ZipRecruiter

Log In

1

Overnight Bug Bounty Program Jobs (NOW HIRING)

Prudential

Lead, Offensive Security Engineer

Newark, NJ · On-site

Support Bug Bounty Programs : Participate in and enhance the bug bounty program by validating submissions, providing detailed analysis, and collaborating with researchers and internal stakeholders to ...

shutterfly

Senior Application Security Engineer II

$60.25 - $80.25/hr

Manage our bug bounty program including triage, assessing impact, risk scoring (CVSS), helping to locate the vulnerable code, providing mitigation guidance, performing thorough re-testing, and ...

Adobe

Product Security Engineer

San Jose, CA · On-site

... handle bug bounty reports, and collaborate with various teams to enhance Adobe's security initiatives. Responsibilities : • Support the security testing program's initiatives to ensure ...

Keeper Security

Senior Vulnerability Engineer

$117.20K - $160.70K/yr

You will also support offensive security initiatives, including penetration testing, red teaming, and bug bounty programs, ensuring findings are actionable and embedded into engineering workflows.

Adobe

Product Security Engineer

San Jose, CA

Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...

Adobe, Inc.

Product Security Engineer

San Jose, CA · On-site

Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of security issues through ongoing engagement with engineering teams. Capture all relevant data and results ...

World

Senior Product Security Engineer

San Francisco, CA · On-site

$134.90K - $185K/yr

... bug bounty programs to keep pace with a rapidly growing engineering organization. Qualifications : Required : • 6+ years of hands-on experience in Product Security, Application Security, or Cloud ...

World

Staff Product Security Engineer

San Francisco, CA · On-site

... bug bounty programs to keep pace with a rapidly growing engineering organization. Qualifications : Required : • 12+ years of hands-on experience in Product Security, Application Security, or Cloud ...

Polymarket

Application Security Engineer

New York, NY · On-site

$180K - $250K/yr

Manage the external penetration testing program and own the bug bounty program end-to-end: triage, severity calibration, researcher communication, and payout coordination * Track and drive ...

Ramp

Security Engineer, Product

... our bug bounty program • Partner with engineering teams to design and deploy solutions which are inherently secure • Champion the use of tooling (linters, static analysis, posture assessment ...

Merge

Head of Security

Manhattan, NY · On-site

... Bug Bounty Program • Implement security controls across Merge, from infrastructure to CI • Implement and run manual and automated security practices to mitigate vulnerabilities • Assist with ...

next page

Showing results 1-20

All JobsBug Bounty Program JobsOvernight Bug Bounty Program Jobs

Overnight Bug Bounty Program information

See salary details

$16

$49

$78

How much do overnight bug bounty program jobs pay per hour?

As of May 31, 2026, the average hourly pay for overnight bug bounty program in the United States is $49.60, according to ZipRecruiter salary data. Most workers in this role earn between $31.73 and $66.83 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as an Overnight Bug Bounty Program participant, and why are they important?

To excel in an Overnight Bug Bounty Program, you need strong knowledge of cybersecurity fundamentals, ethical hacking techniques, and vulnerability assessment, often backed by practical experience or relevant certifications such as CEH or OSCP. Familiarity with tools like Burp Suite, Metasploit, Nmap, and bug bounty platforms such as HackerOne or Bugcrowd is essential. Attention to detail, persistence, and clear written communication set top performers apart in this field. These skills and qualities are crucial to effectively identify, document, and report security flaws, ensuring both personal success and improved security for participating organizations.

What are the typical challenges faced when working in an overnight bug bounty program role?

Working overnight in a bug bounty program often involves managing the difficulties of non-traditional hours, such as adjusting your sleep schedule and maintaining focus during late-night shifts. You may also encounter challenges in effectively communicating with global teams or program managers who operate during standard business hours. Additionally, handling urgent vulnerability reports and ensuring timely responses can be demanding, but it offers the opportunity to develop strong problem-solving skills and build a reputation in the cybersecurity community. Collaboration with other security researchers and clear documentation are key to success in this dynamic environment.

What is an Overnight Bug Bounty Program?

