2

Remote Bug Bounty Program Jobs (NOW HIRING)

Experience with bug bounty programs and penetration testing * Security certifications such as CISSP ... There may be remote flexibility for exceptional candidates in the following states: California ...

New

Prior experience selling crowdsourced security, Bug Bounty, or Attack Surface Management solutions ... Environment - remote, work-from-home 100% of the time. Pay Range Disclosure At Bugcrowd, we strive ...

This is a remote first role. You will partner closely with teams across the company and focus on ... Help run penetration testing, offensive security exercises, and support our bug bounty program.

Coordinate with third-party security vendors for external assessments and bug bounty program management where applicable. Security Engineering * Own remediation follow-through: translate pen test ...

Own and evolve the bug bounty program, including triage, response processes, and improvements to ... We\'re remote, but we regularly get together **We have been made aware of individuals falsely ...

Security Engineer, Product

New York, NY · Remote

$257K - $354K/yr

... bug bounty program * Partner with engineering teams to design and deploy solutions which are inherently secure * Champion the use of tooling (linters, static analysis, posture assessment scanners ...

Founding Account Executive

San Francisco, CA · On-site +1

$150K - $300K/yr

Location: San Francisco, CA (remote considered for candidates with a strong existing book) Work ... bug bounty hunters. They are a Y Combinator alum, recently closed a $12.5M seed round, and have ...

Promote secure development practices by managing Security Champions and Bug Bounty programs while ... remote workspace setup. * Internal employee recognition program with redeemable rewards ...

New

You'll bring depth in security fundamentals and program design as a member of a small, high ... Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team's work demands.

Senior Application Security Engineer

Charleston, WV · On-site +1

$54.25 - $72.75/hr

Vulnerability disclosure or bug bounty program experience * Production software engineering background * Certifications such as CSSLP, CISSP, OSWA, OSWE, GWAPT, or GMOB Nordstrom is able to offer ...

Senior Product Security Engineer

$117K - $160K/yr

... through CVEs, bug bounty awards, published research, or prior work experience • Ability to ... building security programs or practices at hyper-growth startups • Background with cloud ...

... CTFs, bug bounty programs, or open-source contributions. * Basic scripting or automation experience in support or security workflows. Benefits: * Fully remote global work environment with ...

Respond to and triage reports from bug bounty programs. Minimum Qualifications * B.S. or M.S. in Computer Science, a related technical field, or equivalent experience. * 3+ years of experience in ...

Participated in bug bounty programs and audit contests * Published security-related blog posts and ... LI-Remote #blockchain #startups #hiring CertiK is proud to offer medical, vision, and dental ...

Experience submitting to bug bounty programs or responsible disclosure programs Compensation The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend ...

... commercial bug bounty programs * Experience with databases, backend systems, and supporting ... Remote : If this position is listed as remote, there may still be occasions when you are required ...

next page

Showing results 1-20

Remote Bug Bounty Program information

See salary details

$16

$49

$78

How much do remote bug bounty program jobs pay per hour?

As of Jul 11, 2026, the average hourly pay for remote bug bounty program in the United States is $49.60, according to ZipRecruiter salary data. Most workers in this role earn between $31.73 and $66.83 per hour, depending on experience, location, and employer.

What are Remote Bug Bounty Programs?

Remote Bug Bounty Programs are initiatives run by organizations that invite independent security researchers, or 'bug hunters,' to find and report vulnerabilities in their software or systems. These programs are conducted entirely online, allowing participants from around the world to contribute remotely. Companies offer monetary rewards or other incentives for valid and impactful security findings. This approach helps organizations strengthen their security by leveraging a global pool of ethical hackers, while participants gain recognition and compensation for their expertise.

What are the biggest challenges faced by participants in a remote bug bounty program, and how can they be addressed?

One of the main challenges in remote bug bounty programs is staying motivated and disciplined without direct oversight, as participants often work independently. Additionally, understanding the specific security requirements and scope of each program can be complex, especially when dealing with varied platforms and reporting standards. To overcome these challenges, it's important to set personal goals, join online communities for peer support, and thoroughly review each program's documentation before starting. Effective communication with program coordinators can also help clarify expectations and facilitate successful submissions.

What is the difference between Remote Bug Bounty Program vs Remote Penetration Tester?

