Head of Security
San Francisco, CA · On-site
... Bug Bounty Program • Implement security controls across Merge, from infrastructure to CI • Implement and run manual and automated security practices to mitigate vulnerabilities • Assist with ...
Head of Security
San Francisco, CA · On-site
... Bug Bounty Program • Implement security controls across Merge, from infrastructure to CI • Implement and run manual and automated security practices to mitigate vulnerabilities • Assist with ...
... our bug bounty program • Partner with engineering teams to design and deploy solutions which are inherently secure • Champion the use of tooling (linters, static analysis, posture assessment ...
... our bug bounty program • Partner with engineering teams to design and deploy solutions which are inherently secure • Champion the use of tooling (linters, static analysis, posture assessment ...
Penetration Tester
San Francisco, CA · On-site
Experience in Red Teaming and bug bounty programs preferred Ideal Candidate: * 5-8 years of security testing experience * Proven ability to mentor teams and implement enterprise security solutions
Quick apply
Penetration Tester
San Francisco, CA · On-site
Experience in Red Teaming and bug bounty programs preferred Ideal Candidate: * 5-8 years of security testing experience * Proven ability to mentor teams and implement enterprise security solutions
Senior Cybersecurity Engineer
Houston, TX · On-site
$109K - $149K/yr
... the bug bounty and responsible disclosure program, including vulnerability triage and researcher communications. • Evaluate AI-powered tools and agentic AI platforms from a security perspective ...
Senior Cybersecurity Engineer
Houston, TX · On-site
$109K - $149K/yr
... the bug bounty and responsible disclosure program, including vulnerability triage and researcher communications. • Evaluate AI-powered tools and agentic AI platforms from a security perspective ...
... bug bounty program • Triage and recommend solutions for security bugs from tools, third party assessments and bug bounties • Collaborate with the CISO and security team to grow the broader ...
New
... bug bounty program • Triage and recommend solutions for security bugs from tools, third party assessments and bug bounties • Collaborate with the CISO and security team to grow the broader ...
New
Principal Product Security Engineer
New York, NY · On-site
$190K - $220K/yr
Triage and drive to remediation submissions from our external bug bounty program * Participate in our security incident response process * Make recommendations to external teams and stakeholders ...
Principal Product Security Engineer
New York, NY · On-site
$190K - $220K/yr
Triage and drive to remediation submissions from our external bug bounty program * Participate in our security incident response process * Make recommendations to external teams and stakeholders ...
Senior Security Engineer - Automation
OR · Remote
$117K - $160K/yr
We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...
Quick apply
Senior Security Engineer - Automation
OR · Remote
$117K - $160K/yr
We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...
Principal Product Security Engineer
New York, NY · On-site
$190K - $220K/yr
Triage and drive to remediation submissions from our external bug bounty program * Participate in our security incident response process * Make recommendations to external teams and stakeholders ...
Principal Product Security Engineer
New York, NY · On-site
$190K - $220K/yr
Triage and drive to remediation submissions from our external bug bounty program * Participate in our security incident response process * Make recommendations to external teams and stakeholders ...
Senior Application Security Engineer
Meridian, ID · Remote
$111K - $152K/yr
Investigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation. * Own and continuously improve application ...
Senior Application Security Engineer
Meridian, ID · Remote
$111K - $152K/yr
Investigate, triage, and respond to Bug Bounty program submissions, validating findings and working with engineering teams to drive timely remediation. * Own and continuously improve application ...
... bug bounty program • Triage and recommend solutions for security bugs from tools, third party assessments and bug bounties • Collaborate with the CISO and security team to grow the broader ...
... bug bounty program • Triage and recommend solutions for security bugs from tools, third party assessments and bug bounties • Collaborate with the CISO and security team to grow the broader ...
Senior Security Engineer - Automation
$117K - $160K/yr
We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...
Senior Security Engineer - Automation
$117K - $160K/yr
We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...
Senior Security Engineer - Automation
New York, NY · On-site
$125K - $171K/yr
We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...
Senior Security Engineer - Automation
New York, NY · On-site
$125K - $171K/yr
We actively manage our Bug Bounty program, ensuring swift response and remediation, and leverage cutting-edge tools like Cloudflare's WAF to build robust defenses. We offer an extensive number of ...
SOC Engineer
Foster City, CA · On-site
$180K - $250K/yr
Experience working with bug bounty programs or coordinated vulnerability disclosure workflows. * Experience in fast-paced, cloud-native, or AI/ML-driven environments. What We Value * Curiosity ...
SOC Engineer
Foster City, CA · On-site
$180K - $250K/yr
Experience working with bug bounty programs or coordinated vulnerability disclosure workflows. * Experience in fast-paced, cloud-native, or AI/ML-driven environments. What We Value * Curiosity ...
Lead Engineer, Penetration Tester
Minneapolis, MN · On-site
$132K - $238K/yr
Review and triage submissions from the Bug Bounty program; escalate critical findings to appropriate teams and help drive remediation * Contribute to threat modeling activities, providing expert ...
