, and support our bug bounty program. * Help respond to product security incidents. Anti-Abuse * Design and build technical systems to ...

Pylon Labs

Software Engineer, Security

San Francisco, CA · On-site

$180K - $300K/yr

SOC 2, ISO 27001, HIPAA, bug bounty programs * Jump into pre- and post-sales conversations as the security stakeholder * Help us move fast while keeping the right guardrails in place * Take projects ...

StubHub

Senior Product Security Engineer

New York, NY · Hybrid

$125K - $171K/yr

Triage and respond to findings from StubHub's enterprise Bug Bounty program. What You've Done: * Demonstrated expert-level understanding of offensive web application security testing and defense-in ...

StubHub

Senior Product Security Engineer

Los Angeles, CA · Hybrid

$123K - $169K/yr

Triage and respond to findings from StubHub's enterprise Bug Bounty program. What You've Done: * Demonstrated expert-level understanding of offensive web application security testing and defense-in ...

next page

Showing results 1-20

All JobsBug Bounty Program JobsFreelance Bug Bounty Program Jobs

Freelance Bug Bounty Program information

See salary details

$9

$22

$68

How much do freelance bug bounty program jobs pay per hour?

As of Jun 15, 2026, the average hourly pay for freelance bug bounty program in the United States is $22.97, according to ZipRecruiter salary data. Most workers in this role earn between $18.75 and $18.75 per hour, depending on experience, location, and employer.

How much will Apple pay you if you find a bug?

As a bug bounty hunter participating in Apple's bug bounty program, rewards can range from a few thousand dollars to over $100,000 for critical vulnerabilities. The payout depends on the severity and impact of the bug, with Apple offering higher rewards for more significant security flaws. Participants typically need technical skills, knowledge of security testing, and adherence to program rules to qualify for payments.

What are freelance bug bounty programs?

Freelance bug bounty programs are initiatives run by companies or platforms that invite independent security researchers—often called ethical hackers—to identify and report vulnerabilities in their software or systems. Participants work on a freelance basis, choosing which programs to join and which vulnerabilities to hunt for, and are typically rewarded with monetary payouts or recognition for valid findings. This model helps organizations discover and fix security issues before they can be exploited maliciously, while providing freelancers with income and experience in cybersecurity. Anyone with the necessary skills can participate, making it a flexible career or side job for security enthusiasts.

Will Facebook pay $500 if you find a bug in their code?

As a freelance bug bounty hunter, you can earn rewards like $500 or more for discovering valid security vulnerabilities in Facebook's code through their bug bounty program. Payment amounts vary depending on the severity and impact of the bug, and participating requires following specific submission guidelines and having technical skills in security testing. Not all bugs qualify for rewards, and programs often have minimum payout thresholds.

What are the key skills and qualifications needed to thrive as a Freelance Bug Bounty Hunter, and why are they important?

To thrive as a Freelance Bug Bounty Hunter, you need a solid understanding of web application security, programming/scripting languages, and vulnerability assessment methodologies—often demonstrated by hands-on experience or certifications like OSCP. Familiarity with tools such as Burp Suite, Nmap, Metasploit, and various bug bounty platforms is essential for effective testing and reporting. Standout soft skills include analytical thinking, persistence, attention to detail, and clear written communication for submitting thorough vulnerability reports. These skills are crucial for identifying and responsibly disclosing security flaws, earning rewards, and building a strong reputation in the cybersecurity community.

What are some common challenges faced by freelancers participating in bug bounty programs, and how can they be overcome?

Freelancers in bug bounty programs often face challenges such as intense competition from other researchers, staying updated with the latest security vulnerabilities, and navigating varying program rules. To overcome these, it's important to continually hone your technical skills, engage with the security community for knowledge sharing, and thoroughly review each program's scope and guidelines before submitting reports. Building a reputation for high-quality, well-documented submissions can also help you stand out and secure more consistent rewards.

What is the difference between Freelance Bug Bounty Program vs Freelance Penetration Tester?