AspectRemote Bug Bounty ProgramRemote Penetration Tester
CredentialsTypically no formal certifications required, but cybersecurity knowledge helpsOften holds certifications like OSCP, CEH, or CISSP
Work EnvironmentParticipates remotely, often independently, on various platformsWorks remotely or on-site for clients, conducting security assessments
Employer & Industry UsageUsed by companies to crowdsource security testing; industry-wideEmployed by organizations or consulting firms to perform security audits

While both roles focus on cybersecurity, a Remote Bug Bounty Program involves independent testing on platforms to find vulnerabilities, whereas a Remote Penetration Tester conducts comprehensive security assessments for organizations, often with formal credentials and direct client engagement.

What are the key skills and qualifications needed to thrive in a Remote Bug Bounty Program role, and why are they important?

To thrive in a Remote Bug Bounty Program role, you need a strong background in cybersecurity, vulnerability assessment, and ethical hacking, often supported by experience in penetration testing and security certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Nmap, Metasploit, and various bug bounty platforms is essential. Attention to detail, persistence, effective communication, and self-motivation are standout soft skills for this position. These abilities are crucial for identifying and responsibly reporting security vulnerabilities that help organizations strengthen their defenses.
More about Remote Bug Bounty Program jobs
What cities are hiring for Remote Bug Bounty Program jobs? Cities with the most Remote Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Remote Bug Bounty Program jobs? States with the most job openings for Remote Bug Bounty Program jobs include:
Staff Product Security Engineer

Staff Product Security Engineer

SailPoint

Charleston, WV • On-site, Remote

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 10 days ago


Job description

Staff Product Security Engineer

Overview

SailPoint's Cybersecurity organization is seeking a Staff Product Security Engineer with a passion for cybersecurity and protecting the organization. The ideal candidate combines strong application security expertise with practical software engineering experience and can effectively influence to build secure, resilient products at scale. This position reports to the Director of Cyber Product Security (CPS) and the successful candidate will join a team of security engineers who collaborate with stakeholders across the organization. This role will partner closely with Engineering and the other security teams within the Cyber organization to identify security risks, drive remediation efforts, and embed security throughout the product development process.

Central to SailPoint's product security program is the implementation of a shared security model that impacts all software developed by SailPoint. Under this model, CPS is responsible for multiple key areas affecting product security and collaborates with SailPoint's Engineering Product Security (EPS) team on areas of mutual responsibility. The shared responsibility model was developed to shift product security left, moving security checks to the earliest phases of our secure software development lifecycle.

The staff product security engineer will have the opportunity to shape our future through process and technology optimization, capability acquisition and development, and maturation of our existing activities. They'll already be comfortable with the 4 I's at SailPoint (individual, Impact, Innovation, and Integrity) even if they're new to the concept. They will embrace new challenges and will be a positive contributor to an already positive work culture and environment.

Location is remote with the ability to work from anywhere within the continental United States.

Key Responsibilities

  • Partner with Engineering teams throughout the software development lifecycle to identify and mitigate security risks, and implement secure deployment practices

  • Support threat modeling activities and help engineering teams implement appropriate security controls

  • Define and promote secure coding standards, security policies, best practices, and secure-by-design principles

  • Participate in the Cyber organization's efforts to leverage AI across the team, as well as the use of AI in our SSDLC.

  • Partner with Engineering on improving security testing programs

  • Coordinate internal and external application and penetration testing initiatives

  • Validate vulnerability findings and prioritize remediation based on risk

  • Perform root cause analysis and recommend long-term security improvements

  • Collaborate with the Security Operations team on security monitoring and detection capabilities for applications and services

  • Triage, coordinate, and oversee remediation for security researcher disclosures via our bug bounty program

  • Develop security training, guidance, and technical documentation

  • Interact with other organizations at SailPoint as a consultant on security-related matters

Required Qualifications

Successful candidate will meet most, if not all of the following requirements:

  • 5-7 years of experience in product security, application security, software engineering, or a related field

  • Experience with security testing tools such as: SAST, SCA, DAST, Container security scanners

  • Experience with CI/CD security controls and DevSecOps practices

  • Familiarity with one or more programming languages such as Python, Go, Java, JavaScript/TypeScript, Ruby

  • Demonstrated ability to effectively use AI-powered tools and automation to enhance security engineering productivity, research, analysis, and remediation efforts

  • Knowledge of emerging AI security risks and best practices for securing AI-enabled applications, services, and development workflows

  • Deep expertise in threat modeling, secure architecture design, and vulnerability management

  • Experience influencing engineering organizations and driving security initiatives across multiple teams

  • Knowledge of artificial intelligence software security frameworks is strongly preferred, including OWASP AI Security and Privacy Guide, NIST AI Risk Management Framework, Cybersecurity AI (CAI), Open SSF AI/ML Security Framework.