An Overnight Bug Bounty Program is a cybersecurity initiative where companies invite ethical hackers to identify and report security vulnerabilities in their systems during a designated overnight period. These programs are often time-limited and focus on rapid discovery and remediation of critical issues while minimizing disruption to business operations. Participants are rewarded based on the severity and validity of the bugs they report, helping organizations improve their security posture quickly. This approach leverages the fresh perspective and expertise of the broader security community in a concentrated timeframe.
More about Overnight Bug Bounty Program jobs
What cities are hiring for Overnight Bug Bounty Program jobs? Cities with the most Overnight Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Overnight Bug Bounty Program jobs? States with the most job openings for Overnight Bug Bounty Program jobs include:
What job categories do people searching Overnight Bug Bounty Program jobs look for? The top searched job categories for Overnight Bug Bounty Program jobs are:
Overnight Bug Bounty Program jobs near you
Infographic showing various Overnight Bug Bounty Program job openings in the United States as of May 2026, with employment types broken down into 76% Full Time, 18% Part Time, and 6% Contract. Highlights an 76% In-person, and 24% Remote job distribution, with an average salary of $103,178 per year, or $49.6 per hour.
Product Security Engineer (PSIRT - Product Security Incident Response Team)

Product Security Engineer (PSIRT - Product Security Incident Response Team)

Replit

Foster City, CA • On-site

$180K - $325K/yr

Full-time

Medical, Dental, Vision, Life, Retirement

Posted 10 days ago

Job description

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.
About the Role
We are looking for a highly skilled PSIRT Engineer to lead the vulnerability response program for Replit's cloud-native AI platform. You will own the lifecycle of security vulnerabilities affecting our products and services-from intake to validation, remediation coordination, and public disclosure.
This role requires strong technical ability to reproduce vulnerabilities, deep understanding of web/app/cloud exploit classes, and experience operating bug bounty and coordinated disclosure programs. You will work closely with Engineering, Cloud Security, SecOps, SRE, and IT teams to ensure vulnerabilities are fixed quickly and communicated responsibly.
What You'll Do
Vulnerability Intake, Triage & Validation
  • Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels.
  • Independently validate, reproduce, severity-score, and document findings.
  • Identify duplicates and maintain a clean vulnerability records pipeline.
  • Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC).
Remediation Coordination & SLA Management
  • Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation.
  • Provide detailed reproduction steps, proof-of-concepts, and technical analyses.
  • Track SLAs, remediation progress, regression testing, and systemic improvements.
  • Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance.
Bug Bounty & Vulnerability Disclosure Program Management
  • Design and evolve the bug bounty program, including scope, rules, and reward structures.
  • Manage platform selection, private vs. public launches, and community engagement.
  • Communicate clearly with researchers, provide clarifications, and handle feedback or disputes.
  • Determine reward payouts, bonus decisions, and recognition for top contributors.
Coordinated Disclosure & CVE Management
  • Lead the coordinated vulnerability disclosure process for internal and external findings.
  • Negotiate disclosure timelines with researchers and partners.
  • Coordinate CVE assignments and publications, and prepare customer/public advisories.

Required Skills
  • Experience running or triaging for bug bounty programs (HackerOne ideally).
  • Strong ability to triage, validate, and reproduce vulnerabilities independently.
  • Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc.
  • Familiarity with cloud platforms (GCP preferred) and SaaS architectures.
  • Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals.

Nice to Have
  • Scripting or automation experience (Python, Go, Bash).
  • Pentesting background or exposure to offensive security work.
  • Familiarity with compliance frameworks such as SOC 2 and ISO 27001.
  • Experience authoring public advisories or CVE writeups.
  • Hands-on experience with SIEM, Cloud Logging, and investigative tooling.

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.
Full-Time Employee Benefits Include:
Competitive Salary & Equity
401(k) Program with a 4% match (US Only)
Health, Dental, Vision and Life Insurance
Short Term and Long Term Disability
Paid Parental, Medical, Caregiver Leave
Flexible Time Off (FTO) + Holidays
Commuter Benefits (In-Office Only)
Monthly Wellness Stipend
Autonomous Work Environment
In Office Set-Up Reimbursement (In-Office Only)
Quarterly Team Gatherings
In Office Amenities (In-Office Only)
Want to learn more about what we are up to?
  • Meet the Replit Agent
  • Replit: Make an app for that
  • Replit Blog
  • Amjad TED Talk

Interviewing + Culture at Replit
  • Operating Principles
  • Reasons not to work at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.

Apply