1

Hourly Bug Bounty Program Jobs (NOW HIRING)

Senior Application Security Engineer

Meridian, ID · Remote

$111K - $152K/yr

Investigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation. * Own and continuously improve application ...

... our bug bounty program end to end: triage, response, remediation, and researcher communication • Partner with Engineering to embed secure design patterns and security review into how we ship ...

Manage a vulnerability management program, vulnerability scanning tools and the enterprise Bug Bounty program, tracking and prioritizing remediation against defined SLAs. * Help operate and improve ...

Manage a vulnerability management program, vulnerability scanning tools and the enterprise Bug Bounty program, tracking and prioritizing remediation against defined SLAs. * Help operate and improve ...

CNO Developer

Chantilly, VA · On-site

$129K - $177K/yr

Desire to contribute to CTF events, bug bounty programs, and speaking at the security conferences * Rapid Prototype Software Development Security Clearance: * Active TS/SCI level clearance. Must be ...

Application Security Engineer

Pittsburgh, PA · On-site

$57 - $76.25/hr

... Bug Bounty program, tracking and prioritizing remediation against defined SLAs. • Help operate and improve Bot Management, WAF, secrets management, and API security controls across Wolfe ...

Create and operate a bug bounty program * Triage and recommend solutions for security bugs from tools, third party assessments and bug bounties * Collaborate with the CISO and security team to grow ...

... bug bounty program. • Help respond to product security incidents. • Design and build technical systems to prevent spam, fraud, and abuse. • Partner closely with product teams to identify and ...

CNO Developer

Chantilly, VA · On-site

$130K - $178K/yr

... events, bug bounty programs, and speaking at the security conferences • Rapid Prototype Software Development Company : Accenture Federal Services is a leading US federal services company and ...

Experience managing cross-functional, large-scale technical security programs, including the Security Vulnerability Program, Security Exceptions Program, and Bug Bounty Program * Familiar with ...

... bug bounty program. • Help respond to product security incidents. • Design and build technical systems to prevent spam, fraud, and abuse. • Partner closely with product teams to identify and ...

... bug bounty program. • Help respond to product security incidents. • Design and build technical systems to prevent spam, fraud, and abuse. • Partner closely with product teams to identify and ...

AppSec SME

$60.25 - $80.25/hr

Monitor and track the Bug bounty vulnerabilities and remediation closure * Track the coverage of ... Manage the program and communicate with client team * Identify, manage risks and provide risks ...

Hands-on experience in offensive security (eg, through bug bounty programs or CTFs) The salary range for this role is $160,000 - $240,000. The salary for this position is determined based on a ...

next page

Showing results 1-20

Hourly Bug Bounty Program information

See salary details

$33.5K

$100.4K

$155.5K

How much do hourly bug bounty program jobs pay per year?

As of Jul 12, 2026, the average yearly pay for hourly bug bounty program in the United States is $100,365.00, according to ZipRecruiter salary data. Most workers in this role earn between $71,500.00 and $132,000.00 per year, depending on experience, location, and employer.

Which bug bounty pays the most?

In bug bounty programs, payouts vary widely depending on the severity and impact of the vulnerability, with some programs offering rewards of hundreds of thousands of dollars for critical findings. Platforms like HackerOne and Bugcrowd host high-paying programs, especially for critical security flaws in major companies. Successful bug bounty hunters often have strong technical skills, knowledge of web security, and experience with bug tracking tools.

What are some common challenges faced by participants in an hourly bug bounty program, and how can they overcome them?

Participants in an hourly bug bounty program often face challenges such as quickly identifying valid vulnerabilities, managing time efficiently, and competing with other security researchers for rewards. Staying organized and maintaining up-to-date knowledge of common vulnerabilities and testing techniques are essential. Collaborating with the program's security team for clarification and feedback can also help improve your effectiveness and increase your chances of success.

How much money can you make doing bug bounties?

The earnings from bug bounty programs vary widely; top security researchers can make thousands to hundreds of thousands of dollars annually by finding critical vulnerabilities. Income depends on the scope of programs, the severity of bugs found, and the researcher’s skills and experience. Consistent success often requires knowledge of security testing tools and programming languages.

What is an Hourly Bug Bounty Program?

An Hourly Bug Bounty Program is a cybersecurity initiative where organizations pay security researchers or ethical hackers by the hour to identify and report vulnerabilities in their systems. Unlike traditional bug bounty programs that reward based on the severity of discovered bugs, this model compensates participants for their time and effort, even if they do not find any vulnerabilities. This structure can attract a broader range of skilled testers and provide continuous security assessment. It also allows organizations to receive more comprehensive feedback on their security posture.

What companies pay bug bounties?

Many technology companies, including Google, Microsoft, Facebook, Apple, and Uber, run bug bounty programs that pay security researchers for discovering and responsibly reporting vulnerabilities. These programs are often hosted on platforms like HackerOne and Bugcrown, and they typically offer rewards based on the severity of the findings and the quality of reports.

How much does Amazon pay for bug bounty?

