The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system." What you'll do We seek a highly technical and detail-oriented ...
The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system." What you'll do We seek a highly technical and detail-oriented ...
With a growing engineering org, an active bug bounty program fielding 30+ open submissions at any given time, and products going live across smart contracts, backend services, and infrastructure ...
With a growing engineering org, an active bug bounty program fielding 30+ open submissions at any given time, and products going live across smart contracts, backend services, and infrastructure ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Bug Bounty & Vulnerability Disclosure Program Management * Design and evolve the bug bounty program, including scope, rules, and reward structures. * Manage platform selection, private vs. public ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Bug Bounty & Vulnerability Disclosure Program Management * Design and evolve the bug bounty program, including scope, rules, and reward structures. * Manage platform selection, private vs. public ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Quick apply
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $500K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $500K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
Senior Product Security Engineer
OR · On-site +1
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
Senior Product Security Engineer
OR · On-site +1
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
Senior Vulnerability Engineer
$117K - $160K/yr
You will also support offensive security initiatives, including penetration testing, red teaming, and bug bounty programs, ensuring findings are actionable and embedded into engineering workflows.
Senior Vulnerability Engineer
$117K - $160K/yr
You will also support offensive security initiatives, including penetration testing, red teaming, and bug bounty programs, ensuring findings are actionable and embedded into engineering workflows.
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
Senior Product Security Engineer
$117K - $160K/yr
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
Senior Product Security Engineer
$117K - $160K/yr
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. * Security Automation : Develop and implement ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
You will combine hands-on technical leadership with people management, overseeing programs that include subcomponents of Apple's bug bounty program, proactive vulnerability discovery, WAF rule ...
Partner cross-functionally with Product Engineering, Legal, Security Engineering Platform, Data teams and XFN partners to execute rigorous, agent enabled cross-brand Bug Bounty Program, Penetration ...
Partner cross-functionally with Product Engineering, Legal, Security Engineering Platform, Data teams and XFN partners to execute rigorous, agent enabled cross-brand Bug Bounty Program, Penetration ...
Senior Application Security Engineer (Offensive / Red Team)
$117K - $160K/yr
Bug Bounty Program Management: Manage the bug bounty program end to end - triage, impact assessment, risk scoring (CVSS), locating vulnerable code, providing mitigation guidance, thorough re-testing ...
Senior Application Security Engineer (Offensive / Red Team)
$117K - $160K/yr
Bug Bounty Program Management: Manage the bug bounty program end to end - triage, impact assessment, risk scoring (CVSS), locating vulnerable code, providing mitigation guidance, thorough re-testing ...
Head of Security
San Francisco, CA · On-site
... Bug Bounty Program • Implement security controls across Merge, from infrastructure to CI • Implement and run manual and automated security practices to mitigate vulnerabilities • Assist with ...
Head of Security
San Francisco, CA · On-site
... Bug Bounty Program • Implement security controls across Merge, from infrastructure to CI • Implement and run manual and automated security practices to mitigate vulnerabilities • Assist with ...
Overnight Bug Bounty Program information
See salary details
$16.35 - $22.01
6% of jobs
$22.01 - $27.67
14% of jobs
$31.30 is the 25th percentile. Wages below this are outliers.
$27.67 - $33.33
7% of jobs
$33.33 - $38.99
1% of jobs
$38.99 - $44.65
13% of jobs
The median wage is $47.88 / hr.
$44.65 - $50.31
15% of jobs
$50.31 - $55.97
3% of jobs
$55.97 - $61.63
9% of jobs
$65.30 is the 75th percentile. Wages above this are outliers.
$61.63 - $67.29
11% of jobs
$67.29 - $72.95
15% of jobs
$72.95 - $78.61
6% of jobs
$16
$49
$78
How much do overnight bug bounty program jobs pay per hour?
As of Jun 20, 2026, the average hourly pay for overnight bug bounty program in the United States is $49.60, according to ZipRecruiter salary data. Most workers in this role earn between $31.73 and $66.83 per hour, depending on experience, location, and employer.
Which bug bounty pays the most?
In bug bounty programs, payouts vary depending on the severity and impact of the vulnerability, with high-impact bugs such as remote code execution or data breaches often earning the highest rewards, sometimes reaching hundreds of thousands of dollars. Platforms like HackerOne and Bugcrowd host programs that offer large bounties for critical vulnerabilities, especially from well-funded organizations or those with high security standards. Successful bug bounty hunters typically have strong technical skills, knowledge of security testing tools, and an understanding of the target company's infrastructure.
What is an Overnight Bug Bounty Program?
