1

Hourly Bug Bounty Program Jobs (NOW HIRING)

The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system." What you'll do We seek a highly technical and detail-oriented ...

The development of the AWS researcher community is paramount to ensuring the success of our program ... Bug Bounty Program into the best on planet Earth. Key job responsibilities - Researching ...

Technical Program Manager, Bug Bounty

Seattle, WA · On-site

$146K - $190K/yr

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...

The development of the AWS researcher community is paramount to ensuring the success of our program ... Bug Bounty Program into the best on planet Earth. Key job responsibilities - Researching ...

Technical Program Manager, Bug Bounty

Seattle, WA · On-site

$146K - $190K/yr

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...

Product Security Engineer

Lehi, UT · On-site

$67.61 - $84.51/hr

You will work closely with internal engineering and security stakeholders to drive remediation and improve the bug bounty program's effectiveness. This is a contract engagement expected to backfill a ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Bug Bounty Program Management: Own and expand Vercel's bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...

next page

Showing results 1-20

Hourly Bug Bounty Program information

See salary details

$33.5K

$100.4K

$155.5K

How much do hourly bug bounty program jobs pay per year?

As of Jul 12, 2026, the average yearly pay for hourly bug bounty program in the United States is $100,365.00, according to ZipRecruiter salary data. Most workers in this role earn between $71,500.00 and $132,000.00 per year, depending on experience, location, and employer.

Which bug bounty pays the most?

In bug bounty programs, payouts vary widely depending on the severity and impact of the vulnerability, with some programs offering rewards of hundreds of thousands of dollars for critical findings. Platforms like HackerOne and Bugcrowd host high-paying programs, especially for critical security flaws in major companies. Successful bug bounty hunters often have strong technical skills, knowledge of web security, and experience with bug tracking tools.

What are some common challenges faced by participants in an hourly bug bounty program, and how can they overcome them?

Participants in an hourly bug bounty program often face challenges such as quickly identifying valid vulnerabilities, managing time efficiently, and competing with other security researchers for rewards. Staying organized and maintaining up-to-date knowledge of common vulnerabilities and testing techniques are essential. Collaborating with the program's security team for clarification and feedback can also help improve your effectiveness and increase your chances of success.

How much money can you make doing bug bounties?

The earnings from bug bounty programs vary widely; top security researchers can make thousands to hundreds of thousands of dollars annually by finding critical vulnerabilities. Income depends on the scope of programs, the severity of bugs found, and the researcher’s skills and experience. Consistent success often requires knowledge of security testing tools and programming languages.

What is an Hourly Bug Bounty Program?

An Hourly Bug Bounty Program is a cybersecurity initiative where organizations pay security researchers or ethical hackers by the hour to identify and report vulnerabilities in their systems. Unlike traditional bug bounty programs that reward based on the severity of discovered bugs, this model compensates participants for their time and effort, even if they do not find any vulnerabilities. This structure can attract a broader range of skilled testers and provide continuous security assessment. It also allows organizations to receive more comprehensive feedback on their security posture.

What companies pay bug bounties?

Many technology companies, including Google, Microsoft, Facebook, Apple, and Uber, run bug bounty programs that pay security researchers for discovering and responsibly reporting vulnerabilities. These programs are often hosted on platforms like HackerOne and Bugcrown, and they typically offer rewards based on the severity of the findings and the quality of reports.

How much does Amazon pay for bug bounty?

Amazon's bug bounty program offers rewards that can range from a few hundred to over $100,000 depending on the severity and impact of the vulnerability. Bug bounty hunters typically need skills in security testing, and payouts are based on the quality and significance of the reported issues.

What are the key skills and qualifications needed to thrive as an Hourly Bug Bounty Program participant, and why are they important?

To excel in an Hourly Bug Bounty Program, you need deep knowledge of cybersecurity principles, vulnerability assessment, and web application security, often demonstrated by experience or certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Metasploit, and various bug tracking or reporting platforms is typically required. Strong analytical thinking, attention to detail, and effective communication skills help you identify, document, and report vulnerabilities clearly. These competencies are crucial for protecting client systems, ensuring precise reporting, and maximizing your success and reputation within the bug bounty community.
More about Hourly Bug Bounty Program jobs
What cities are hiring for Hourly Bug Bounty Program jobs? Cities with the most Hourly Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Hourly Bug Bounty Program jobs? States with the most job openings for Hourly Bug Bounty Program jobs include:
What job categories do people searching Hourly Bug Bounty Program jobs look for? The top searched job categories for Hourly Bug Bounty Program jobs are:
Infographic showing various Hourly Bug Bounty Program job openings in the United States as of July 2026, with employment types broken down into 72% Locum Tenens, 20% Full Time, 2% Part Time, and 6% Summer. Highlights an 87% Physical, 1% Hybrid, and 12% Remote job distribution, with an average salary of $100,365 per year, or $48.3 per hour.
Security Analyst, Bug Bounty

Security Analyst, Bug Bounty

Stripe

Remote

Full-time

Re-posted 5 days ago


Job description

Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
  • Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program
  • Communicate clearly and effectively with security researchers to follow up on unclear reports, drive report clarity, and increase engagement with top hackers
  • Understand the root cause of security vulnerabilities to help product and engineering teams fix them, and advise on the right mitigation strategies
  • Drive the lifecycle of submissions through to resolution, coordinating with product and engineering stakeholders
  • Act as the security bridge between external researchers and internal teams to facilitate rapid and effective remediation
  • Conduct in-depth data analysis on bug reports and vulnerability patterns to identify systemic risks and inform new security initiatives
  • Provide tactical support for vulnerability management triage processes to augment the team as needed
  • Prepare and implement improvements to the overall bug bounty program
  • Provide feedback and requirements for tool development to enhance triage and security workflows, leveraging opportunities for automation
Who you are
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
  • Proven ability to follow bug reports and accurately triage security vulnerabilities
  • Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs)
  • Competent in offensive security tools (e.g., Burp Suite, custom scripting)
  • Ability to think like an attacker to understand the impact of vulnerabilities
  • Proficient in clear communication, conveying technical concepts to various stakeholders
  • Experience in one of the following areas
    • Bug bounty program or triaging security vulnerability reports
    • Knowledge of Stripe products and general security expertise
Preferred qualifications
  • Experience in technical support, operations, or similar roles with technical systems exposure
  • Prior participation in or experience with bug bounty programs
  • Experience analyzing source code for security vulnerabilities
  • Proficiency in scripting languages (e.g., Python, Ruby) for automation
  • Familiarity with cloud-based services (e.g., AWS, GCP)
  • Certifications such as OSWA or BSCP