Amazon's bug bounty program offers rewards that can range from a few hundred to over $100,000 depending on the severity and impact of the vulnerability. Bug bounty hunters typically need skills in security testing, and payouts are based on the quality and significance of the reported issues.

What are the key skills and qualifications needed to thrive as an Hourly Bug Bounty Program participant, and why are they important?

To excel in an Hourly Bug Bounty Program, you need deep knowledge of cybersecurity principles, vulnerability assessment, and web application security, often demonstrated by experience or certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Metasploit, and various bug tracking or reporting platforms is typically required. Strong analytical thinking, attention to detail, and effective communication skills help you identify, document, and report vulnerabilities clearly. These competencies are crucial for protecting client systems, ensuring precise reporting, and maximizing your success and reputation within the bug bounty community.
More about Hourly Bug Bounty Program jobs
What cities are hiring for Hourly Bug Bounty Program jobs? Cities with the most Hourly Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Hourly Bug Bounty Program jobs? States with the most job openings for Hourly Bug Bounty Program jobs include:
What job categories do people searching Hourly Bug Bounty Program jobs look for? The top searched job categories for Hourly Bug Bounty Program jobs are:
Infographic showing various Hourly Bug Bounty Program job openings in the United States as of July 2026, with employment types broken down into 72% Locum Tenens, 20% Full Time, 2% Part Time, and 6% Summer. Highlights an 87% Physical, 1% Hybrid, and 12% Remote job distribution, with an average salary of $100,365 per year, or $48.3 per hour.
Senior Application Security Engineer

Senior Application Security Engineer

MoonPay

Meridian, ID • Remote

$111K - $152K/yr

Full-time

Posted 27 days ago


Job description

About MoonPay


Hi, we’re MoonPay. We’re here to onboard the world to the decentralized economy by making digital money move as universally and effortlessly as the internet.


Why?


Because crypto, stablecoins and blockchain aren’t just technologies. They’re tools for global financial empowerment. They give people and businesses more control over their money, their digital assets, and their future, opening access to legacy financial systems that have been out of reach for many.


What we do

MoonPay is a unified payments platform for digital currency. We make it easy for anyone, anywhere, to buy, sell, swap and pay in digital currencies as easy as sending an email. That simplicity is intentional, our focus is reducing complexity so people can participate confidently, without needing to be crypto experts. We power the entire flow between fiat and crypto end to end, with compliance, identity checks, fraud prevention, and settlement all built in. This end-to-end approach reflects how we work internally: with accountability, rigor, and trust built into everything we ship.


Proven at scale


Trusted by over 30 million customers and over 500 ecosystem partners, our secure, enterprise-grade platform is driving mainstream crypto adoption worldwide. Behind those numbers are millions of real people and organizations relying on MoonPay every day.


We collaborate with innovative brands and projects to build secure, scalable solutions for a blockchain-powered future. This is an opportunity to help shape systems, not just scale them. And we’re committed to doing it right. Fully licensed in the U.S. and regulated across the UK, EU, Canada, and Australia, because trust and compliance are non-negotiable.


But we’re just getting started. We’ve launched a consumer app that makes crypto accessible, intuitive, and usable for everyone, and it’s growing fast. We’re iterating every day to make it the best it can be.


If you believe financial freedom should be for everyone. If you believe in building a fairer, more open financial system - we want you with us. To build systems that benefit all, we need contributions from all, regardless of background.


Come build the future of payments and the decentralized economy with MoonPay. Let’s make financial freedom and autonomy the new normal.


Locations Supported
  • US

  • Canada (Toronto)

  • Mexico

Relocation available:No

Work pattern:

  • This role will be remote.

About the Opportunity

Write a clear, high-level overview of the role, outlining its purpose, scope, and impact on the team and wider organisation.

Our SRE/Cloud Security teams are a dynamic blend of proactive defenders and inquisitive problem-solvers. We are dedicated to strengthening our systems through rigorous security reviews and hands-on penetration testing, and we actively manage our Bug Bounty program to ensure timely validation, response, and remediation. 

We leverage cutting-edge tools and techniques to build robust defenses, and collaboration is central to how we work; embedding security best practices throughout the SDLC. We continuously research emerging threats, develop effective mitigation strategies, and empower engineering teams through clear guidance and practical security training. 

We maintain up-to-date security standards and documentation, lead incident response efforts with precision, and are passionate about spreading a secure-by-design culture while contributing to the wider security community. 

What You Will Do

A concise and detailed breakdown of core responsibilities, day-to-day expectations, and key deliverables. Use 5–10 bullets max. 

  • Conduct threat modelling reviews of Technical Design Documents (TDDs) for new and existing features, providing clear, actionable security recommendations early in the design process. 

  • Perform and support application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept (PoC) development where appropriate. 

  • Investigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation. 

  • Own and continuously improve application-layer protections, including managing and tuning Cloudflare WAF and related security controls.

  • Partner closely with engineering teams to embed security best practices throughout the SDLC, from design and development through deployment and maintenance. 

