ZipRecruiter

Log In

1

On Call Bug Bounty Program Jobs (NOW HIRING)

SoundCloud

Principal Product Security Engineer

New York, NY ยท On-site

$190K - $220K/yr

Triage and drive to remediation submissions from our external bug bounty program * Participate in our security incident response process * Make recommendations to external teams and stakeholders ...

MoonPay

Senior Security Engineer - Automation

$117K - $160K/yr

We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...

MoonPay

Senior Security Engineer - Automation

New York, NY ยท On-site

$125K - $171K/yr

We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...

Replit

SOC Engineer

Foster City, CA ยท On-site

$180K - $250K/yr

Experience working with bug bounty programs or coordinated vulnerability disclosure workflows. * Experience in fast-paced, cloud-native, or AI/ML-driven environments. What We Value * Curiosity ...

MoonPay

Senior Security Engineer - Automation

OR ยท Remote

$117K - $160K/yr

We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...

MoonPay

Senior Security Engineer - Automation

Manhattan, NY ยท On-site

$126K - $173K/yr

We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...

Outreach

Technical Program Manager - Security

Seattle, WA ยท Remote

$130K - $170K/yr

Experience managing cross-functional, large-scale technical security programs, including the Security Vulnerability Program, Security Exceptions Program, and Bug Bounty Program * Familiar with ...

Merge API

Head of Security

San Francisco, CA ยท On-site

$240K - $280K/yr

Manage our Bug Bounty Program * Implement security controls across Merge, from infrastructure to CI * Implement and run manual and automated security practices to mitigate vulnerabilities * Assist ...

Replit

SOC Engineer

Foster City, CA ยท On-site

Experience working with bug bounty programs or coordinated vulnerability disclosure workflows. * Experience in fast-paced, cloud-native, or AI/ML-driven environments. What We Value * Curiosity ...

Anthropic

Staff+ Application Security Engineer

San Francisco, CA ยท On-site +1

$69.25 - $92.50/hr

Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with ...

Landry's

Senior Cyber Security Engineer

Houston, TX ยท On-site

Provide application security guidance and support the bug bounty and responsible disclosure program, including vulnerability triage and researcher communications. * Evaluate AI-powered tools and ...

AEG

Senior AppSec Engineer

Atlanta, GA ยท On-site

$90K - $180K/yr

Bug Bounty & Research: Help manage our bug bounty program by triaging submissions, working with researchers, and validating fixes with our engineers. * Secure AI Integration: Serve as the security ...

Outreach

Technical Program Manager - Security

Seattle, WA ยท On-site +1

$130K - $170K/yr

Experience managing cross-functional, large-scale technical security programs, including the Security Vulnerability Program, Security Exceptions Program, and Bug Bounty Program > * Familiar with ...

next page

Showing results 1-20

People also search for

All JobsOn Call Bug Bounty Program Jobs

On Call Bug Bounty Program information

See salary details

$16

$49

$78

How much do on call bug bounty program jobs pay per hour?

As of Jun 4, 2026, the average hourly pay for on call bug bounty program in the United States is $49.60, according to ZipRecruiter salary data. Most workers in this role earn between $31.73 and $66.83 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as an On Call Bug Bounty Program participant, and why are they important?

To thrive in an On Call Bug Bounty Program, you need strong knowledge of cybersecurity principles, vulnerability assessment, and hands-on experience in penetration testing, typically demonstrated through relevant certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Nmap, Metasploit, and bug tracking platforms is essential for efficiently identifying and reporting security flaws. Attention to detail, persistence, and strong written communication skills help you document findings and collaborate with program stakeholders. These competencies are vital to ensure vulnerabilities are accurately detected and responsibly disclosed to protect organizational assets.

What are the main challenges faced by professionals working in an On Call Bug Bounty Program role?

Professionals in On Call Bug Bounty Program roles often encounter challenges such as managing unpredictable workloads, rapidly assessing and triaging incoming vulnerability reports, and maintaining effective communication with both internal security teams and external researchers. The on-call aspect can require quick decision-making and adaptability, especially when critical issues arise outside of regular hours. Additionally, staying updated on the latest security threats and vulnerabilities is essential to effectively prioritize and address reported bugs.

What is an On Call Bug Bounty Program?

An On Call Bug Bounty Program is a security initiative where organizations invite ethical hackers to find and report vulnerabilities in their systems on an as-needed or on-call basis. Unlike traditional bug bounty programs, this model may involve a select group of trusted researchers who are contacted to test specific features or during particular timeframes. It helps organizations quickly identify and address critical security risks, often before public launch or after significant updates. Participants receive rewards or recognition for valid vulnerability submissions, supporting a proactive approach to cybersecurity.

What is the difference between On Call Bug Bounty Program vs Penetration Tester?

AspectOn Call Bug Bounty ProgramPenetration Tester
CredentialsNone required; often self-taught or certified in security basicsCertifications like OSCP, CEH, or CISSP typically required
Work EnvironmentRemote, flexible, project-basedOften on-site or hybrid, structured engagements
Employer & Industry UsageCompanies seeking external security testing via crowdsourcingSecurity firms or internal teams conducting authorized testing
Search & Comparison IntentUnderstanding freelance or crowdsourced security testing optionsProfessional security assessment roles

The On Call Bug Bounty Program involves independent security researchers testing applications remotely on a project basis, often without formal employment. Penetration Testers are typically employed or contracted professionals with certifications, performing structured security assessments. Both roles focus on identifying vulnerabilities but differ in credentials, work environment, and engagement style.

