ZipRecruiter

Log In

1

Independent Security Researcher Jobs (NOW HIRING)

SAS

Application Security Engineer- Remote

$60.25 - $80.25/hr

Triage security findings received through a public bug bounty program, communicating with both the developers and independent security researchers * Perform Security Assessments & Assist in ...

BespokeLabs.AI, Inc

Cybersecurity Expert - RL

About the Role As our Cybersecurity Researcher, you will own the intersection of AI and cyber ... Run independent security audits and penetration tests across systems and infrastructure * Identify ...

New

Veracode

Security Research Architect

Burlington, MA · On-site

Up to 20% of your time will be allocated for independent research, and this means you'll need ... Careers Veracode was founded by world-class security experts - and it continues to attract top ...

next page

Showing results 1-20

People also search for

All JobsIndependent Security Researcher Jobs

Independent Security Researcher information

See salary details

$47

$51

$54

How much do independent security researcher jobs pay per hour?

As of May 29, 2026, the average hourly pay for independent security researcher in the United States is $51.44, according to ZipRecruiter salary data. Most workers in this role earn between $49.76 and $53.12 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as an Independent Security Researcher, and why are they important?

To thrive as an Independent Security Researcher, you need a deep understanding of cybersecurity principles, vulnerability assessment, and programming or scripting languages, often supported by a relevant degree or recognized certifications like OSCP or CEH. Familiarity with penetration testing tools (e.g., Metasploit, Burp Suite), operating systems, and responsible disclosure processes is essential. Critical thinking, persistence, and effective communication help researchers uncover vulnerabilities and share findings responsibly. These skills are crucial to identifying security weaknesses, protecting systems, and building trust within the cybersecurity community.

What are some common challenges Independent Security Researchers face when working with organizations to disclose vulnerabilities?

Independent Security Researchers often encounter challenges such as varying responsiveness from organizations, legal ambiguity regarding responsible disclosure, and the need to clearly communicate technical findings to non-technical stakeholders. Establishing trust and credibility is essential, as some companies may initially be skeptical or unresponsive to external reports. Researchers must also stay current with evolving disclosure policies and frameworks to ensure their work is ethical and recognized, which often involves participating in bug bounty programs or coordinated vulnerability disclosure platforms.

What is an independent security researcher?

An independent security researcher is a professional who investigates and analyzes computer systems, networks, and software for vulnerabilities, often working outside of formal employment with a company or organization. These researchers typically identify security flaws, report them to affected parties, and may participate in bug bounty programs or publish their findings for public awareness. They play a vital role in the cybersecurity ecosystem by helping to uncover and address security weaknesses before malicious actors can exploit them.

What is the difference between Independent Security Researcher vs Penetration Tester?

AspectIndependent Security ResearcherPenetration Tester
CertificationsOSCP, CEH, CISSPOSCP, CEH, GPEN
Work EnvironmentSelf-directed, often freelance or contract-basedTypically employed by security firms or organizations
Industry UsageResearching vulnerabilities, discovering exploits, publishing findingsSimulating attacks to test security defenses

While both roles focus on cybersecurity, Independent Security Researchers primarily discover and analyze vulnerabilities independently, often publishing their findings. Penetration Testers conduct controlled security assessments for organizations, focusing on exploiting vulnerabilities to evaluate defenses. Both roles require similar certifications and skills but differ in work setting and objectives.

More about Independent Security Researcher jobs
What job categories do people searching Independent Security Researcher jobs look for? The top searched job categories for Independent Security Researcher jobs are:
Independent Security Researcher jobs near you
Infographic showing various Independent Security Researcher job openings in the United States as of May 2026, with employment types broken down into 1% As Needed, 64% Full Time, 26% Part Time, and 9% Contract. Highlights an 92% Physical, and 8% Remote job distribution, with an average salary of $107,000 per year, or $51.4 per hour.
Senior Vulnerability Researcher (Cyber254)

Senior Vulnerability Researcher (Cyber254)

Research Innovations

San Antonio, TX • On-site

Full-time

Posted 21 days ago

Job description

Position Title: Senior Security Researcher
Location: St. Petersburg, FL \u007C Melbourne, FL \u007C San Antonio, TX
Clearance Requirement: Top Secret/SCI
Employment type: Full Time
Research Innovations Inc. (RII) is redefining defense technology. We combine mission-driven impact with cutting-edge research and a culture that values autonomy, creativity, and technical excellence.
 
