ZipRecruiter

Log In

2

Full Time Bug Bounty Jobs (NOW HIRING)

Replit

SOC Engineer

Foster City, CA · On-site

$180K - $250K/yr

Experience working with bug bounty programs or coordinated vulnerability disclosure workflows ... This is a full-time role that can be held from our Foster City, CA office. The role has an in ...

LaunchDarkly

Product Security Engineer

Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team's work demands ... Qualifications: * 2 to 4 years of full-time experience in a security-focused role. AppSec, ProdSec ...

Tempo

Security Engineer

The Role We are building a full-time internal Red Team to continuously stress-test our own ... severity bug bounty submissions, or published research. * Experience building custom security ...

BreachLock

Senior Penetration Tester (US)

Role Description Penetration Tester (Mid-Senior) Full-Time Remote (US) As a penetration tester on ... Active involvement in cybersecurity communities, research, or bug bounty programs * Certifications ...

With Cherry, Inc

Sr/Staff Security Engineer

$117K - $160K/yr

Sr/Staff Security Engineer Remote • Full-Time • Engineering About Cherry Founded in 2019 ... Conduct or coordinate penetration tests, red team exercises, and bug bounty triage; drive ...

Replit

Offensive Security Engineer

Foster City, CA · On-site

$188K - $313K/yr

... Bug Bounty (HackerOne) program. Required Skills & Experience * Experience: 7+ years of hands-on ... This is a full-time role that can be held from our Foster City, CA office. The role has an in ...

Gamma

Security Engineer

San Francisco, CA · On-site

Lead vulnerability management, coordinate bug bounty responses, and drive remediation priorities ... The base salary for this full-time position, which spans multiple internal levels depending on ...

Replit

Senior Software Engineer, Fraud

Foster City, CA · On-site

$210K - $265K/yr

You want to focus on vulnerability management, pentesting, or bug bounty triage (that's our ... Full-Time Employee Benefits Include: Competitive Salary & Equity 401(k) Program with a 4% match (US ...

Replit

Staff Software Engineer, Fraud

Foster City, CA · On-site

$250K - $315K/yr

You want to focus on vulnerability management, pentesting, or bug bounty triage (that's our ... Full-Time Employee Benefits Include: Competitive Salary & Equity 401(k) Program with a 4% match (US ...

Replit

Staff Software Engineer, Risk

Foster City, CA · On-site

$250K - $315K/yr

You want to focus on vulnerability management, pentesting, or bug bounty triage (that's our ... Full-Time Employee Benefits Include: Competitive Salary & Equity 401(k) Program with a 4% match (US ...

Replit

Senior Software Engineer, Risk

Foster City, CA · On-site

$210K - $265K/yr

You want to focus on vulnerability management, pentesting, or bug bounty triage (that's our ... Full-Time Employee Benefits Include: Competitive Salary & Equity 401(k) Program with a 4% match (US ...

CertiK

Sr. Security Engineer (Penetration Testing)

OR · Remote

$100K - $180K/yr

Participated in bug bounty programs and audit contests * Published security-related blog posts and ... all full-time employees, along with flexible paid time off and holidays. CertiK also offers a ...

next page

Showing results 1-20

All JobsFull Time Bug Bounty Jobs

Full Time Bug Bounty information

What is the difference between Full Time Bug Bounty vs Full Time Penetration Tester?

AspectFull Time Bug BountyFull Time Penetration Tester
CredentialsSecurity certifications (e.g., OSCP, CEH)Security certifications (e.g., OSCP, CEH)
Work EnvironmentRemote, project-based, freelanceFull-time, in-house or consulting
Industry UsageTech companies, startups, freelance platformsSecurity firms, corporate IT teams
Search/Comparison IntentFlexible, freelance, bug bounty programsStructured, ongoing security assessments

Full Time Bug Bounty roles typically involve participating in bug bounty programs on a freelance or remote basis, focusing on finding vulnerabilities for various companies. In contrast, Full Time Penetration Testers work as full-time employees conducting comprehensive security assessments within organizations. Both roles require similar certifications but differ in work environment and job structure.

What is the synonym for full?

In the context of a full-time bug bounty role, the synonym for full is often 'complete' or 'entire,' indicating a position that requires a comprehensive commitment of working hours. Such roles typically involve ongoing engagement, skill in vulnerability assessment, and adherence to a set schedule, usually around 40 hours per week.

Is it full or ful?

