Remote (U.S.) - Georgia preferred This is a fully remote role. Candidates must be authorized to ... bug bounty programs • Security research publications or blog posts • Contributions to open ...
Remote (U.S.) - Georgia preferred This is a fully remote role. Candidates must be authorized to ... bug bounty programs • Security research publications or blog posts • Contributions to open ...
Senior Product Security Engineer
Los Angeles, CA · On-site +1
$200K - $250K/yr
Hybrid (3 days in office/2 days remote) - New York, NY or Century City, CA About the Team StubHub ... Triage and respond to findings from StubHub's enterprise Bug Bounty program. What You've Done
Senior Product Security Engineer
Los Angeles, CA · On-site +1
$200K - $250K/yr
Hybrid (3 days in office/2 days remote) - New York, NY or Century City, CA About the Team StubHub ... Triage and respond to findings from StubHub's enterprise Bug Bounty program. What You've Done
Security Engineer
San Francisco, CA · Remote
This is a remote first role. You will partner closely with teams across the company and focus on ... Help run penetration testing, offensive security exercises, and support our bug bounty program.
Security Engineer
San Francisco, CA · Remote
This is a remote first role. You will partner closely with teams across the company and focus on ... Help run penetration testing, offensive security exercises, and support our bug bounty program.
Remote ( PST based) Duration:12 Months * This role is within the Security Governance, Risk, and ... Support ongoing bug bounty programs with a third-party vendor and internal stakeholders to ...
New
Remote ( PST based) Duration:12 Months * This role is within the Security Governance, Risk, and ... Support ongoing bug bounty programs with a third-party vendor and internal stakeholders to ...
New
Senior Product Security Engineer
Manhattan, NY · On-site +1
$200K - $250K/yr
Hybrid (3 days in office/2 days remote) - New York, NY or Century City, CA About The Team StubHub ... Triage and respond to findings from StubHub's enterprise Bug Bounty program. What You've Done
Senior Product Security Engineer
Manhattan, NY · On-site +1
$200K - $250K/yr
Hybrid (3 days in office/2 days remote) - New York, NY or Century City, CA About The Team StubHub ... Triage and respond to findings from StubHub's enterprise Bug Bounty program. What You've Done
Prior experience selling crowdsourced security, Bug Bounty, or Attack Surface Management solutions ... Environment - remote, work-from-home 100% of the time. Pay Range Disclosure At Bugcrowd, we strive ...
Prior experience selling crowdsourced security, Bug Bounty, or Attack Surface Management solutions ... Environment - remote, work-from-home 100% of the time. Pay Range Disclosure At Bugcrowd, we strive ...
Senior Security Engineer (San Francisco)
San Francisco, CA · On-site +1
$133.40K - $182.90K/yr
Drive and support bug bounty program, application security reviews and threat modeling, including code review and dynamic testing * Assess and integrate security tools to automate and scale security ...
Senior Security Engineer (San Francisco)
San Francisco, CA · On-site +1
$133.40K - $182.90K/yr
Drive and support bug bounty program, application security reviews and threat modeling, including code review and dynamic testing * Assess and integrate security tools to automate and scale security ...
Enterprise Account Executive
$116.80K - $160.60K/yr
Prior experience selling crowdsourced security, Bug Bounty, or Attack Surface Management solutions ... Environment - remote, work-from-home 100% of the time. Pay Range Disclosure At Bugcrowd, we strive ...
Enterprise Account Executive
$116.80K - $160.60K/yr
Prior experience selling crowdsourced security, Bug Bounty, or Attack Surface Management solutions ... Environment - remote, work-from-home 100% of the time. Pay Range Disclosure At Bugcrowd, we strive ...
... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH Master, Security+ Key Responsibilities: * Develop and deliver training programs on ISSO, ISSM roles ...
Quick apply
... Bug Bounty Hunter VirtualHackingLabs Advanced+ Optional: GXPN, GWAPT, GRID, GPEN, CISSP, CCNA, CEH Master, Security+ Key Responsibilities: * Develop and deliver training programs on ISSO, ISSM roles ...
Manager, Application Security
$60.25 - $80.25/hr
US, Remote ABOUT THE COMPANY: Clari + Salesloft are building the next era of enterprise revenue ... Oversee our Bug Bounty program, external penetration testing partners, and security tooling vendors ...
Manager, Application Security
$60.25 - $80.25/hr
US, Remote ABOUT THE COMPANY: Clari + Salesloft are building the next era of enterprise revenue ... Oversee our Bug Bounty program, external penetration testing partners, and security tooling vendors ...