We are seeking security researchers to independently explore and exploit complex systems, from kernels to embedded platforms, to solve the unsolvable. This role combines deep technical problem-solving with real-world impact on defense and homeland security systems. Get s#it done.
 
This position requires an Active US Top Secret security clearance, and the ability to upgrade to TS/SCI Special Access Program access
WHAT YOU WILL BE DOING

  • Leading advanced vulnerability research efforts across operating systems, kernels, firmware, hypervisors, embedded platforms, and complex application stacks.

  • Independently scoping ambiguous or underexplored attack surfaces and driving research from initial hypothesis through validated findings.

  • Performing deep reverse engineering and in-memory analysis of compiled binaries across multiple architectures (x86/x64, ARM, PowerPC, etc.).

  • Designing and executing novel exploitation techniques and mitigation evaluations, including identifying real-world weaknesses in modern defense mechanisms.

  • Analyzing undocumented or partially documented system behavior and extending internal interfaces or tooling to support research goals.

  • Collaborating with other senior researchers to shape technical direction, review complex work, and raise the overall quality of research output.

  • Translating low-level technical findings into clear, actionable insights for internal stakeholders and, when appropriate, customers.

  • Contributing to research culture through mentorship, knowledge sharing, and improvements to tools, methodologies, and workflows.

WHAT YOU HAVE DONE

  • Conducted high-impact vulnerability research on real-world systems with minimal guidance, producing findings that influenced security decisions or mitigations.

  • Demonstrated deep understanding of operating system internals (Windows, Linux, macOS), kernel subsystems, and low-level execution models.

  • Reverse engineered complex binaries, firmware, or kernel components and reasoned about their behavior in memory.

  • Developed proof-of-concept exploits or mitigation bypasses that go beyond simple crashes and demonstrate meaningful impact.

  • Shown strong intuition for exploit mitigations such as ASLR, DEP/NX, stack canaries, CFI, and where their assumptions break down.

  • Written research tooling, scripts, or frameworks (e.g., Python, C/C++) to support analysis, exploitation, or automation.

  • Collaborated closely with other researchers, provided technical feedback, and influenced how work is approached or evaluated.

  • Communicated complex technical concepts clearly in writing and discussion, including with other experts.

EVEN BETTER

  • Experience with hypervisors, virtualization stacks, firmware boot chains, or trusted execution environments.

  • Background in embedded systems, RTOS environments, or mobile platforms (iOS/Android).

  • Familiarity with networking or wireless stacks (Wi-Fi, Bluetooth, cellular) and their security models.

  • Contributions to the vulnerability research community (publications, talks, open source).

  • Experience with symbolic execution, constraint solving, fuzzing frameworks, or advanced program analysis techniques.

  • Malware analysis experience, including deobfuscation, behavioral analysis, or adversarial tooling.

  • Interest in shaping long-term research direction, mentoring other researchers, or acting as a technical authority without moving into management.

REFERRALS
Know someone who would make a great Senior Vulnerability Researcher? Refer them at www.researchinnovations.com/external-referrals!
At RII, we believe that diversity in our workforce is critical to our success. We strive to hire great people from a wide variety of backgrounds, not just because it’s the right thing to do, but because it makes us stronger. We work to help your intellectual passions and creativity thrive. It’s one of our core values: Let your geek flag fly.
 
We also offer all employees comprehensive benefits including: flexible work schedules, health insurance coverage, paid time off, 401k with a company match, paid parental leave, access to wellness programs and much more. You get this all from day one, and all paid for by RII. It’s all part of another of our core values: Stay human. It’s why our comfortable and colorful offices such as our headquarters, include a community game room, pantry, massage chair, and an escape room, among other amenities. It’s why we have community ambassadors and regular community events.
 
Research Innovations, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender, gender identity or expression, national origin, genetics, disability status, protected veteran status, age, or any other characteristic protected by state, federal or local law.
#LI-AC1

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.