2

Remote Bug Bounty Program Jobs in Washington (NOW HIRING)

Be Seen First

... changes, bug fixes, reporting, and enhancements. This role guides the execution of both minor ... Prepares required documentation including program-level and technical user-level documentation.

iOS Vulnerability Researcher

Arlington, VA · On-site +1

$59.50 - $82/hr

... and bug hunting, looking for weaknesses, logic bugs and memory corruption issues. * Kernel or ... Employee assistance program * Company socials throughout the year The location: This is a remote ...

iOS Vulnerability Researcher

Arlington, VA · Remote

$59.50 - $82/hr

... and bug hunting, looking for weaknesses, logic bugs and memory corruption issues. * Kernel or ... Employee assistance program * Company socials throughout the year The location: This is a remote ...

This position is remote with occasional paid travel to San Antionio or Baltimore and requires a Top ... Other rewards may include short- and long-term incentives as well as program-specific awards.

Our broad product portfolio includes renowned brands like Garden of Life, Nature's Bounty, Vital ... This position will be either a remote or hybrid role based on the selected candidate's geographic ...

Senior Back-End Developer

VA · On-site +1

$120K - $157K/yr

... City Remote Country United States Working time Full-time Description & Requirements Maximus is ... Other rewards may include short- and long-term incentives as well as program-specific awards.

Senior Back-End Developer

VA · On-site +1

$120K - $157K/yr

... City Remote Country United States Working time Full-time Description & Requirements Maximus is ... Other rewards may include short- and long-term incentives as well as program-specific awards.

Business Analyst (DISA)

Vienna, VA · Remote

$100K - $120K/yr

Location : Remote, US. Occasional travel may be required. Who we are Horizon Industries Limited ... Document acceptance criteria for user stories and bug tickets. * Help Developers understand the ...

DevOps Software Engineer - TS/SCI

Bethesda, MD · On-site +1

$56.25 - $77/hr

This role is part of a 10‑year program supporting the DOMEX Data Discovery Platform (D3P ... Participate in Agile release planning, scrums, design sessions, bug triage, and related team ...

next page

Showing results 1-20

Remote Bug Bounty Program information

What are Remote Bug Bounty Programs?

Remote Bug Bounty Programs are initiatives run by organizations that invite independent security researchers, or 'bug hunters,' to find and report vulnerabilities in their software or systems. These programs are conducted entirely online, allowing participants from around the world to contribute remotely. Companies offer monetary rewards or other incentives for valid and impactful security findings. This approach helps organizations strengthen their security by leveraging a global pool of ethical hackers, while participants gain recognition and compensation for their expertise.

What are the biggest challenges faced by participants in a remote bug bounty program, and how can they be addressed?

One of the main challenges in remote bug bounty programs is staying motivated and disciplined without direct oversight, as participants often work independently. Additionally, understanding the specific security requirements and scope of each program can be complex, especially when dealing with varied platforms and reporting standards. To overcome these challenges, it's important to set personal goals, join online communities for peer support, and thoroughly review each program's documentation before starting. Effective communication with program coordinators can also help clarify expectations and facilitate successful submissions.

What is the difference between Remote Bug Bounty Program vs Remote Penetration Tester?

AspectRemote Bug Bounty ProgramRemote Penetration Tester
CredentialsTypically no formal certifications required, but cybersecurity knowledge helpsOften holds certifications like OSCP, CEH, or CISSP
Work EnvironmentParticipates remotely, often independently, on various platformsWorks remotely or on-site for clients, conducting security assessments
Employer & Industry UsageUsed by companies to crowdsource security testing; industry-wideEmployed by organizations or consulting firms to perform security audits

While both roles focus on cybersecurity, a Remote Bug Bounty Program involves independent testing on platforms to find vulnerabilities, whereas a Remote Penetration Tester conducts comprehensive security assessments for organizations, often with formal credentials and direct client engagement.

What are the key skills and qualifications needed to thrive in a Remote Bug Bounty Program role, and why are they important?

To thrive in a Remote Bug Bounty Program role, you need a strong background in cybersecurity, vulnerability assessment, and ethical hacking, often supported by experience in penetration testing and security certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Nmap, Metasploit, and various bug bounty platforms is essential. Attention to detail, persistence, effective communication, and self-motivation are standout soft skills for this position. These abilities are crucial for identifying and responsibly reporting security vulnerabilities that help organizations strengthen their defenses.
What are the most commonly searched types of Bug Bounty Program jobs in Washington? The most popular types of Bug Bounty Program jobs in Washington are:
What job categories do people searching Remote Bug Bounty Program jobs in Washington look for? The top searched job categories for Remote Bug Bounty Program jobs in Washington are:
What cities in Washington are hiring for Remote Bug Bounty Program jobs? Cities in Washington with the most Remote Bug Bounty Program job openings:
Infographic showing various Remote Bug Bounty Program job openings in Washington as of July 2026, with employment types broken down into 50% Full Time, and 50% Part Time. Highlights an 100% Remote job distribution.
Staff Product Security Engineer

Staff Product Security Engineer

Greenlight Financial Technology

Fort Washington, MD • Remote

Full-time

Posted 17 days ago


Job description

Greenlight is the leading family fintech company on a mission to help parents raise financially smart kids. We proudly serve more than 6 million parents and kids with our award-winning banking app for families. With Greenlight, parents can automate allowance, manage chores, set flexible spend controls, and invest for their family’s future. Kids and teens learn to earn, save, spend wisely, and invest. 
 