The term 'Full Time Bug Bounty' refers to a job position that requires working full-time hours, typically around 40 hours per week. It involves continuous engagement in security testing and vulnerability hunting, often requiring skills in cybersecurity tools and possibly certifications like OSCP or CEH.
More about Full Time Bug Bounty jobs
What cities are hiring for Full Time Bug Bounty jobs? Cities with the most Full Time Bug Bounty job openings:
What are the most commonly searched types of Bug Bounty jobs? The most popular types of Bug Bounty jobs are:
What states have the most Full Time Bug Bounty jobs? States with the most job openings for Full Time Bug Bounty jobs include:
What job categories do people searching Full Time Bug Bounty jobs look for? The top searched job categories for Full Time Bug Bounty jobs are:
Full Time Bug Bounty jobs near you
Infographic showing various Full Time Bug Bounty job openings in the United States as of June 2026, with employment types broken down into 1% As Needed, 82% Full Time, 15% Part Time, and 2% Contract. Highlights an 95% Physical, 1% Hybrid, and 4% Remote job distribution.
Product Security Engineer (PSIRT - Product Security Incident Response Team)

Product Security Engineer (PSIRT - Product Security Incident Response Team)

Replit

Foster City, CA • On-site

$180K - $325K/yr

Full-time

Medical, Dental, Vision, Life, Retirement

Posted 24 days ago

Job description

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.
About the Role
We are looking for a highly skilled PSIRT Engineer to lead the vulnerability response program for Replit's cloud-native AI platform. You will own the lifecycle of security vulnerabilities affecting our products and services-from intake to validation, remediation coordination, and public disclosure.
This role requires strong technical ability to reproduce vulnerabilities, deep understanding of web/app/cloud exploit classes, and experience operating bug bounty and coordinated disclosure programs. You will work closely with Engineering, Cloud Security, SecOps, SRE, and IT teams to ensure vulnerabilities are fixed quickly and communicated responsibly.
What You'll Do
Vulnerability Intake, Triage & Validation
  • Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels.
  • Independently validate, reproduce, severity-score, and document findings.
  • Identify duplicates and maintain a clean vulnerability records pipeline.
  • Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC).
Remediation Coordination & SLA Management
  • Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation.
  • Provide detailed reproduction steps, proof-of-concepts, and technical analyses.
  • Track SLAs, remediation progress, regression testing, and systemic improvements.
  • Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance.
Bug Bounty & Vulnerability Disclosure Program Management
  • Design and evolve the bug bounty program, including scope, rules, and reward structures.
  • Manage platform selection, private vs. public launches, and community engagement.
  • Communicate clearly with researchers, provide clarifications, and handle feedback or disputes.
  • Determine reward payouts, bonus decisions, and recognition for top contributors.
Coordinated Disclosure & CVE Management
  • Lead the coordinated vulnerability disclosure process for internal and external findings.
  • Negotiate disclosure timelines with researchers and partners.
  • Coordinate CVE assignments and publications, and prepare customer/public advisories.

Required Skills
  • Experience running or triaging for bug bounty programs (HackerOne ideally).
  • Strong ability to triage, validate, and reproduce vulnerabilities independently.
  • Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc.
  • Familiarity with cloud platforms (GCP preferred) and SaaS architectures.
  • Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals.

Nice to Have
  • Scripting or automation experience (Python, Go, Bash).
  • Pentesting background or exposure to offensive security work.
  • Familiarity with compliance frameworks such as SOC 2 and ISO 27001.
  • Experience authoring public advisories or CVE writeups.
  • Hands-on experience with SIEM, Cloud Logging, and investigative tooling.

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.
Full-Time Employee Benefits Include:
Competitive Salary & Equity
401(k) Program with a 4% match (US Only)
Health, Dental, Vision and Life Insurance
Short Term and Long Term Disability
Paid Parental, Medical, Caregiver Leave
Flexible Time Off (FTO) + Holidays
Commuter Benefits (In-Office Only)
Monthly Wellness Stipend
Autonomous Work Environment
In Office Set-Up Reimbursement (In-Office Only)
Quarterly Team Gatherings
In Office Amenities (In-Office Only)
Want to learn more about what we are up to?
  • Meet the Replit Agent
  • Replit: Make an app for that
  • Replit Blog
  • Amjad TED Talk

Interviewing + Culture at Replit
  • Operating Principles
  • Reasons not to work at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.

Apply