Senior AppSec Engineer - Burp Suite, Linux, & Custom Extensions
Fairfax, VA · Remote
$60.25 - $80.25/hr
... bug bounty program. * Make Burp Enterprise work against authenticated APIs and applications that ... Fully remote within the United States. * Standard work day is 8.5 hours with a 30-minute lunch ...
Senior AppSec Engineer - Burp Suite, Linux, & Custom Extensions
Fairfax, VA · Remote
$60.25 - $80.25/hr
... bug bounty program. * Make Burp Enterprise work against authenticated APIs and applications that ... Fully remote within the United States. * Standard work day is 8.5 hours with a 30-minute lunch ...
Manager, Application Security
OR · Remote
$58.75 - $78.50/hr
Oversee our Bug Bounty program, external penetration testing partners, and security tooling vendors ... Remote
Manager, Application Security
OR · Remote
$58.75 - $78.50/hr
Oversee our Bug Bounty program, external penetration testing partners, and security tooling vendors ... Remote
Application Security Engineer
OR · Remote
$58.75 - $78.50/hr
Take part in our security assessment, penetration testing and bug bounty programs * Participate in ... Ability to work extended hours as required #LI-JC1 #LI-REMOTE
Application Security Engineer
OR · Remote
$58.75 - $78.50/hr
Take part in our security assessment, penetration testing and bug bounty programs * Participate in ... Ability to work extended hours as required #LI-JC1 #LI-REMOTE
Director, Product Security
$224K - $280K/yr
Leading the PSIRT process, managing the Bug Bounty program, and overseeing offensive security efforts like penetration testing and threat modeling. * Compliance & Audit Readiness: Owning product ...
Director, Product Security
$224K - $280K/yr
Leading the PSIRT process, managing the Bug Bounty program, and overseeing offensive security efforts like penetration testing and threat modeling. * Compliance & Audit Readiness: Owning product ...
Security Engineer, Product
New York, NY · Remote
$257.80K - $354.55K/yr
... bug bounty program * Partner with engineering teams to design and deploy solutions which are inherently secure * Champion the use of tooling (linters, static analysis, posture assessment scanners ...
Quick apply
Security Engineer, Product
New York, NY · Remote
$257.80K - $354.55K/yr
... bug bounty program * Partner with engineering teams to design and deploy solutions which are inherently secure * Champion the use of tooling (linters, static analysis, posture assessment scanners ...
You'll bring depth in security fundamentals and program design as a member of a small, high ... Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team's work demands.
You'll bring depth in security fundamentals and program design as a member of a small, high ... Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team's work demands.
Manage and coordinate external penetration testing and bug bounty programs focused on ACV ... Maintain strong communication channels with remote team members, ensuring alignment and fostering a ...
Manage and coordinate external penetration testing and bug bounty programs focused on ACV ... Maintain strong communication channels with remote team members, ensuring alignment and fostering a ...
Security Engineer
$230K - $310K/yr
Investigating, triaging and remediating responsible disclosure vulnerabilities that come through our bug bounty programs. * Lead threat modeling for new product surfaces - the API, SDKs, dashboards ...
Security Engineer
$230K - $310K/yr
Investigating, triaging and remediating responsible disclosure vulnerabilities that come through our bug bounty programs. * Lead threat modeling for new product surfaces - the API, SDKs, dashboards ...
Senior Product Security Engineer
$117.20K - $160.70K/yr
... through CVEs, bug bounty awards, published research, or prior work experience • Ability to ... building security programs or practices at hyper-growth startups • Background with cloud ...
Senior Product Security Engineer
$117.20K - $160.70K/yr
... through CVEs, bug bounty awards, published research, or prior work experience • Ability to ... building security programs or practices at hyper-growth startups • Background with cloud ...
Manage and coordinate external penetration testing and bug bounty programs focused on ACV ... Maintain strong communication channels with remote team members, ensuring alignment and fostering a ...
Manage and coordinate external penetration testing and bug bounty programs focused on ACV ... Maintain strong communication channels with remote team members, ensuring alignment and fostering a ...
Remote Bug Bounty Program information
See salary details
$16.35 - $22.01
6% of jobs
$22.01 - $27.67
14% of jobs
$31.30 is the 25th percentile. Wages below this are outliers.
$27.67 - $33.33
7% of jobs
$33.33 - $38.99
1% of jobs
$38.99 - $44.65
13% of jobs
The median wage is $47.88 / hr.
$44.65 - $50.31
15% of jobs
$50.31 - $55.97
3% of jobs
$55.97 - $61.63
9% of jobs
$65.30 is the 75th percentile. Wages above this are outliers.
