ZipRecruiter

Log In

1

Hourly Bug Bounty Program Jobs (NOW HIRING)

Prudential

Lead, Offensive Security Engineer

Newark, NJ · On-site

Support Bug Bounty Programs : Participate in and enhance the bug bounty program by validating submissions, providing detailed analysis, and collaborating with researchers and internal stakeholders to ...

shutterfly

Senior Application Security Engineer II

$60.25 - $80.25/hr

Manage our bug bounty program including triage, assessing impact, risk scoring (CVSS), helping to locate the vulnerable code, providing mitigation guidance, performing thorough re-testing, and ...

Adobe

Product Security Engineer

San Jose, CA · On-site

... handle bug bounty reports, and collaborate with various teams to enhance Adobe's security initiatives. Responsibilities : • Support the security testing program's initiatives to ensure ...

Keeper Security

Senior Vulnerability Engineer

$117.20K - $160.70K/yr

You will also support offensive security initiatives, including penetration testing, red teaming, and bug bounty programs, ensuring findings are actionable and embedded into engineering workflows.

Adobe

Product Security Engineer

San Jose, CA

Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...

Adobe, Inc.

Product Security Engineer

San Jose, CA · On-site

Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...

World

Senior Product Security Engineer

San Francisco, CA · On-site

$134.90K - $185K/yr

... bug bounty programs to keep pace with a rapidly growing engineering organization. Qualifications : Required : • 6+ years of hands-on experience in Product Security, Application Security, or Cloud ...

World

Staff Product Security Engineer

San Francisco, CA · On-site

... bug bounty programs to keep pace with a rapidly growing engineering organization. Qualifications : Required : • 12+ years of hands-on experience in Product Security, Application Security, or Cloud ...

Polymarket

Application Security Engineer

New York, NY · On-site

$180K - $250K/yr

Manage the external penetration testing program and own the bug bounty program end-to-end: triage, severity calibration, researcher communication, and payout coordination * Track and drive ...

Ramp

Security Engineer, Product

... our bug bounty program • Partner with engineering teams to design and deploy solutions which are inherently secure • Champion the use of tooling (linters, static analysis, posture assessment ...

Merge

Head of Security

Manhattan, NY · On-site

... Bug Bounty Program • Implement security controls across Merge, from infrastructure to CI • Implement and run manual and automated security practices to mitigate vulnerabilities • Assist with ...

next page

Showing results 1-20

People also search for

All JobsHourly Bug Bounty Program Jobs

Hourly Bug Bounty Program information

See salary details

$33.5K

$100.4K

$155.5K

How much do hourly bug bounty program jobs pay per year?

As of May 31, 2026, the average yearly pay for hourly bug bounty program in the United States is $100,365.00, according to ZipRecruiter salary data. Most workers in this role earn between $71,500.00 and $132,000.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as an Hourly Bug Bounty Program participant, and why are they important?

To excel in an Hourly Bug Bounty Program, you need deep knowledge of cybersecurity principles, vulnerability assessment, and web application security, often demonstrated by experience or certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Metasploit, and various bug tracking or reporting platforms is typically required. Strong analytical thinking, attention to detail, and effective communication skills help you identify, document, and report vulnerabilities clearly. These competencies are crucial for protecting client systems, ensuring precise reporting, and maximizing your success and reputation within the bug bounty community.

What are some common challenges faced by participants in an hourly bug bounty program, and how can they overcome them?

Participants in an hourly bug bounty program often face challenges such as quickly identifying valid vulnerabilities, managing time efficiently, and competing with other security researchers for rewards. Staying organized and maintaining up-to-date knowledge of common vulnerabilities and testing techniques are essential. Collaborating with the program's security team for clarification and feedback can also help improve your effectiveness and increase your chances of success.

What is an Hourly Bug Bounty Program?

