ZipRecruiter

Log In

2

Remote Bug Bounty Program Jobs in Oregon (NOW HIRING)

iHerb

Principal Application Security Engineer

OR · Remote

$58.75 - $78.50/hr

This role can be fully remote and must reside in US. In this role, you will help us drive our ... Drive our security assessment, penetration testing and bug bounty programs * Participate in ...

iHerb

Application Security Engineer

OR · Remote

$58.75 - $78.50/hr

Take part in our security assessment, penetration testing and bug bounty programs * Participate in ... Ability to work extended hours as required #LI-JC1 #LI-REMOTE

Ivanti

Senior Offensive Security Engineer

OR · On-site +1

$114.40K - $156.80K/yr

... program and encourage participation. * Receive and triage vulnerability reports submitted by external researchers through various channels, such as email, web form, or bug bounty platform.

Consensys

Senior Application Security Engineer

OR · Remote

Determine the root cause and severity of vulnerabilities reported to us through our bug bounty ... fun, remote-friendly, start-up environment-apply anyway, detailing your relevant transferable ...

Maximus

Back End Developer - Mid-level

OR · Remote

... programs across national security, defense, and public service delivery. Recent contract awards in ... This role is remote. Active Secret Clearance or above required. Active TS/SCI highly preferred.

Maximus

Back End Developer - Mid-level

OR · Remote

... programs across national security, defense, and public service delivery. Recent contract awards in ... This role is remote and requires an active Secret clearance. Maximus TCS (Technology and Consulting ...

Maximus

Back End Developer - Mid-level

OR · Remote

... programs across national security, defense, and public service delivery. Recent contract awards in ... This role is remote and requires an active Secret clearance. Maximus TCS (Technology and Consulting ...

Maximus

Back End Developer - Mid-level

OR · Remote

... programs across national security, defense, and public service delivery. Recent contract awards in ... This role is remote and requires an active Secret clearance. Maximus TCS (Technology and Consulting ...

Maximus

Back End Developer - Mid-level

OR · Remote

... programs across national security, defense, and public service delivery. Recent contract awards in ... This role is remote and requires an active Secret clearance. Maximus TCS (Technology and Consulting ...

Maximus

Senior Back End Developer

OR · Remote

$113K - $146.70K/yr

... programs across national security, defense, and public service delivery. Recent contract awards in ... This position is remote and requires an active Secret clearance. Active TS/SCI highly preferred.

Maximus

Senior Back End Developer - TS/SCI Clearance Required

OR · Remote

$113K - $146.70K/yr

... programs across national security, defense, and public service delivery. Recent contract awards in ... This position is remote and requires a Secret clearance or above. An active TS/SCI clearance is ...

Maximus

Senior Back End Developer

OR · Remote

$113K - $146.70K/yr

... programs across national security, defense, and public service delivery. Recent contract awards in ... This position is remote and requires a Secret clearance. Maximus TCS (Technology and Consulting ...

next page

Showing results 1-20

People also search for

All JobsRemote Bug Bounty Program JobsRemote Bug Bounty Program Jobs in Oregon

Remote Bug Bounty Program information

What are the key skills and qualifications needed to thrive in a Remote Bug Bounty Program role, and why are they important?

To thrive in a Remote Bug Bounty Program role, you need a strong background in cybersecurity, vulnerability assessment, and ethical hacking, often supported by experience in penetration testing and security certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Nmap, Metasploit, and various bug bounty platforms is essential. Attention to detail, persistence, effective communication, and self-motivation are standout soft skills for this position. These abilities are crucial for identifying and responsibly reporting security vulnerabilities that help organizations strengthen their defenses.

What are the biggest challenges faced by participants in a remote bug bounty program, and how can they be addressed?

One of the main challenges in remote bug bounty programs is staying motivated and disciplined without direct oversight, as participants often work independently. Additionally, understanding the specific security requirements and scope of each program can be complex, especially when dealing with varied platforms and reporting standards. To overcome these challenges, it's important to set personal goals, join online communities for peer support, and thoroughly review each program's documentation before starting. Effective communication with program coordinators can also help clarify expectations and facilitate successful submissions.

