1

On Call Bug Bounty Program Jobs (NOW HIRING)

Staff+ Application Security Engineer

$60.25 - $80.25/hr

Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with ...

Staff+ Application Security Engineer

$60.25 - $80.25/hr

Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with ...

Staff+ Application Security Engineer

Seattle, WA · On-site

$67 - $89.50/hr

Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with ...

... our bug bounty program end to end: triage, response, remediation, and researcher communication • Partner with Engineering to embed secure design patterns and security review into how we ship ...

Manage a vulnerability management program, vulnerability scanning tools and the enterprise Bug Bounty program, tracking and prioritizing remediation against defined SLAs. * Help operate and improve ...

... our bug bounty program end to end: triage, response, remediation, and researcher communication • Partner with Engineering to embed secure design patterns and security review into how we ship ...

Manage a vulnerability management program, vulnerability scanning tools and the enterprise Bug Bounty program, tracking and prioritizing remediation against defined SLAs. * Help operate and improve ...

Manage a vulnerability management program, vulnerability scanning tools and the enterprise Bug Bounty program, tracking and prioritizing remediation against defined SLAs. * Help operate and improve ...

Application Security Engineer

Pittsburgh, PA · On-site

$57 - $76.25/hr

... Bug Bounty program, tracking and prioritizing remediation against defined SLAs. • Help operate and improve Bot Management, WAF, secrets management, and API security controls across Wolfe ...

CNO Developer

Chantilly, VA · On-site

$129K - $177K/yr

Desire to contribute to CTF events, bug bounty programs, and speaking at the security conferences * Rapid Prototype Software Development Security Clearance: * Active TS/SCI level clearance. Must be ...

next page

Showing results 1-20

On Call Bug Bounty Program information

See salary details

$16

$49

$78

How much do on call bug bounty program jobs pay per hour?

As of Jul 5, 2026, the average hourly pay for on call bug bounty program in the United States is $49.60, according to ZipRecruiter salary data. Most workers in this role earn between $31.73 and $66.83 per hour, depending on experience, location, and employer.

How do I join a bug bounty program?

To join a bug bounty program, you typically need to register on the platform hosting the program, such as HackerOne or Bugcrowd, and agree to their rules. You should have skills in security testing, familiarity with bug tracking tools, and often a basic understanding of web or application security. Participation usually involves submitting vulnerabilities according to program guidelines and may require a valid security researcher profile.

Will Facebook pay $500 if you find a bug in their code?

As an On Call Bug Bounty Program participant, Facebook offers rewards that vary depending on the severity and impact of the bug discovered. While some bugs may be rewarded with $500 or more, payouts are determined by Facebook's bug bounty guidelines and the quality of the report. Researchers should review Facebook's bug bounty program rules for specific payout details and submission criteria.

What is an On Call Bug Bounty Program?

An On Call Bug Bounty Program is a security initiative where organizations invite ethical hackers to find and report vulnerabilities in their systems on an as-needed or on-call basis. Unlike traditional bug bounty programs, this model may involve a select group of trusted researchers who are contacted to test specific features or during particular timeframes. It helps organizations quickly identify and address critical security risks, often before public launch or after significant updates. Participants receive rewards or recognition for valid vulnerability submissions, supporting a proactive approach to cybersecurity.

Is AI killing bug bounty?

AI is transforming bug bounty programs by automating vulnerability detection and analysis, which can increase efficiency but also change the nature of the work for security researchers. While AI tools can assist bug bounty hunters in identifying issues faster, human expertise remains essential for complex vulnerabilities and creative testing. The role of bug bounty programs continues to evolve alongside advancements in AI technology.

What are the main challenges faced by professionals working in an On Call Bug Bounty Program role?

Professionals in On Call Bug Bounty Program roles often encounter challenges such as managing unpredictable workloads, rapidly assessing and triaging incoming vulnerability reports, and maintaining effective communication with both internal security teams and external researchers. The on-call aspect can require quick decision-making and adaptability, especially when critical issues arise outside of regular hours. Additionally, staying updated on the latest security threats and vulnerabilities is essential to effectively prioritize and address reported bugs.

What are the key skills and qualifications needed to thrive as an On Call Bug Bounty Program participant, and why are they important?

To thrive in an On Call Bug Bounty Program, you need strong knowledge of cybersecurity principles, vulnerability assessment, and hands-on experience in penetration testing, typically demonstrated through relevant certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Nmap, Metasploit, and bug tracking platforms is essential for efficiently identifying and reporting security flaws. Attention to detail, persistence, and strong written communication skills help you document findings and collaborate with program stakeholders. These competencies are vital to ensure vulnerabilities are accurately detected and responsibly disclosed to protect organizational assets.

How much do you get paid for bug bounties?

Bug bounty programs pay security researchers, including those participating in on-call bug bounty roles, based on the severity and impact of the vulnerabilities they discover. Payments can range from a few hundred to hundreds of thousands of dollars per bug, with high-severity issues typically earning higher rewards. Compensation varies by program, platform, and the complexity of the vulnerabilities found.

What is the difference between On Call Bug Bounty Program vs Penetration Tester?