Core Competencies

The successful candidate will:

  • Be a highly active observer of industry security trends and threats, remaining up to date on current cyber issues

  • Have a continuous learning mindset and passion for security

  • Have strong analytical and problem-solving skills

  • Be flexible, with the ability to balance security vs the needs of the business

  • Have excellent written and oral communications skills with demonstrated commitment to producing high quality documentation

  • Be able to translate technical risks into business impact

  • Be collaborative and able to foster relationships with teams we partner with

First 90 Days: Discovery, Strategic Alignment, and Partnership

  • Strategic Alignment & Planning Integration: Deepen collaboration with key engineering and tooling leads by Day 90, reinforcing recurring touchpoints to integrate product security proactively into early planning cycles, roadmaps, and feature designs.

  • SDLC Optimization Assessment: Review the end-to-end Software Development Life Cycle (SDLC) by Day 60 to identify enhancement opportunities, accelerate "shift-left" practices, and further standardize secure-by-design deployment pipelines.

  • Asset & Dependency Inventory: Refine and centralize the inventory of supported products, underlying architecture, and third-party dependencies by Day 90 to deliver a highly visible, comprehensive single source of truth.

First 6 Months: Advanced Tooling, Training, and Scalable Frameworks

  • Modernizing Tool Stack & AI Integration (Q3): Evaluate the current security tooling and implement state-of-the-art AI-assisted scanning across product code (utilizing tools like Cursor and Claude Enterprise) to further automate and scale security workflows.

  • Optimized Remediation & Board Metrics (Q4): Implement a highly scalable, risk-based vulnerability prioritization framework, optimizing Time to Remediate (TTR) metrics to provide clear, actionable risk visibility for executive leadership and the Board.

  • Security Champions & Developer Empowerment: Elevate developer security education and launch a formal "Security Champions" program by Day 180, embedding security advocates across core product lines to champion secure development practices.

First 12 Months: Systemic Security Advancements and "Paved Roads"

  • Systemic Architecture Enhancements: Conduct comprehensive reviews of the production environment (including Kubernetes and containerized applications) to systematically address complex architectural security opportunities and build long-term environment resilience.

  • Standardizing "Paved Road" Configurations: Define, document, and roll out standardized, secure "paved road" configurations and guardrails, making secure deployment the friction-free path of least resistance for product teams.

  • Program Scaling & Mentorship: Maintain and scale updated product architecture documentation while continuously elevating team capabilities, autonomy, and cross-functional alignment through active, hands-on mentorship.

Benefits and Compensation listed vary based on the location of your employment and the nature of your employment with SailPoint.

As a part of the total compensation package, this role may be eligible for the SailPoint Corporate Bonus Plan or a role-specific commission, along with potential eligibility for equity participation. SailPoint maintains broad salary ranges for its roles to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect SailPoint's differing products, industries, and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. We estimate the base salary, for US-based employees, will be in this range from (min-mid-max, USD):

$174,200 - $293,702.00

Base salaries for employees based in other locations are competitive for the employee's home location.

Benefits Overview

1. Health and wellness coverage: Medical, dental, and vision insurance

2. Disability coverage: Short-term and long-term disability

3. Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)

4. Additional life coverage options: Supplemental life insurance for employees, spouses, and children

5. Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account

6. Financial security: 401(k) Savings and Investment Plan with company matching

7. Time off benefits: Flexible vacation policy

8. Holidays: 8 paid holidays annually

9. Sick leave

10. Parental support: Paid parental leave

11. Employee Assistance Program (EAP) and Care Counselors

12. Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options

13. Health Savings Account (HSA) with employer contribution

SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law.

Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact applicationassistance@sailpoint.com or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations. NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.