What are Remote Bug Bounty Programs?

Remote Bug Bounty Programs are initiatives run by organizations that invite independent security researchers, or 'bug hunters,' to find and report vulnerabilities in their software or systems. These programs are conducted entirely online, allowing participants from around the world to contribute remotely. Companies offer monetary rewards or other incentives for valid and impactful security findings. This approach helps organizations strengthen their security by leveraging a global pool of ethical hackers, while participants gain recognition and compensation for their expertise.

What is the difference between Remote Bug Bounty Program vs Remote Penetration Tester?

AspectRemote Bug Bounty ProgramRemote Penetration Tester
CredentialsTypically no formal certifications required, but cybersecurity knowledge helpsOften holds certifications like OSCP, CEH, or CISSP
Work EnvironmentParticipates remotely, often independently, on various platformsWorks remotely or on-site for clients, conducting security assessments
Employer & Industry UsageUsed by companies to crowdsource security testing; industry-wideEmployed by organizations or consulting firms to perform security audits

While both roles focus on cybersecurity, a Remote Bug Bounty Program involves independent testing on platforms to find vulnerabilities, whereas a Remote Penetration Tester conducts comprehensive security assessments for organizations, often with formal credentials and direct client engagement.

What are the most commonly searched types of Bug Bounty Program jobs in Oregon? The most popular types of Bug Bounty Program jobs in Oregon are:
What are popular job titles related to Remote Bug Bounty Program jobs in Oregon? For Remote Bug Bounty Program jobs in Oregon, the most frequently searched job titles are:
What job categories do people searching Remote Bug Bounty Program jobs in Oregon look for? The top searched job categories for Remote Bug Bounty Program jobs in Oregon are:
What cities in Oregon are hiring for Remote Bug Bounty Program jobs? Cities in Oregon with the most Remote Bug Bounty Program job openings:
Remote Bug Bounty Program jobs near you
Principal Application Security Engineer

Principal Application Security Engineer

iHerb

Remote

$58.75 - $78.50/hr

Other

Posted 15 days ago

iHerb rating

7.4

Company rating: 7.4 out of 10

Based on 12 frontline employees who took The Breakroom Quiz

Job description

Summary:

Are you passionate about securing global-scale ecommerce services and applications that power millions of customers across over a hundred countries around the globe? We are looking for a hands-on Principal Product Security Engineer to lead our Secure Development Lifecycle assurance processes, our security automation technologies, drive the security hardening strategy across our product and respond to current and emerging security threats. This role can be fully remote and must reside in US.

In this role, you will help us drive our Product Security strategy working with development teams globally to define new security capabilities, grow the team by hiring the best talent, and partner with senior leaders across the organization to deliver company-wide security initiatives. 

Responsibilities Include::

  • Lead cross-functional projects and establish cutting-edge security development lifecycle practices

  • Directed security design reviews and threat modeling for new and existing services at iHerb

  • Evaluate, prototype, implement, and operate security-focused tools and services

  • Create new secure architecture standards, frameworks and patterns spanning multiple layers

  • Discover and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations

  • Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...)

  • Maintain a strong knowledge of current security threats and operational best practices

  • Drive our security assessment, penetration testing and bug bounty programs

  • Participate in security incident response

In order to be successful in this role you must have: 

  • Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) with an innate ability to translate technical vulnerabilities into organizational risks

  • 8+ years of technical security leadership at a top-tier software company including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies

  • Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25...)

  • Proficiency implementing SDL process, technology, and automation in a DevOps environment

  • Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption

  • Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)

  • Excellent problem solving, critical thinking, collaboration and communication skills

Bonus Qualifications:

  • Experience with Cloudflare security, AWS VPCs, EC2 instances and docker

  • Ability to drive good decisions through data with great attention to detail and deliver KPIs 

  • Experience driving application security training, security champions and awareness campaigns

  • Active contributor to the security community (research, open source, publications...) with the ability to attract and hire great talent

#LI-JC1

What iHerb employees say

Pay

Hours and flexibility

Workplace

Get the full story on Breakroom

Apply