At Greenlight, we believe every child should have the opportunity to become financially healthy and happy. It’s no small task, and that’s why we leap out of bed every morning to come to work. Because creating a better, brighter future for the next generation depends on it.

We are seeking an experienced and motivated Staff Product Security Engineer to join our growing Security team. This individual will be responsible for the end-to-end security of our consumer products, digital platform and an emerging hardware device line. The Staff Product Security Engineer will drive security review, threat modeling programs, lead penetration testing, manage PSIRT operations, champion secure AI adoption and establish security guardrails for AI powered products and AI assisted development workflows within a highly regulated financial services environment.
 
This role reports to the Senior Manager of Product Security.
Your day-to-day:
  • Lead security architecture/design review and threat modeling sessions with product and engineering teams using STRIDE, PASTA and attack tree methodologies. 
  • Translate threats into actionable, risk-rated engineering remediations prioritized by severity.
  • Conduct hands-on penetration testing and security assessments across our full product stack producing actionable reports for engineering and leadership.
  • Red-Team our AI powered products and development tools to test for prompt injection, data exfiltration,  MCP server exploitation, and tool misuse. Probe AI guardrails to ensure they hold. Experience with product security tools such as Burp Suite, Metasploit, Kali Linux, Postman, etc.
  • Drive PSIRT Operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers and on-call incidents. This includes managing zero day findings, driving remediation, collaborating with engineering to patch or mitigate with compensating controls.
  • Shape the posture of our AI assisted development environment defining and enforcing enterprise policies for claude and cursor. 
  • Partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers and collaborating with the AI team on securing ML pipelines.
  • Champion Security Culture by running developer training on secure coding with AI assistants, evangelizing security by design for products and ensuring every engineer understands that product security is an enabler and not a gate.
What you’ll bring to the team:
  • 10+ years of product security experience spanning application security, cloud security, and secure SDLC.  you will have full SDLC experience from design through development, deployment and incident response.
  • Expert level Threat Modeling using STRIDE, PASTA or equivalent across web, mobile, cloud, embedded and AI systems.
  • Hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware. You think like an attacker and you can provide it through published research, CVE discoveries, bug bounty results or red-team engagements.
  • PSIRT operational experience from vulnerability intake and triage.  You are fluent in CVE, CVSS, FIRST PSIRT frameworks.
  • Deep hands down AI security expertise and expert level understanding of OWASP Top 10 for LLM, API, Web, Mobile and have practical experience with MITRE.
  • Strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor. 
  • You understand MCP security risks and know how to architect enterprise guardrails that enable safe AI-assisted development. You have defined policies for AI generated code, secrets scanning, and DLP for outbound AI traffic. 
  • Strong programming ability and capability to review code, build security tools, automate workflows and be credible with the engineering teams you partner with.
  • Deep technical knowledge of CI/CD pipeline and relevant tools for web and mobile applications.
  • Strong knowledge of programing language & frameworks (i.e. Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI), cloud technologies and infrastructure (i.e. AWS, GCP, Kubernetes, Ambassador, Helm), and databases (i.e. MySQL, DynamoDB, Redis)
  • Ability to influence without authority, mentor without managing , and communicate complex risks in a language that resonates with engineers, product managers, legal and compliance and executives alike. 
Preferred experience:
  • Hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience.
  • Experience in the Financial industry, knowledge of PCI DSS, COPPA or demonstrated ability to learn regulated domains quickly.
Work perks at Greenlight:
  • Medical, dental, vision, and HSA match 
  • Paid life insurance, AD&D, and disability benefits 
  • Traditional 401k with company match
  • Unlimited PTO 
  • Paid company holidays and pop-up bonus holidays 
  • Professional development stipends
  • Mental health resources  
  • 1:1 financial planners
  • Fertility healthcare
  • 100% paid parental and caregiving leave, plus cleaning service and meals during your leave
  • Flexible WFH, both remote and in-office opportunities
  • Fully stocked kitchen, catered lunches, and occasional in-office happy hours
  • Employee resource groups
Our stance on salaries:
Greenlight provides a competitive compensation package with a market-based approach to pay and will vary depending on your location, experience and skill set. The total compensation package for this position will also include a discretionary performance bonus, equity rewards, medical benefits, 401K match, and more. Greenlight conducts continuous compensation evaluations across departments and geographies to ensure we are keeping our pay current and competitive.
 
The estimated base pay range for this position in (NY, CA, WA): $165,000-200,000
The estimated base pay range for this position in (CO): $165,000-185,000

Who we are:
It takes a special team to aim for a never-been-done-before mission like ours. We’re looking for people who love working together because they know it makes us stronger, people who look to others and ask, “How can I help?” and then “How can we make this even better?” If you’re ready to roll up your sleeves and help create a world where every child grows up to be happy and healthy in money and life, apply to join our team. 
 
Greenlight is an equal opportunity employer and will not discriminate against any employee or applicant based on age, race, color, national origin, gender, gender identity or expression, sexual orientation, religion, physical or mental disability, medical condition (including pregnancy, childbirth, or a medical condition related to pregnancy or childbirth), genetic information, marital status, veteran status, or any other characteristic protected by federal, state or local law.
 
Greenlight is committed to an inclusive work environment and interview experience. If you require reasonable accommodations to participate in our hiring process, please reach out to your recruiter directly or email accomodations@greenlight.me. 
 

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.