  • Research and track emerging threats and vulnerabilities, translating findings into practical mitigation strategies relevant to our technology stack. 

  • Develop and deliver security guidance, training, and awareness for engineering teams to raise the overall security maturity of the organization.

  • Contribute to the creation, maintenance, and evolution of security standards, processes, and documentation.

  • Participate in and eventually lead incident response activities, supporting investigation, containment, remediation, and post-incident improvements. 

About You

Describe the ideal candidate’s qualifications, skills, experience, and behaviours that show strong culture alignment.

Must-have experience and skills

  • You have developed a breadth of experience across multiple security domains, including web and mobile application security, infrastructure and cloud security, and can connect these areas to drive a holistic security approach. 

  • You have hands-on experience performing white-box, source code-assisted web and mobile application penetration testing, from vulnerability discovery through triage and exploitation. 

  • You have the ability to read, understand, and review source code to identify security issues, with ideally, a particular focus on JavaScript and TypeScript codebases.

  • You have a strong understanding of Threat Modelling principles and their practical application to the secure software development lifecycle (SDLC).

  • You have experience working with web application firewalls to help protect applications, assess coverage, and support tuning rules to mitigate common attack patterns. 

  • You have experience embedding application security practices into CI/CD pipelines, enabling early detection of vulnerabilities and close collaboration with engineering teams throughout the development lifecycle. 

  • You have collaborated closely with engineering teams to clearly communicate security findings, explain vulnerabilities, attack paths, and mitigations, and support the implementation of effective fixes for both technical and non-technical audiences. 

  • You are self-motivated, proactive, and take strong ownership of your work, operating effectively in a remote environment while maintaining a collaborative, team-focused mindset. 

Nice-to-have experience

  • You have experience in JavaScript and TypeScript, including the ability to read, understand, and reason about modern web application codebases. 

  • You have experience working with Cloudflare, including its hosting and Web Application Firewall (WAF) capabilities, to help secure and operate internet-facing applications. 

  • You have experience testing and securing GraphQL, REST APIs, including understanding common GraphQL/REST-specific attack vectors and security considerations. 

  • You have experience or a strong interest in Web3 security testing, including assessing smart contracts, blockchain-based applications, or Web3 integrations. 

  • You have an interest in agentic engineering, including emerging patterns in autonomous systems, tooling, or workflows, and their security implications. 

Bonus Points

Optional extras that would help a candidate stand out (keep this short).

  • You contribute or have contributed to the security community through open source involvement, participation in CTFs, or speaking at local information security meetups and conferences. 

  • Your background includes experience working with disruptive technologies and successfully launching products, ideally within FinTech, SaaS, or Crypto. 

  • You hold one or more security relevant certifications such as OSCP or OSWE. 

\\n


\\n

BLOCK Values


We’re looking for people who live our core values, those who strive for excellence and want to leave a lasting legacy on the global financial system. Our values:


B - Be Hungry

L - Level Up

O - Own It

C - Crypto Curious

K - Kaizen


Research has shown that women are less likely than men to apply for this role if they do not have experience in 100% of these areas. Please know that this list is indicative, and that we would still love to hear from you even if you feel that you are only a 75% match. Skills can be learnt, diversity cannot.


Benefits & Perks


Competitive salary package


Equity package: We believe financial freedom starts with our employees, so all employees have ownership at MoonPay


Pay for performance equity bonus: Those who drive outsized outcomes receive outsized rewards


Moonshot award. We honor exceptional impact - 10 employees twice a year, each earning a $250,000 equity grant.


Unlimited holidays: We give you the autonomy to choose when to work (and when to switch off)


Hybrid working schedule: Work fully remotely or your nearest Moonbase, the choice is yours


Private Healthcare benefits: To protect you and your loved ones


Enhanced parental leave: So you can spend more time with your loved ones without a second thought


Annual training budget: We support your training journey every step of the way


Home office setup allowance: Create the home office of your dreams


Remote working allowance: Those working fully remotely get a little extra for utilities


Monthly budget to spend on our products and zero fee crypto transactions: Cultivate your inner DEGEN


Employee referral programme: Great people know great people, refer them to receive 10K in USDC


✈️ Regular remote company offsites: Meet your colleagues regularly for high impact in person sessions and hackathons


Working in a disruptive and fast-growing company where excellence is rewarded




Commitment To Diversity


At MoonPay we believe that every voice matters. We strive to create a mindful and respectful environment where everyone can bring their authentic self to work, and experience a culture that is free of harassment, racism, and discrimination. That’s why we are committed to diversity and inclusion in the workplace and are a proud equal opportunity employer. We prohibit discrimination and harassment of any kind based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by law. This policy applies to all employment practices within our organization, including, but not limited to, hiring, recruiting, promotion, termination, layoff, and leave of absence.


MoonPay is also committed to providing reasonable accommodations in our job application procedures for qualified individuals with disabilities. Please inform our Talent Team if you need any assistance completing any forms or to otherwise participate in the application process.