Lead Engineer, Penetration Tester
Minneapolis, MN · On-site
$132K - $238K/yr
Review and triage submissions from the Bug Bounty program; escalate critical findings to appropriate teams and help drive remediation * Contribute to threat modeling activities, providing expert ...
Senior Cybersecurity Engineer
Houston, TX · On-site
$105K - $145K/yr
Provide application security guidance and support the bug bounty and responsible disclosure program, including vulnerability triage and researcher communications. * Evaluate AI-powered tools and ...
Senior Cybersecurity Engineer
Houston, TX · On-site
$105K - $145K/yr
Provide application security guidance and support the bug bounty and responsible disclosure program, including vulnerability triage and researcher communications. * Evaluate AI-powered tools and ...
Senior Cybersecurity Engineer
$109K - $149K/yr
Provide application security guidance and support the bug bounty and responsible disclosure program, including vulnerability triage and researcher communications. * Evaluate AI-powered tools and ...
Senior Cybersecurity Engineer
$109K - $149K/yr
Provide application security guidance and support the bug bounty and responsible disclosure program, including vulnerability triage and researcher communications. * Evaluate AI-powered tools and ...
Staff+ Application Security Engineer
San Francisco, CA · On-site +1
$69.25 - $92.50/hr
Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with ...
Staff+ Application Security Engineer
San Francisco, CA · On-site +1
$69.25 - $92.50/hr
Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with ...
Security Engineer
San Francisco, CA · On-site
... our bug bounty program end to end: triage, response, remediation, and researcher communication • Partner with Engineering to embed secure design patterns and security review into how we ship ...
Security Engineer
San Francisco, CA · On-site
... our bug bounty program end to end: triage, response, remediation, and researcher communication • Partner with Engineering to embed secure design patterns and security review into how we ship ...
Security Engineer
Manhattan, NY · On-site
... our bug bounty program end to end: triage, response, remediation, and researcher communication • Partner with Engineering to embed secure design patterns and security review into how we ship ...
Security Engineer
Manhattan, NY · On-site
... our bug bounty program end to end: triage, response, remediation, and researcher communication • Partner with Engineering to embed secure design patterns and security review into how we ship ...
CNO Developer
Chantilly, VA · On-site
$129K - $177K/yr
Desire to contribute to CTF events, bug bounty programs, and speaking at the security conferences * Rapid Prototype Software Development Security Clearance: * Active TS/SCI level clearance. Must be ...
CNO Developer
Chantilly, VA · On-site
$129K - $177K/yr
Desire to contribute to CTF events, bug bounty programs, and speaking at the security conferences * Rapid Prototype Software Development Security Clearance: * Active TS/SCI level clearance. Must be ...
Overnight Bug Bounty Program information
See salary details
$16.35 - $22.01
6% of jobs
$22.01 - $27.67
14% of jobs
$31.30 is the 25th percentile. Wages below this are outliers.
$27.67 - $33.33
7% of jobs
$33.33 - $38.99
1% of jobs
$38.99 - $44.65
13% of jobs
The median wage is $47.88 / hr.
$44.65 - $50.31
15% of jobs
$50.31 - $55.97
3% of jobs
$55.97 - $61.63
9% of jobs
$65.30 is the 75th percentile. Wages above this are outliers.
$61.63 - $67.29
11% of jobs
$67.29 - $72.95
15% of jobs
$72.95 - $78.61
6% of jobs
$16
$49
$78
How much do overnight bug bounty program jobs pay per hour?
As of Jun 21, 2026, the average hourly pay for overnight bug bounty program in the United States is $49.60, according to ZipRecruiter salary data. Most workers in this role earn between $31.73 and $66.83 per hour, depending on experience, location, and employer.
Which bug bounty pays the most?
In bug bounty programs, payouts vary depending on the severity and impact of the vulnerability, with high-impact bugs such as remote code execution or data breaches often earning the highest rewards, sometimes reaching hundreds of thousands of dollars. Platforms like HackerOne and Bugcrowd host programs that offer large bounties for critical vulnerabilities, especially from well-funded organizations or those with high security standards. Successful bug bounty hunters typically have strong technical skills, knowledge of security testing tools, and an understanding of the target company's infrastructure.
What is an Overnight Bug Bounty Program?
An Overnight Bug Bounty Program is a cybersecurity initiative where companies invite ethical hackers to identify and report security vulnerabilities in their systems during a designated overnight period. These programs are often time-limited and focus on rapid discovery and remediation of critical issues while minimizing disruption to business operations. Participants are rewarded based on the severity and validity of the bugs they report, helping organizations improve their security posture quickly. This approach leverages the fresh perspective and expertise of the broader security community in a concentrated timeframe.
Will Facebook pay $500 if you find a bug in their code?
As an Overnight Bug Bounty Program participant, Facebook offers monetary rewards for qualifying security vulnerabilities, with payouts varying based on the severity and impact of the bug. While some bounties can reach or exceed $500, the exact amount depends on the specific vulnerability and program guidelines. Participants should review Facebook's bug bounty policies for detailed payout information.
How do I join a bug bounty program?