An Overnight Bug Bounty Program is a cybersecurity initiative where companies invite ethical hackers to identify and report security vulnerabilities in their systems during a designated overnight period. These programs are often time-limited and focus on rapid discovery and remediation of critical issues while minimizing disruption to business operations. Participants are rewarded based on the severity and validity of the bugs they report, helping organizations improve their security posture quickly. This approach leverages the fresh perspective and expertise of the broader security community in a concentrated timeframe.
Will Facebook pay $500 if you find a bug in their code?
As an Overnight Bug Bounty Program participant, Facebook offers monetary rewards for qualifying security vulnerabilities, with payouts varying based on the severity and impact of the bug. While some bounties can reach or exceed $500, the exact amount depends on the specific vulnerability and program guidelines. Participants should review Facebook's bug bounty policies for detailed payout information.
How do I join a bug bounty program?
To join an overnight bug bounty program, you typically need to register on the platform hosting the program, such as HackerOne or Bugcrowd, and agree to their rules. You should have skills in security testing, familiarity with bug tracking tools, and often a basic understanding of web or application security. Participation usually involves submitting identified vulnerabilities according to program guidelines and may require a valid account or profile setup.
What are the typical challenges faced when working in an overnight bug bounty program role?
Working overnight in a bug bounty program often involves managing the difficulties of non-traditional hours, such as adjusting your sleep schedule and maintaining focus during late-night shifts. You may also encounter challenges in effectively communicating with global teams or program managers who operate during standard business hours. Additionally, handling urgent vulnerability reports and ensuring timely responses can be demanding, but it offers the opportunity to develop strong problem-solving skills and build a reputation in the cybersecurity community. Collaboration with other security researchers and clear documentation are key to success in this dynamic environment.
What are the key skills and qualifications needed to thrive as an Overnight Bug Bounty Program participant, and why are they important?
To excel in an Overnight Bug Bounty Program, you need strong knowledge of cybersecurity fundamentals, ethical hacking techniques, and vulnerability assessment, often backed by practical experience or relevant certifications such as CEH or OSCP. Familiarity with tools like Burp Suite, Metasploit, Nmap, and bug bounty platforms such as HackerOne or Bugcrowd is essential. Attention to detail, persistence, and clear written communication set top performers apart in this field. These skills and qualities are crucial to effectively identify, document, and report security flaws, ensuring both personal success and improved security for participating organizations.
How much money can you make doing bug bounties?
The earnings for an Overnight Bug Bounty Program can vary widely, with top hackers earning hundreds of thousands of dollars annually by finding critical vulnerabilities. Most bug bounty hunters earn from a few hundred to several thousand dollars per bug, depending on the severity and scope of the vulnerabilities discovered, as well as their skill level and reputation in the community.
More about Overnight Bug Bounty Program jobs
What cities are hiring for Overnight Bug Bounty Program jobs? Cities with the most Overnight Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Overnight Bug Bounty Program jobs? States with the most job openings for Overnight Bug Bounty Program jobs include:
What job categories do people searching Overnight Bug Bounty Program jobs look for? The top searched job categories for Overnight Bug Bounty Program jobs are:
Job description
Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
- Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program
- Communicate clearly and effectively with security researchers to follow up on unclear reports, drive report clarity, and increase engagement with top hackers
- Understand the root cause of security vulnerabilities to help product and engineering teams fix them, and advise on the right mitigation strategies
- Drive the lifecycle of submissions through to resolution, coordinating with product and engineering stakeholders
- Act as the security bridge between external researchers and internal teams to facilitate rapid and effective remediation
- Conduct in-depth data analysis on bug reports and vulnerability patterns to identify systemic risks and inform new security initiatives
- Provide tactical support for vulnerability management triage processes to augment the team as needed
- Prepare and implement improvements to the overall bug bounty program
- Provide feedback and requirements for tool development to enhance triage and security workflows, leveraging opportunities for automation
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- Proven ability to follow bug reports and accurately triage security vulnerabilities
- Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs)
- Competent in offensive security tools (e.g., Burp Suite, custom scripting)
- Ability to think like an attacker to understand the impact of vulnerabilities
- Proficient in clear communication, conveying technical concepts to various stakeholders
- Experience in one of the following areas
- Bug bounty program or triaging security vulnerability reports
- Knowledge of Stripe products and general security expertise
- Experience in technical support, operations, or similar roles with technical systems exposure
- Prior participation in or experience with bug bounty programs
- Experience analyzing source code for security vulnerabilities
- Proficiency in scripting languages (e.g., Python, Ruby) for automation
- Familiarity with cloud-based services (e.g., AWS, GCP)
- Certifications such as OSWA or BSCP
About Stripe
Sourced by ZipRecruiter
Industry
Software development
Company size
1,001 - 5,000 Employees
Headquarters location
San Francisco, CA, US
Year founded
2010