1

On Call Bug Bounty Program Jobs (NOW HIRING)

Technical Program Manager, Bug Bounty

Seattle, WA · On-site

$146K - $190K/yr

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...

Technical Program Manager, Bug Bounty

Seattle, WA · On-site

$146K - $190K/yr

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...

Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for ...

Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Bug Bounty Program Management: Own and expand Vercel's bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Senior Application Security Engineer

Broomfield, CO · On-site

$59.25 - $79/hr

You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...

Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ... Strong incident response skills and experience participating in on-call rotations. * Excellent ...

next page

Showing results 1-20

On Call Bug Bounty Program information

See salary details

$16

$49

$78

How much do on call bug bounty program jobs pay per hour?

As of Jul 5, 2026, the average hourly pay for on call bug bounty program in the United States is $49.60, according to ZipRecruiter salary data. Most workers in this role earn between $31.73 and $66.83 per hour, depending on experience, location, and employer.

How do I join a bug bounty program?

To join a bug bounty program, you typically need to register on the platform hosting the program, such as HackerOne or Bugcrowd, and agree to their rules. You should have skills in security testing, familiarity with bug tracking tools, and often a basic understanding of web or application security. Participation usually involves submitting vulnerabilities according to program guidelines and may require a valid security researcher profile.

Will Facebook pay $500 if you find a bug in their code?

As an On Call Bug Bounty Program participant, Facebook offers rewards that vary depending on the severity and impact of the bug discovered. While some bugs may be rewarded with $500 or more, payouts are determined by Facebook's bug bounty guidelines and the quality of the report. Researchers should review Facebook's bug bounty program rules for specific payout details and submission criteria.

What is an On Call Bug Bounty Program?

An On Call Bug Bounty Program is a security initiative where organizations invite ethical hackers to find and report vulnerabilities in their systems on an as-needed or on-call basis. Unlike traditional bug bounty programs, this model may involve a select group of trusted researchers who are contacted to test specific features or during particular timeframes. It helps organizations quickly identify and address critical security risks, often before public launch or after significant updates. Participants receive rewards or recognition for valid vulnerability submissions, supporting a proactive approach to cybersecurity.

Is AI killing bug bounty?

AI is transforming bug bounty programs by automating vulnerability detection and analysis, which can increase efficiency but also change the nature of the work for security researchers. While AI tools can assist bug bounty hunters in identifying issues faster, human expertise remains essential for complex vulnerabilities and creative testing. The role of bug bounty programs continues to evolve alongside advancements in AI technology.

What are the main challenges faced by professionals working in an On Call Bug Bounty Program role?

Professionals in On Call Bug Bounty Program roles often encounter challenges such as managing unpredictable workloads, rapidly assessing and triaging incoming vulnerability reports, and maintaining effective communication with both internal security teams and external researchers. The on-call aspect can require quick decision-making and adaptability, especially when critical issues arise outside of regular hours. Additionally, staying updated on the latest security threats and vulnerabilities is essential to effectively prioritize and address reported bugs.

What are the key skills and qualifications needed to thrive as an On Call Bug Bounty Program participant, and why are they important?

To thrive in an On Call Bug Bounty Program, you need strong knowledge of cybersecurity principles, vulnerability assessment, and hands-on experience in penetration testing, typically demonstrated through relevant certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Nmap, Metasploit, and bug tracking platforms is essential for efficiently identifying and reporting security flaws. Attention to detail, persistence, and strong written communication skills help you document findings and collaborate with program stakeholders. These competencies are vital to ensure vulnerabilities are accurately detected and responsibly disclosed to protect organizational assets.

How much do you get paid for bug bounties?

Bug bounty programs pay security researchers, including those participating in on-call bug bounty roles, based on the severity and impact of the vulnerabilities they discover. Payments can range from a few hundred to hundreds of thousands of dollars per bug, with high-severity issues typically earning higher rewards. Compensation varies by program, platform, and the complexity of the vulnerabilities found.

What is the difference between On Call Bug Bounty Program vs Penetration Tester?

AspectOn Call Bug Bounty ProgramPenetration Tester
CredentialsNone required; often self-taught or certified in security basicsCertifications like OSCP, CEH, or CISSP typically required
Work EnvironmentRemote, flexible, project-basedOften on-site or hybrid, structured engagements
Employer & Industry UsageCompanies seeking external security testing via crowdsourcingSecurity firms or internal teams conducting authorized testing
Search & Comparison IntentUnderstanding freelance or crowdsourced security testing optionsProfessional security assessment roles

The On Call Bug Bounty Program involves independent security researchers testing applications remotely on a project basis, often without formal employment. Penetration Testers are typically employed or contracted professionals with certifications, performing structured security assessments. Both roles focus on identifying vulnerabilities but differ in credentials, work environment, and engagement style.

