ZipRecruiter

Log In

2

Full Time Bug Bounty Jobs (NOW HIRING)

CertiK

Sr. Security Engineer (Penetration Testing)

$100K - $180K/yr

Participated in bug bounty programs and audit contests * Published security-related blog posts and ... all full-time employees, along with flexible paid time off and holidays. CertiK also offers a ...

Outreach

Technical Program Manager - Security

Seattle, WA · On-site +1

$130K - $170K/yr

... Program, and Bug Bounty Program * Familiar with security tooling and system integrations ... full-time employees and their dependents • A parental leave program that includes options for a ...

Outreach

Technical Program Manager - Security

Seattle, WA · Remote

$130K - $170K/yr

... Program, and Bug Bounty Program * Familiar with security tooling and system integrations ... full-time employees and their dependents • A parental leave program that includes options for a ...

Ibotta

Security Engineer

Denver, CO

$115K - $130K/yr

Mature Ibotta's bug bounty program to scale with AI generated submissions and attack surface ... Applicants must be currently authorized to work in the United States on a full-time basis.

Ramp

Security Engineer, Product

New York, NY · On-site

$257K - $354K/yr

... bug bounty program * Partner with engineering teams to design and deploy solutions which are ... to all full-time Ramp employees (Global) • Flexible PTO • Unlimited AI token usage • ...

Phia LLC

Lead Application Security Engineer

Fairfax, VA · On-site

$60.25 - $80.25/hr

... bug bounty validation experience (HackerOne or similar) * Prior federal or regulated-environment AppSec work (NIST 800-53 / FISMA familiarity) Logistics * Fully remote, full-time, supporting a ...

New

Ibotta

Security Engineer

Denver, CO · On-site

$115K - $130K/yr

Mature Ibotta's bug bounty program to scale with AI generated submissions and attack surface ... Applicants must be currently authorized to work in the United States on a full-time basis.

BitGo

Security Application Engineer

San Francisco, CA · On-site

$190K - $235K/yr

This role will require being full-time onsite at our San Francisco office to support collaborative ... Oversee operational security initiatives including corporate bug bounty programs, incident response ...

next page

Showing results 1-20

All JobsFull Time Bug Bounty Jobs

Full Time Bug Bounty information

What is the difference between Full Time Bug Bounty vs Full Time Penetration Tester?

AspectFull Time Bug BountyFull Time Penetration Tester
CredentialsSecurity certifications (e.g., OSCP, CEH)Security certifications (e.g., OSCP, CEH)
Work EnvironmentRemote, project-based, freelanceFull-time, in-house or consulting
Industry UsageTech companies, startups, freelance platformsSecurity firms, corporate IT teams
Search/Comparison IntentFlexible, freelance, bug bounty programsStructured, ongoing security assessments

Full Time Bug Bounty roles typically involve participating in bug bounty programs on a freelance or remote basis, focusing on finding vulnerabilities for various companies. In contrast, Full Time Penetration Testers work as full-time employees conducting comprehensive security assessments within organizations. Both roles require similar certifications but differ in work environment and job structure.

What is the synonym for full?

In the context of a full-time bug bounty role, the synonym for full is often 'complete' or 'entire,' indicating a position that requires a comprehensive commitment of working hours. Such roles typically involve ongoing engagement, skill in vulnerability assessment, and adherence to a set schedule, usually around 40 hours per week.

Is it full or ful?

The term 'Full Time Bug Bounty' refers to a job position that requires working full-time hours, typically around 40 hours per week. It involves continuous engagement in security testing and vulnerability hunting, often requiring skills in cybersecurity tools and possibly certifications like OSCP or CEH.
More about Full Time Bug Bounty jobs
What cities are hiring for Full Time Bug Bounty jobs? Cities with the most Full Time Bug Bounty job openings:
What are the most commonly searched types of Bug Bounty jobs? The most popular types of Bug Bounty jobs are:
What states have the most Full Time Bug Bounty jobs? States with the most job openings for Full Time Bug Bounty jobs include:
What job categories do people searching Full Time Bug Bounty jobs look for? The top searched job categories for Full Time Bug Bounty jobs are:
Full Time Bug Bounty jobs near you
Infographic showing various Full Time Bug Bounty job openings in the United States as of June 2026, with employment types broken down into 1% As Needed, 82% Full Time, 15% Part Time, and 2% Contract. Highlights an 95% Physical, 1% Hybrid, and 4% Remote job distribution.
Senior Software Engineer, Anti-Abuse & Security

