The bug bounty program is an important pillar of this mission, acting as a critical line of defense ... Familiarity with cloud-based services (e.g., AWS, GCP) * Certifications such as OSWA or BSCP
The bug bounty program is an important pillar of this mission, acting as a critical line of defense ... Familiarity with cloud-based services (e.g., AWS, GCP) * Certifications such as OSWA or BSCP
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of ... We do not discriminate based on gender, race or color, ethnicity or national origin, age ...
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of ... We do not discriminate based on gender, race or color, ethnicity or national origin, age ...
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of ... We do not discriminate based on gender, race or color, ethnicity or national origin, age ...
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of ... We do not discriminate based on gender, race or color, ethnicity or national origin, age ...
Senior Vulnerability Engineer
$117K - $160K/yr
Develop risk-based prioritization models by correlating vulnerability data with threat intelligence ... Correlate red team, penetration testing, and bug bounty findings with vulnerability data to ...
Senior Vulnerability Engineer
$117K - $160K/yr
Develop risk-based prioritization models by correlating vulnerability data with threat intelligence ... Correlate red team, penetration testing, and bug bounty findings with vulnerability data to ...
Senior Product Security Engineer
OR · On-site +1
This position can be based remotely in the United States. Key Responsibilities * Product Security ... Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ...
Senior Product Security Engineer
OR · On-site +1
This position can be based remotely in the United States. Key Responsibilities * Product Security ... Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ...
SOC Engineer
Foster City, CA · On-site
$180K - $250K/yr
Hands-on experience with SIEM , Cloud Logging , and log-based investigation workflows. * Ability to ... Experience working with bug bounty programs or coordinated vulnerability disclosure workflows.
SOC Engineer
Foster City, CA · On-site
$180K - $250K/yr
Hands-on experience with SIEM , Cloud Logging , and log-based investigation workflows. * Ability to ... Experience working with bug bounty programs or coordinated vulnerability disclosure workflows.
Security Engineer
New York, NY · On-site
About the Role: We're looking for a Security Engineer who is equally at home hardening a CI/CD pipeline, reviewing a change to the authentication system on the backend, and triaging a bug bounty ...
Security Engineer
New York, NY · On-site
About the Role: We're looking for a Security Engineer who is equally at home hardening a CI/CD pipeline, reviewing a change to the authentication system on the backend, and triaging a bug bounty ...
Senior Product Security Engineer
$117K - $160K/yr
This position can be based remotely in the United States. Key Responsibilities * Product Security ... Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ...
Senior Product Security Engineer
$117K - $160K/yr
This position can be based remotely in the United States. Key Responsibilities * Product Security ... Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ...
Lead the overall Security Product Engineering, Bug Bounty and Mythos era Vulnerability Management ... Above and beyond discrimination and harassment based on "protected categories," we also strive to ...
Lead the overall Security Product Engineering, Bug Bounty and Mythos era Vulnerability Management ... Above and beyond discrimination and harassment based on "protected categories," we also strive to ...
You will report to the Manager, Application Security , based in our Bellevue, WA office, or you may ... Run Bug Bounty Operations: Serve as the expert validation layer for Smartsheet's bug bounty program ...
You will report to the Manager, Application Security , based in our Bellevue, WA office, or you may ... Run Bug Bounty Operations: Serve as the expert validation layer for Smartsheet's bug bounty program ...
Senior Application Security Engineer
San Francisco, CA · On-site
$160K - $240K/yr
Validate, triage, and coordinate security findings from bug bounty and third party pentests ... The salary for this position is determined based on a variety of job-related factors that may ...
Senior Application Security Engineer
San Francisco, CA · On-site
$160K - $240K/yr
Validate, triage, and coordinate security findings from bug bounty and third party pentests ... The salary for this position is determined based on a variety of job-related factors that may ...
Senior Cybersecurity Engineer
Houston, TX · On-site
$109K - $149K/yr
... bug bounty and responsible disclosure program, including vulnerability triage and researcher ... based remediation tracking. • Working knowledge of PCI DSS v4.0 requirements and AI adoption ...
Senior Cybersecurity Engineer
Houston, TX · On-site
$109K - $149K/yr
... bug bounty and responsible disclosure program, including vulnerability triage and researcher ... based remediation tracking. • Working knowledge of PCI DSS v4.0 requirements and AI adoption ...
Enterprise Account Executive
Chicago, IL · On-site +1
Based in San Francisco and New Hampshire, Bugcrowd is supported by General Catalyst, Rally Ventures ... Prior experience selling crowdsourced security, Bug Bounty, or Attack Surface Management solutions.
Enterprise Account Executive
Chicago, IL · On-site +1
Based in San Francisco and New Hampshire, Bugcrowd is supported by General Catalyst, Rally Ventures ... Prior experience selling crowdsourced security, Bug Bounty, or Attack Surface Management solutions.
... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH ... Support curriculum updates based on industry standards and government guidelines Qualifications ...