More about On Call Bug Bounty Program jobs
What cities are hiring for On Call Bug Bounty Program jobs? Cities with the most On Call Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most On Call Bug Bounty Program jobs? States with the most job openings for On Call Bug Bounty Program jobs include:
What job categories do people searching On Call Bug Bounty Program jobs look for? The top searched job categories for On Call Bug Bounty Program jobs are:
On Call Bug Bounty Program jobs near you
Infographic showing various On Call Bug Bounty Program job openings in the United States as of May 2026, with employment types broken down into 100% Contract. Highlights an 95% Physical, 1% Hybrid, and 4% Remote job distribution, with an average salary of $103,178 per year, or $49.6 per hour.

Principal Product Security Engineer

SoundCloud

New York, NY โ€ข On-site

$190K - $220K/yr

Full-time

Medical, Dental, Vision, Retirement, PTO

Posted 16 days ago

Job description

SoundCloud empowers artists and fans to connect and share through music. Founded in 2007, SoundCloud is an artist-first platform empowering artists to build and grow their careers by providing them with the most progressive tools, services, and resources. With over 400+ million tracks from 40 million artists, the future of music is SoundCloud.
We are looking for a Principal Product Security Engineer to join our Security team!
As a Product Security Engineer, you will collaborate cross-functionally with engineering teams to identify and address potential vulnerabilities in our products and services. You will advocate and shape security best practices across SoundCloud's Engineering, Product, and Design ("EPD") organization. This position offers a unique opportunity to play a direct, pivotal role in safeguarding our products against emerging cyber threats to our platform, artists and creators, and listeners and fans.
Key Responsibilities:
  • Identify security anti-patterns in our codebases and architecture and drive cross-functional initiatives to systemically address them
  • Help guide our Engineering and Product teams around the safe and responsible use of agentic AI in our products and Software Development Lifecycle (SDLC)
  • Drive efforts to automate the security of our SDLC, including our CI/CD pipelines
  • Secure our AWS, GCP, and on-prem infrastructure through implementing proper access control and guardrails
  • Conduct secure code reviews and threat modeling exercises to identify and remediate potential security vulnerabilities
  • Define, implement, and oversee processes and policies in our Vulnerability Management Program
  • Triage and drive to remediation submissions from our external bug bounty program
  • Participate in our security incident response process
  • Make recommendations to external teams and stakeholders about how to improve the consumer security of our platform
  • Promote security best practices through educational initiatives such as CTFs and technical talks
  • Improve internal tooling, processes, and documentation
  • Help to define the Product Security program and team strategy
  • Mentor and onboard team members

Experience and Background:
  • 8+ years of product or application security experience, or other relevant software engineering experience
  • Deep expertise in designing secure architecture
  • Enthusiasm about collaborating with engineering and product teams to proactively address security issues in products
  • Experience conducting threat modeling exercises and secure code reviews
  • Experience configuring DevSecOps tools (e.g. SAST, SCA, Secret Scanning)
  • Experience managing bug bounty programs
  • Familiarity with languages such as Javascript, Go, Ruby, Python, or Scala
  • Experience working with cloud providers (AWS, GCP) and Developer SaaS solutions (GitHub, Jira)
  • Familiarity with IaC tools such as Terraform and CloudFormation
  • Ability to effectively communicate risk to technical and non-technical audiences
  • Experience with data analysis (SQL) in order to determine scope and impact of vulnerabilities
  • Knowledge of industry-standard security frameworks and regulations, such as GDPR, CCPA, SOC2, NIS2, and OWASP is a plus
  • Experience with vulnerability management is a plus
  • Experience threat modelling and securing Generative AI applications & use-cases in the context of the EU AI Act is a plus
  • Experience with data governance is a plus

The salary range for this role is $190,000 - $220,000 annually. The final salary offered will be determined based on relative experience, skills, internal equity, and location. We also offer a generous total rewards program - read more about additional benefits and perks below!
About us:
  • We are a multinational company with offices in the US (New York and Los Angeles), Germany (Berlin), and the UK (London)
  • We provide a flexible work culture that offers the opportunity to collaborate and connect in person at our offices as well as accommodating work from home
  • We are deeply committed to ensuring diversity, equity and inclusion at all levels of our organization and fostering a community where everyone's voice, perspective and experience is respected and heard
  • We believe a strong team is made by investing in employees through mentorship, workshops and enrichment opportunities
Benefits:
  • Comprehensive health benefits including medical, dental, and vision plans, as well as mental health resources
  • Robust 401k program
  • Employee Equity Plan
  • Generous professional development allowance
  • Interested in a gym membership, photography course or book? We have a Creativity and Wellness benefit!
  • Flexible vacation and public holiday policy where you can take up to 35 days of PTO annually
  • 16 paid weeks for all parents (birthing and non-birthing), regardless of gender, to welcome newborns, adopted and foster children
  • Various snacks, goodies, and 2 free lunches weekly when at the office
Diversity, Equity and Inclusion at SoundCloud
SoundCloud is for everyone. Diversity and open expression are fundamental to our organization; they help us lead what's next in music by understanding and empowering our creators and fans, no matter their identity. We acknowledge the challenges in the music industry, and strive to influence an inclusive culture where everyone can contribute respectfully and thrive, especially the historically marginalized communities that many of our creators, fans and SoundClouders identify with. We are dedicated to creating an inclusive environment at SoundCloud for everyone, regardless of gender identity, sexual orientation, race, ethnicity, migration background, national origin, age, disability status, or care-giver status.
At SoundCloud you can find your community or elevate your allyship by joining a Diversity Resource Group. Diversity Resource Groups are employee-organized groups focused on supporting and promoting the interests of a particular underrepresented community in order to build a more inclusive culture at SoundCloud. Anyone can join, whether you share the identity or strive to be an ally.

Apply