Senior Software Engineer, Anti-Abuse & Security

Replit

Foster City, CA • On-site

$210K - $265K/yr

Full-time

Medical, Dental, Vision, Life, Retirement

Posted 2 days ago

Job description

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.
About the role
The Anti-Abuse team is the front line defending Replit's platform from exploitation. We detect and shut down phishing deployments, prevent cryptomining on free-tier infrastructure, stop LLM token farming, and keep bad actors from weaponizing the platform against our users. This is adversarial work: attackers adapt constantly, and we build the detection systems, heuristics, and automated responses that stay ahead of them.
What makes this role unique is the AI-native nature of Replit's platform. You'll work on problems that barely exist elsewhere: building guardrails for AI-generated code, detecting prompt injection attacks at scale, and using LLMs as a defensive tool against abuse. If you want hands-on experience applying AI to security problems, this is one of the few places you can do it in production with real attackers. You'll own problems end-to-end, from identifying emerging abuse patterns to shipping the systems that stop them at scale.
In this role you will...
  • Design and implement LLM guardrails that detect abuse scenarios in AI-generated code and agent interactions
  • Build AI-powered detection systems that use LLMs to identify malicious patterns, classify threats, and automate response decisions
  • Build and operate abuse detection systems that identify phishing, cryptomining, account takeover, and financial fraud across millions of daily user actions
  • Design automated response mechanisms that enforce platform policies without manual intervention
  • Own the full abuse response lifecycle: detection, investigation, enforcement, and handling appeals alongside Support and Legal
  • Analyze attack patterns using BigQuery and Hex, turning investigation findings into new detection rules
  • Maintain and extend internal detection tools (Slurper, Netwatch) that continuously monitor user activity
  • Integrate and tune security scanners (SAST, SCA) in CI pipelines with tight performance SLAs
  • Track abuse trends, measure detection effectiveness, and adapt defenses as attack patterns evolve

Required skills and experience:
  • 4+ years of experience in security engineering, anti-abuse, trust & safety, or fraud detection
  • Strong programming skills in Python and/or TypeScript for building detection systems and automation
  • Experience with SQL and data analysis at scale (BigQuery, Snowflake, or similar)
  • Experience building or fine-tuning ML/LLM-based classifiers for security or abuse detection
  • Familiarity with prompt injection, jailbreaking, and other LLM-specific attack vectors
  • Ability to investigate complex abuse patterns and translate findings into automated defenses
  • Familiarity with common attack patterns: phishing infrastructure, account takeover, credential stuffing, resource abuse
  • Clear communication skills for working across Security, Support, Legal, and Engineering teams.

Nice to have:
  • Experience at a platform company dealing with user-generated content or compute abuse (hosting providers, cloud platforms, developer tools)
  • Background in fraud detection, payment abuse, or financial crime
  • Familiarity with device fingerprinting, IP reputation, and email validation services
  • Experience with CI/CD security tooling (SAST, SCA, Dependabot, Snyk)
  • Knowledge of container security, Linux internals, or cloud infrastructure (GCP preferred)
  • Prior work with abuse reporting pipelines, trust & safety tooling, or content moderation systems

Tools + Tech Stack for this role
  • Languages: Python, TypeScript, Go, SQL
  • Data: BigQuery, Hex
  • Detection tools: Slurper, Netwatch, Stytch (device fingerprint); ClearOut (email reputation)
  • CI/CD Security: Dependabot, Snyk, SAST/SCA scanners
  • Infrastructure: GCP, Kubernetes
  • Collaboration: Linear, Slack, Zendesk (for abuse reports)

This role may not be a fit if
  • You prefer deep security research over building operational detection systems
  • You want to focus on vulnerability management, pentesting, or bug bounty triage (that's our Security team)
  • You're looking for a role with predictable, well-defined problems rather than constantly adapting to adversarial behavior
  • You prefer working in isolation rather than partnering closely with Support, Legal, and cross-functional teams
  • You're uncomfortable making enforcement decisions that affect real users

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.
Full-Time Employee Benefits Include:
Competitive Salary & Equity
401(k) Program with a 4% match (US Only)
Health, Dental, Vision and Life Insurance
Short Term and Long Term Disability
Paid Parental, Medical, Caregiver Leave
Flexible Time Off (FTO) + Holidays
Commuter Benefits (In-Office Only)
Monthly Wellness Stipend
Autonomous Work Environment
In Office Set-Up Reimbursement (In-Office Only)
Quarterly Team Gatherings
In Office Amenities (In-Office Only)
Want to learn more about what we are up to?
  • Meet the Replit Agent
  • Replit: Make an app for that
  • Replit Blog
  • Amjad TED Talk

Interviewing + Culture at Replit
  • Operating Principles
  • Reasons not to work at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.

Apply