An Hourly Bug Bounty Program is a cybersecurity initiative where organizations pay security researchers or ethical hackers by the hour to identify and report vulnerabilities in their systems. Unlike traditional bug bounty programs that reward based on the severity of discovered bugs, this model compensates participants for their time and effort, even if they do not find any vulnerabilities. This structure can attract a broader range of skilled testers and provide continuous security assessment. It also allows organizations to receive more comprehensive feedback on their security posture.
More about Hourly Bug Bounty Program jobs
What cities are hiring for Hourly Bug Bounty Program jobs? Cities with the most Hourly Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Hourly Bug Bounty Program jobs? States with the most job openings for Hourly Bug Bounty Program jobs include:
What job categories do people searching Hourly Bug Bounty Program jobs look for? The top searched job categories for Hourly Bug Bounty Program jobs are:
Hourly Bug Bounty Program jobs near you
Product Security Engineer (PSIRT - Product Security Incident Response Team)

Product Security Engineer (PSIRT - Product Security Incident Response Team)

Replit

Foster City, CA • On-site

$180K - $325K/yr

Full-time

Medical, Dental, Vision, Life, Retirement

Posted 10 days ago

Job description

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.
About the Role
We are looking for a highly skilled PSIRT Engineer to lead the vulnerability response program for Replit's cloud-native AI platform. You will own the lifecycle of security vulnerabilities affecting our products and services-from intake to validation, remediation coordination, and public disclosure.
This role requires strong technical ability to reproduce vulnerabilities, deep understanding of web/app/cloud exploit classes, and experience operating bug bounty and coordinated disclosure programs. You will work closely with Engineering, Cloud Security, SecOps, SRE, and IT teams to ensure vulnerabilities are fixed quickly and communicated responsibly.
What You'll Do
Vulnerability Intake, Triage & Validation
  • Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels.
  • Independently validate, reproduce, severity-score, and document findings.
  • Identify duplicates and maintain a clean vulnerability records pipeline.
  • Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC).
Remediation Coordination & SLA Management
  • Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation.
  • Provide detailed reproduction steps, proof-of-concepts, and technical analyses.
  • Track SLAs, remediation progress, regression testing, and systemic improvements.
  • Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance.
Bug Bounty & Vulnerability Disclosure Program Management
  • Design and evolve the bug bounty program, including scope, rules, and reward structures.
  • Manage platform selection, private vs. public launches, and community engagement.
  • Communicate clearly with researchers, provide clarifications, and handle feedback or disputes.
  • Determine reward payouts, bonus decisions, and recognition for top contributors.
Coordinated Disclosure & CVE Management
  • Lead the coordinated vulnerability disclosure process for internal and external findings.
  • Negotiate disclosure timelines with researchers and partners.
  • Coordinate CVE assignments and publications, and prepare customer/public advisories.

Required Skills
  • Experience running or triaging for bug bounty programs (HackerOne ideally).
  • Strong ability to triage, validate, and reproduce vulnerabilities independently.
  • Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc.
  • Familiarity with cloud platforms (GCP preferred) and SaaS architectures.
  • Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals.

Nice to Have
  • Scripting or automation experience (Python, Go, Bash).
  • Pentesting background or exposure to offensive security work.
  • Familiarity with compliance frameworks such as SOC 2 and ISO 27001.
  • Experience authoring public advisories or CVE writeups.
  • Hands-on experience with SIEM, Cloud Logging, and investigative tooling.

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.
Full-Time Employee Benefits Include:
Competitive Salary & Equity
401(k) Program with a 4% match (US Only)
Health, Dental, Vision and Life Insurance
Short Term and Long Term Disability
Paid Parental, Medical, Caregiver Leave
Flexible Time Off (FTO) + Holidays
Commuter Benefits (In-Office Only)
Monthly Wellness Stipend
Autonomous Work Environment
In Office Set-Up Reimbursement (In-Office Only)
Quarterly Team Gatherings
In Office Amenities (In-Office Only)
Want to learn more about what we are up to?
  • Meet the Replit Agent
  • Replit: Make an app for that
  • Replit Blog
  • Amjad TED Talk

Interviewing + Culture at Replit
  • Operating Principles
  • Reasons not to work at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.

Apply