More about On Call Bug Bounty Program jobs
What cities are hiring for On Call Bug Bounty Program jobs? Cities with the most On Call Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most On Call Bug Bounty Program jobs? States with the most job openings for On Call Bug Bounty Program jobs include:
What job categories do people searching On Call Bug Bounty Program jobs look for? The top searched job categories for On Call Bug Bounty Program jobs are:
Infographic showing various On Call Bug Bounty Program job openings in the United States as of June 2026, with employment types broken down into 3% As Needed, 84% Full Time, 3% Temporary, 7% Contract, and 3% Nights. Highlights an 94% Physical, 1% Hybrid, and 5% Remote job distribution, with an average salary of $103,178 per year, or $49.6 per hour.
Technical Program Manager, Bug Bounty

Technical Program Manager, Bug Bounty

Amazon

Seattle, WA • On-site

$146K - $190K/yr

Full-time

Posted 13 days ago


Amazon rating

7.4

Company rating: 7.4 out of 10

Based on 6,925 frontline employees who took The Breakroom Quiz

6th of 39 rated national retailers


Job description

Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex, cross-functional programs that improve how we identify, triage, and resolve externally reported security vulnerabilities. You'll work across engineering, security, and business teams to improve processes, remove roadblocks, and ensure researchers have the access and support they need to help raise our security bar.
You'll partner with internal teams to close vulnerabilities quickly and effectively, and you'll help shape the future of how Amazon engages with the global security research community

This is a fast-paced, high-impact role that requires strong ownership, sound judgment, and the ability to dive deep into technical problems while keeping stakeholders aligned.
Key job responsibilities
- Lead technical programs that improve how Amazon responds to externally reported vulnerabilities
- Define and scale internal processes for vulnerability intake, triage, and resolution
- Build durable solutions that reduce repeat issues through automation, better tooling, and improved service team accountability
- Collaborate with partner teams to improve test account support and ensure researchers have the access they need to test securely and effectively
- Communicate clearly and regularly with senior leaders, engineering teams, and external researchers
- Own the long-term roadmap for specific areas of the Bug Bounty program and influence the broader team strategy
A day in the life
You will spend most days working with engineers, builder teams, and partner teams to improve how we handle bug bounty findings. You might be mapping out a plan to improve processes, coordinating across teams to roll out new tools, or identifying where we need better support for internal owners. Some days will focus on clearing blockers and aligning stakeholders

Others will focus on building the right systems to scale the program as Amazon grows.
About the team
The Bug Bounty team helps protect Amazon and its customers by working with external security researchers who report vulnerabilities in our public-facing services. We partner with security engineers and builder teams across the company to investigate findings, improve our response processes, and build systems that scale. Our mission is to raise the security bar across Amazon by learning from every bug

We value clear thinking, sound judgment, and strong ownership, and we work every day to make Amazon more secure for customers around the world.
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences

Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness

Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture

When we feel supported in the workplace and at home, there's nothing we can't achieve.


What Amazon employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom


Amazon logo

About Amazon

Sourced by ZipRecruiter

Amazon.com, Inc., commonly known as Amazon, is an American multinational technology company. It was founded by Jeff Bezos in 1994 and initially started as an online marketplace for books. Since then, Amazon has expanded its operations and become one of the largest e-commerce companies in the world. Amazon's primary business is its online retail platform, where customers can purchase a vast array of products, including electronics, clothing, books, home goods, and much more. The company offers a convenient and user-friendly shopping experience, with features such as fast shipping, customer reviews, and personalized recommendations. In addition to its e-commerce platform, Amazon has diversified its business into various other areas. One of its notable ventures is Amazon Web Services (AWS), a comprehensive cloud computing platform that provides services such as storage, compute power, and database management to individuals and businesses. AWS has become a leader in the cloud computing industry, powering many websites and applications worldwide. Amazon has also developed its own consumer electronics, including the popular Amazon Kindle e-reader, Fire tablets, Fire TV streaming devices, and the Alexa-powered Echo smart speakers. The Alexa voice assistant, integrated into these devices, allows users to interact with their devices using voice commands, perform tasks, and access information. Furthermore, Amazon has expanded into media and entertainment. It operates Prime Video, a streaming service that offers a wide range of movies, TV shows, and original content. Amazon Music provides a platform for streaming and purchasing digital music, while Audible offers audiobooks and other audio content. The company's commitment to customer satisfaction and convenience is demonstrated by its membership program, Amazon Prime. Prime members receive various benefits, including free two-day shipping, access to streaming services, exclusive deals, and more.

Industry

It services, book publishers, retail, real estate and computer and electronic product manufacturing

Company size

10,000+ Employees

Headquarters location

Seattle, WA, US