AspectOn Call Bug Bounty ProgramPenetration Tester
CredentialsNone required; often self-taught or certified in security basicsCertifications like OSCP, CEH, or CISSP typically required
Work EnvironmentRemote, flexible, project-basedOften on-site or hybrid, structured engagements
Employer & Industry UsageCompanies seeking external security testing via crowdsourcingSecurity firms or internal teams conducting authorized testing
Search & Comparison IntentUnderstanding freelance or crowdsourced security testing optionsProfessional security assessment roles

The On Call Bug Bounty Program involves independent security researchers testing applications remotely on a project basis, often without formal employment. Penetration Testers are typically employed or contracted professionals with certifications, performing structured security assessments. Both roles focus on identifying vulnerabilities but differ in credentials, work environment, and engagement style.

More about On Call Bug Bounty Program jobs
What cities are hiring for On Call Bug Bounty Program jobs? Cities with the most On Call Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most On Call Bug Bounty Program jobs? States with the most job openings for On Call Bug Bounty Program jobs include:
What job categories do people searching On Call Bug Bounty Program jobs look for? The top searched job categories for On Call Bug Bounty Program jobs are:
Infographic showing various On Call Bug Bounty Program job openings in the United States as of June 2026, with employment types broken down into 3% As Needed, 84% Full Time, 3% Temporary, 7% Contract, and 3% Nights. Highlights an 94% Physical, 1% Hybrid, and 5% Remote job distribution, with an average salary of $103,178 per year, or $49.6 per hour.
Staff+ Application Security Engineer

Staff+ Application Security Engineer

Anthropic

Remote

$60.25 - $80.25/hr

Other

PTO

Posted 5 days ago


Job description

Staff+ Application Security Engineer

Remote-Friendly (Travel-Required) | San Francisco, CA | Seattle, WA | New York City, NY

About Anthropic

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About the Role:

The Application Security team is at the forefront of building security into every phase of the software development lifecycle at Anthropic. In this hands-on technical role, you will partner closely with our software engineers and researchers to ensure that security is a core consideration from initial design through implementation. You will lead threat modeling and secure design reviews to proactively identify and mitigate risks early, and help with continuous risk assessment. You will build tools and systems to support developers shipping code securely, adhering to secure coding best practices.

Your insights will shape our tooling, detection capabilities, and defenses against emerging threats to AI/ML. You'll develop the standards, processes, and educational resources that enable all Anthropic engineers to be security champions. This high-impact role demands a security practitioner who can think like an attacker, has a developer mindset, and can build strong relationships.

Responsibilities:
  • Help secure AI products and internal tools that are introducing industry-novel security risks and pushing established security boundaries
  • Lead "shift left" security efforts to build security into the software development lifecycle.
  • Conduct secure design reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities.
  • Develop tooling to scale security code reviews and respond to developer questions, including advising developers on remediating vulnerabilities and following secure coding practices.
  • Manage Anthropic's vulnerability management program, including integrating data ingestion pipelines, coding logic to prioritize vulnerability fixes, supporting teams remediating vulnerabilities and developing automated systems at scale.
  • Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with the ethical hacker community.
  • Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development.
  • Develop and document security policies, standards, and playbooks. Conduct security awareness training for engineers.
You May Be a Good Fit If You:
  • Have 7+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments.
  • Strong proficiency in at least one programming language (e.g., Python, Rust, Go, Java)
  • Lead with empathy, a collaborative spirit, and a learning mindset to work cross-functionally with engineers of all levels to build security into the software development life cycle.
  • Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls.
  • Possess broad security knowledge to connect the dots across domains and identify holistic ways to decrease the overall threat surface.
  • Are keen to distill complex security concepts into clear actions and drive consensus without direct authority.
  • Embody a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education.
  • Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes.
  • Bring experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses.
  • Are practiced at collaborating cross-functionally and effectively balancing security requirements with business objectives.
  • Advocate for security fundamentals like least privilege, defense-in-depth, and eliminating complexity that could sub-linearly scale security through smart design.
Strong Candidates May Also:
  • Hands-on technical expertise securing complex cloud environments and microservices architectures leveraging technologies like Kubernetes, Docker, and AWS / GCP.
  • Exposure to offensive security techniques like vulnerability testing, bug bounty, pen testing, and red team exercises.
  • Familiarity with AI/ML security risks such as prompt injection, data poisoning, model extraction, etc. and mitigations.
  • Experience building security tools, applications, and automated tools.
  • Solid foundational knowledge of both software and security engineering principles and are keen to continue learning.
  • Excellent communication skills, able to distill complex security topics for broad audiences.
  • Worked and thrived in fast-paced environments, and comfortable navigating ambiguity.

The annual compensation range for this role is listed below. For sales roles, the range provided is the role's On Target Earnings ("OTE") range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role.

Annual Salary:

$405,000 - $485,000 USD

Logistics

Minimum education: Bachelor's degree or an equivalent combination of education, training, and/or experience

Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience

Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position

Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.

How We're Different

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills.

The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences.

Come Work With Us!

Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues. Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process.