AspectFreelance Bug Bounty ProgramFreelance Penetration Tester
CredentialsKnowledge of security testing, bug reportingCertifications like OSCP, CEH, CISSP often preferred
Work EnvironmentRemote, project-based, online platformsRemote or on-site, client-specific engagements
Industry UsageTech companies, cybersecurity platformsConsulting firms, corporate security teams
Search & Comparison IntentFocus on bug bounty programs, online testingFocus on security assessments, penetration testing

While both roles involve security testing, Freelance Bug Bounty Programs primarily focus on identifying vulnerabilities through online platforms and reporting bugs, often without formal certifications. Freelance Penetration Testers conduct comprehensive security assessments, often requiring certifications and on-site work. The choice depends on your skills, certifications, and preferred work environment.

In what states is it illegal to bounty hunt?

The legality of bounty hunting varies by state, and some states have restrictions or require licensing for activities related to bounty hunting or similar security roles. Freelance bug bounty programs generally operate online and are not restricted by state laws, but participants should ensure they comply with local regulations regarding cybersecurity and ethical hacking. It is advisable to review specific state laws and obtain any necessary permissions before engaging in such activities.

Will AI replace bug bounty?

The role of a bug bounty hunter involves identifying security vulnerabilities in software, which requires human expertise, creativity, and understanding of complex systems. While AI tools can assist in automating certain testing processes, they are unlikely to fully replace the critical thinking and nuanced analysis performed by skilled bug bounty hunters. Instead, AI is expected to serve as a complementary tool to enhance efficiency and coverage in security assessments.
More about Freelance Bug Bounty Program jobs
What cities are hiring for Freelance Bug Bounty Program jobs? Cities with the most Freelance Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Freelance Bug Bounty Program jobs? States with the most job openings for Freelance Bug Bounty Program jobs include:
What job categories do people searching Freelance Bug Bounty Program jobs look for? The top searched job categories for Freelance Bug Bounty Program jobs are:
Freelance Bug Bounty Program jobs near you

Head of Security

Merge API

San Francisco, CA • Remote

$240K - $280K/yr

Other

Medical, Dental, Vision, Retirement, PTO

Posted 10 days ago

Job description

Merge is the leading provider of agentic tools and customer-facing integrations for frontier LLMs, Fortune 500 organizations, and B2B SaaS companies. Our platform offers two core products: Merge Unified, which enables businesses to add hundreds of integrations to their products with a single API, and Merge Agent Handler, which empowers AI agents with secure access to thousands of third-party tools. Merge's enterprise-grade platform handles the entire integration lifecycle, from authentication and security to monitoring and maintenance. Thousands of companies trust Merge to accelerate product development, unblock sales, reduce customer churn, and save engineering resources-allowing them to focus on their core product.
Merge is poised to power all B2B integrations, and in doing so, are powering data movement for some of the most secure companies in the world. Working with these powerhouses requires us to follow industry leading security practices and constantly protect ourselves.
As the Director of Security at Merge, you will manage our security programs, including infrastructure, compliance, and security automation. While you don't need specific experience with all of the above, we'd expect you to be excited to learn and grow, and tackle any challenges that may come your way.
What you will do:

  • Create and drive the security roadmap
  • Manage our compliance automation programs (SOC 2, ISO 27001, HIPAA, etc.). We've already achieved these using Drata, and while you have a team to support you, you will take the lead.
  • Ensure all engineers and employees of Merge treat security as a core part of our practices
  • Manage our Bug Bounty Program
  • Implement security controls across Merge, from infrastructure to CI
  • Implement and run manual and automated security practices to mitigate vulnerabilities
  • Assist with security reviews, threat modeling, disaster recovery practice, and code reviews
The ideal candidate will have:
  • 7+ years of security engineering experience
  • Ownership or leadership within areas of security at previous organizations, infosec being a plus
  • An overall excitement around building a more secure engineering function and organization
  • Ability to manage security programs
  • Experience with and a desire to code in at least one major programming language
  • A thorough understanding of networking and infrastructure, including load balancing, VPNs, Zero Trust, HTTPS, DNS, etc.
  • Experience with multi-tenant cloud environments
Compensation:
  • The cash compensation range for this role is $240,000 - $280,000
  • Actual compensation packages are based on a wide array of factors unique to each candidate, including but not limited to skill set, years & depth of experience, and certifications. In addition to cash compensation, all full time employees receive an equity compensation package
Benefits:
  • Unlimited PTO + 10 company holidays
  • Pre-Tax commuter benefits
  • 100% covered health, vision, and dental insurance
  • 401K Plan
  • $200 one-time home office stipend
  • In office snacks and free dinner when working past 7pm

Merge is an equal opportunity employer, and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or any other protected class.

Apply