To join an overnight bug bounty program, you typically need to register on the platform hosting the program, such as HackerOne or Bugcrowd, and agree to their rules. You should have skills in security testing, familiarity with bug tracking tools, and often a basic understanding of web or application security. Participation usually involves submitting identified vulnerabilities according to program guidelines and may require a valid account or profile setup.
What are the typical challenges faced when working in an overnight bug bounty program role?
Working overnight in a bug bounty program often involves managing the difficulties of non-traditional hours, such as adjusting your sleep schedule and maintaining focus during late-night shifts. You may also encounter challenges in effectively communicating with global teams or program managers who operate during standard business hours. Additionally, handling urgent vulnerability reports and ensuring timely responses can be demanding, but it offers the opportunity to develop strong problem-solving skills and build a reputation in the cybersecurity community. Collaboration with other security researchers and clear documentation are key to success in this dynamic environment.
What are the key skills and qualifications needed to thrive as an Overnight Bug Bounty Program participant, and why are they important?
To excel in an Overnight Bug Bounty Program, you need strong knowledge of cybersecurity fundamentals, ethical hacking techniques, and vulnerability assessment, often backed by practical experience or relevant certifications such as CEH or OSCP. Familiarity with tools like Burp Suite, Metasploit, Nmap, and bug bounty platforms such as HackerOne or Bugcrowd is essential. Attention to detail, persistence, and clear written communication set top performers apart in this field. These skills and qualities are crucial to effectively identify, document, and report security flaws, ensuring both personal success and improved security for participating organizations.
How much money can you make doing bug bounties?
The earnings for an Overnight Bug Bounty Program can vary widely, with top hackers earning hundreds of thousands of dollars annually by finding critical vulnerabilities. Most bug bounty hunters earn from a few hundred to several thousand dollars per bug, depending on the severity and scope of the vulnerabilities discovered, as well as their skill level and reputation in the community.
More about Overnight Bug Bounty Program jobs
What cities are hiring for Overnight Bug Bounty Program jobs? Cities with the most Overnight Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Overnight Bug Bounty Program jobs? States with the most job openings for Overnight Bug Bounty Program jobs include:
What job categories do people searching Overnight Bug Bounty Program jobs look for? The top searched job categories for Overnight Bug Bounty Program jobs are:
Job description
Job Summary:
Merge is the leading provider of agentic tools and customer-facing integrations for frontier LLMs, Fortune 500 organizations, and B2B SaaS companies. As the Director of Security at Merge, you will manage security programs, including infrastructure, compliance, and security automation, while ensuring that security is treated as a core practice by all employees.
Responsibilities:
• Create and drive the security roadmap
• Manage our compliance automation programs (SOC 2, ISO 27001, HIPAA, etc.). We’ve already achieved these using Drata, and while you have a team to support you, you will take the lead.
• Ensure all engineers and employees of Merge treat security as a core part of our practices
• Manage our Bug Bounty Program
• Implement security controls across Merge, from infrastructure to CI
• Implement and run manual and automated security practices to mitigate vulnerabilities
• Assist with security reviews, threat modeling, disaster recovery practice, and code reviews
Qualifications:
Required:
• 7+ years of security engineering experience
• Ownership or leadership within areas of security at previous organizations, infosec being a plus
• An overall excitement around building a more secure engineering function and organization
• Ability to manage security programs
• Experience with and a desire to code in at least one major programming language
• A thorough understanding of networking and infrastructure, including load balancing, VPNs, Zero Trust, HTTPS, DNS, etc.
• Experience with multi-tenant cloud environments
Company:
Merge is one API to add hundreds of integrations to your product Founded in 2020, the company is headquartered in San Francisco, USA, with a team of 51-200 employees. The company is currently Growth Stage.
Merge is the leading provider of agentic tools and customer-facing integrations for frontier LLMs, Fortune 500 organizations, and B2B SaaS companies. As the Director of Security at Merge, you will manage security programs, including infrastructure, compliance, and security automation, while ensuring that security is treated as a core practice by all employees.
Responsibilities:
• Create and drive the security roadmap
• Manage our compliance automation programs (SOC 2, ISO 27001, HIPAA, etc.). We’ve already achieved these using Drata, and while you have a team to support you, you will take the lead.
• Ensure all engineers and employees of Merge treat security as a core part of our practices
• Manage our Bug Bounty Program
• Implement security controls across Merge, from infrastructure to CI
• Implement and run manual and automated security practices to mitigate vulnerabilities
• Assist with security reviews, threat modeling, disaster recovery practice, and code reviews
Qualifications:
Required:
• 7+ years of security engineering experience
• Ownership or leadership within areas of security at previous organizations, infosec being a plus
• An overall excitement around building a more secure engineering function and organization
• Ability to manage security programs
• Experience with and a desire to code in at least one major programming language
• A thorough understanding of networking and infrastructure, including load balancing, VPNs, Zero Trust, HTTPS, DNS, etc.
• Experience with multi-tenant cloud environments
Company:
Merge is one API to add hundreds of integrations to your product Founded in 2020, the company is headquartered in San Francisco, USA, with a team of 51-200 employees. The company is currently Growth Stage.