Quick apply
... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH ... Support curriculum updates based on industry standards and government guidelines Qualifications ...
... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH ... Support curriculum updates based on industry standards and government guidelines Qualifications ...
Quick apply
... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH ... Support curriculum updates based on industry standards and government guidelines Qualifications ...
Principal Product Security Engineer
$190K - $220K/yr
Triage and drive to remediation submissions from our external bug bounty program * Participate in ... The final salary offered will be determined based on relative experience, skills, internal equity ...
Principal Product Security Engineer
$190K - $220K/yr
Triage and drive to remediation submissions from our external bug bounty program * Participate in ... The final salary offered will be determined based on relative experience, skills, internal equity ...
Principal Product Security Engineer
New York, NY · On-site
$190K - $220K/yr
Triage and drive to remediation submissions from our external bug bounty program * Participate in ... The final salary offered will be determined based on relative experience, skills, internal equity ...
Principal Product Security Engineer
New York, NY · On-site
$190K - $220K/yr
Triage and drive to remediation submissions from our external bug bounty program * Participate in ... The final salary offered will be determined based on relative experience, skills, internal equity ...
Senior Security Engineer, AI Vulnerability Management
Menlo Park, CA · On-site
$134K - $185K/yr
This role is based in our Menlo Park, CA office, with in-person attendance expected at least 3 days ... Bug Bounty & Exploit Proficiency: Active experience participating in or managing Bug Bounty ...
Senior Security Engineer, AI Vulnerability Management
Menlo Park, CA · On-site
$134K - $185K/yr
This role is based in our Menlo Park, CA office, with in-person attendance expected at least 3 days ... Bug Bounty & Exploit Proficiency: Active experience participating in or managing Bug Bounty ...
Senior Cybersecurity Engineer
$109K - $149K/yr
Provide application security guidance and support the bug bounty and responsible disclosure program ... Familiarity with vulnerability management platforms, scan design, and SLA-based remediation ...
Senior Cybersecurity Engineer
$109K - $149K/yr
Provide application security guidance and support the bug bounty and responsible disclosure program ... Familiarity with vulnerability management platforms, scan design, and SLA-based remediation ...
Senior Cybersecurity Engineer
Houston, TX · On-site
$105K - $145K/yr
Provide application security guidance and support the bug bounty and responsible disclosure program ... Familiarity with vulnerability management platforms, scan design, and SLA-based remediation ...
Senior Cybersecurity Engineer
Houston, TX · On-site
$105K - $145K/yr
Provide application security guidance and support the bug bounty and responsible disclosure program ... Familiarity with vulnerability management platforms, scan design, and SLA-based remediation ...
Home Based Bug Bounty information
See salary details
$9.62 - $11.25
0% of jobs
$11.25 - $12.89
0% of jobs
$12.89 - $14.53
2% of jobs
$14.53 - $16.17
3% of jobs
$16.17 - $17.81
10% of jobs
$18.28 is the 25th percentile. Wages below this are outliers.
$17.81 - $19.45
34% of jobs
The median wage is $19.50 / hr.
$19.45 - $21.09
16% of jobs
$22.19 is the 75th percentile. Wages above this are outliers.
$21.09 - $22.73
14% of jobs
$22.73 - $24.37
10% of jobs
$24.37 - $26.01
8% of jobs
$26.01 - $27.64
3% of jobs
$9
$20
$27
How much do home based bug bounty jobs pay per hour?
As of Jun 12, 2026, the average hourly pay for home based bug bounty in the United States is $20.88, according to ZipRecruiter salary data. Most workers in this role earn between $18.27 and $22.60 per hour, depending on experience, location, and employer.
What are home based bug bounty jobs?
Home based bug bounty jobs involve working remotely to find and report security vulnerabilities in software, websites, or applications. These positions allow individuals to participate in bug bounty programs offered by companies, earning rewards or payments for successfully identifying and reporting bugs. Home based bug bounty hunters typically use their cybersecurity skills to test systems, submit detailed reports, and collaborate with organizations to improve their security. This flexible work arrangement is ideal for those interested in cybersecurity, ethical hacking, and remote work opportunities.
Will AI replace bug bounty?
Home Based Bug Bounty programs involve security researchers identifying vulnerabilities in software, often using manual testing and specialized tools. While AI can assist in automating certain detection tasks, it is unlikely to fully replace human bug bounty hunters due to the need for creative thinking, context understanding, and complex problem-solving skills. AI may serve as a complementary tool rather than a complete substitute in this field.
Will Facebook pay $500 if you find a bug in their code?
Home Based Bug Bounty programs, including those from companies like Facebook, often offer monetary rewards for valid security vulnerabilities, with payouts varying based on the severity and impact of the bug. Facebook's bug bounty program typically pays rewards that can range from a few hundred to thousands of dollars, with $500 being a common minimum for certain qualifying reports. Successful participation requires understanding security testing, responsible disclosure, and adherence to program rules.
What is the difference between Home Based Bug Bounty vs Remote Penetration Tester?
| Aspect | Home Based Bug Bounty | Remote Penetration Tester |
|---|---|---|
| Credentials | Knowledge of cybersecurity, bug bounty platforms | Certifications like OSCP, CEH often preferred |
| Work Environment | Self-directed, flexible, home-based | Remote or on-site, client-specific environments |
| Industry Usage | Freelance, independent security researchers | Consultants, security firms, corporate security teams |
| Search/Comparison Intent | Finding freelance bug bounty opportunities | Seeking professional penetration testing services |
Home Based Bug Bounty roles involve independent security researchers finding vulnerabilities via bug bounty platforms, often working from home with flexible hours. Remote Penetration Testers are professional security consultants hired by organizations to assess security remotely or on-site. While both require cybersecurity knowledge, bug bounty hunters focus on individual contributions, whereas penetration testers work within client projects with formal contracts.
Does Amazon have a bug bounty program?
Amazon does not have a public bug bounty program for its main retail platform, but its subsidiary, AWS, offers a bug bounty program through HackerOne for security researchers to report vulnerabilities. Home Based Bug Bounty roles may involve participating in such programs or similar initiatives to identify security issues in various platforms.
What are some common challenges faced by home-based bug bounty hunters, and how can they be addressed?
Home-based bug bounty hunters often face challenges such as staying updated with the latest security vulnerabilities, maintaining motivation without a traditional team environment, and managing time effectively across multiple programs. To address these, it's helpful to participate in online security communities, set regular work hours, and leverage collaboration tools for connecting with other researchers. Continuous learning and self-discipline are key to success, along with establishing a comfortable and distraction-free workspace.
What are the key skills and qualifications needed to thrive as a Home Based Bug Bounty Hunter, and why are they important?
To thrive as a Home Based Bug Bounty Hunter, you need strong knowledge of cybersecurity fundamentals, vulnerability assessment, ethical hacking, and often a background in computer science or related certifications like OSCP or CEH. Proficiency with tools such as Burp Suite, Metasploit, Nmap, and familiarity with bug bounty platforms like HackerOne or Bugcrowd is essential. Strong analytical thinking, problem-solving abilities, persistence, and effective written communication are valuable soft skills in this role. These skills and qualities are crucial for accurately identifying vulnerabilities, reporting them clearly, and maximizing success in competitive bug bounty programs.
How much do bug bounties get paid?
Bug bounty programs typically pay security researchers based on the severity and impact of the vulnerabilities they discover, with rewards ranging from a few hundred to hundreds of thousands of dollars for critical issues. Payments vary widely depending on the program, the company's budget, and the complexity of the bug found. Successful bug bounty hunters often use skills in web security, reverse engineering, and testing tools to maximize their earnings.
More about Home Based Bug Bounty jobs
What cities are hiring for Home Based Bug Bounty jobs? Cities with the most Home Based Bug Bounty job openings:
What are the most commonly searched types of Bug Bounty jobs? The most popular types of Bug Bounty jobs are:
What states have the most Home Based Bug Bounty jobs? States with the most job openings for Home Based Bug Bounty jobs include:
What job categories do people searching Home Based Bug Bounty jobs look for? The top searched job categories for Home Based Bug Bounty jobs are:
Job description
Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
- Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program
- Communicate clearly and effectively with security researchers to follow up on unclear reports, drive report clarity, and increase engagement with top hackers
- Understand the root cause of security vulnerabilities to help product and engineering teams fix them, and advise on the right mitigation strategies
- Drive the lifecycle of submissions through to resolution, coordinating with product and engineering stakeholders
- Act as the security bridge between external researchers and internal teams to facilitate rapid and effective remediation
- Conduct in-depth data analysis on bug reports and vulnerability patterns to identify systemic risks and inform new security initiatives
- Provide tactical support for vulnerability management triage processes to augment the team as needed
- Prepare and implement improvements to the overall bug bounty program
- Provide feedback and requirements for tool development to enhance triage and security workflows, leveraging opportunities for automation
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- Proven ability to follow bug reports and accurately triage security vulnerabilities
- Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs)
- Competent in offensive security tools (e.g., Burp Suite, custom scripting)
- Ability to think like an attacker to understand the impact of vulnerabilities
- Proficient in clear communication, conveying technical concepts to various stakeholders
- Experience in one of the following areas
- Bug bounty program or triaging security vulnerability reports
- Knowledge of Stripe products and general security expertise
- Experience in technical support, operations, or similar roles with technical systems exposure
- Prior participation in or experience with bug bounty programs
- Experience analyzing source code for security vulnerabilities
- Proficiency in scripting languages (e.g., Python, Ruby) for automation
- Familiarity with cloud-based services (e.g., AWS, GCP)
- Certifications such as OSWA or BSCP
About Stripe
Sourced by ZipRecruiter
Industry
Software development
Company size
1,001 - 5,000 Employees
Headquarters location
San Francisco, CA, US
Year founded
2010