$61.63 - $67.29
11% of jobs
$67.29 - $72.95
15% of jobs
$72.95 - $78.61
6% of jobs
$16
$49
$78
How much do remote bug bounty program jobs pay per hour?
As of Jun 1, 2026, the average hourly pay for remote bug bounty program in the United States is $49.60, according to ZipRecruiter salary data. Most workers in this role earn between $31.73 and $66.83 per hour, depending on experience, location, and employer.
What are the key skills and qualifications needed to thrive in a Remote Bug Bounty Program role, and why are they important?
To thrive in a Remote Bug Bounty Program role, you need a strong background in cybersecurity, vulnerability assessment, and ethical hacking, often supported by experience in penetration testing and security certifications like OSCP or CEH. Familiarity with tools such as Burp Suite, Nmap, Metasploit, and various bug bounty platforms is essential. Attention to detail, persistence, effective communication, and self-motivation are standout soft skills for this position. These abilities are crucial for identifying and responsibly reporting security vulnerabilities that help organizations strengthen their defenses.
What are the biggest challenges faced by participants in a remote bug bounty program, and how can they be addressed?
One of the main challenges in remote bug bounty programs is staying motivated and disciplined without direct oversight, as participants often work independently. Additionally, understanding the specific security requirements and scope of each program can be complex, especially when dealing with varied platforms and reporting standards. To overcome these challenges, it's important to set personal goals, join online communities for peer support, and thoroughly review each program's documentation before starting. Effective communication with program coordinators can also help clarify expectations and facilitate successful submissions.
What are Remote Bug Bounty Programs?
Remote Bug Bounty Programs are initiatives run by organizations that invite independent security researchers, or 'bug hunters,' to find and report vulnerabilities in their software or systems. These programs are conducted entirely online, allowing participants from around the world to contribute remotely. Companies offer monetary rewards or other incentives for valid and impactful security findings. This approach helps organizations strengthen their security by leveraging a global pool of ethical hackers, while participants gain recognition and compensation for their expertise.
What is the difference between Remote Bug Bounty Program vs Remote Penetration Tester?
| Aspect | Remote Bug Bounty Program | Remote Penetration Tester |
|---|---|---|
| Credentials | Typically no formal certifications required, but cybersecurity knowledge helps | Often holds certifications like OSCP, CEH, or CISSP |
| Work Environment | Participates remotely, often independently, on various platforms | Works remotely or on-site for clients, conducting security assessments |
| Employer & Industry Usage | Used by companies to crowdsource security testing; industry-wide | Employed by organizations or consulting firms to perform security audits |
While both roles focus on cybersecurity, a Remote Bug Bounty Program involves independent testing on platforms to find vulnerabilities, whereas a Remote Penetration Tester conducts comprehensive security assessments for organizations, often with formal credentials and direct client engagement.
More about Remote Bug Bounty Program jobs
What cities are hiring for Remote Bug Bounty Program jobs? Cities with the most Remote Bug Bounty Program job openings:
What are the most commonly searched types of Bug Bounty Program jobs? The most popular types of Bug Bounty Program jobs are:
What states have the most Remote Bug Bounty Program jobs? States with the most job openings for Remote Bug Bounty Program jobs include:
What job categories do people searching Remote Bug Bounty Program jobs look for? The top searched job categories for Remote Bug Bounty Program jobs are:
Full-time
Posted 10 days ago
Job description
VerSprite
VerSprite is an Inc. 5000 2020 fastest growing company and industry leader in PASTA threat modeling. Founded in 2007, VerSprite is a private cybersecurity consulting firm helping organizations tighten their risk-gaps with evolved security solutions and advanced threat intel tools.
VerSprite has a 97% client retention rate providing organizations with services like penetration tests, evolved red teaming engagements, vCISO, vSOC and VerSprite's advanced security tools Cloud Security Assessment Platform and Cyber Threat Intelligence Portal.
Sr. Offensive Security Consultant (Alpha Group)
Location: Remote (U.S.) - Georgia preferred
This is a fully remote role. Candidates must be authorized to work in the United States. While remote, candidates located in Georgia or nearby states are strongly preferred to facilitate collaboration with internal teams and clients.
Overview
VerSprite is seeking an experienced Sr. Offensive Security Consultant to lead complex security assessments across modern enterprise environments.
This role focuses on advanced penetration testing and application security engagements while working closely with clients to identify real-world attack paths and security risks.
The ideal candidate combines strong technical expertise with consulting experience and the ability to clearly communicate security risk to both technical and executive audiences.
Responsibilities
• Lead penetration testing engagements across web applications, APIs, and enterprise infrastructure
• Perform advanced application security testing including business logic flaws and authentication weaknesses
• Conduct internal and external network penetration testing
• Lead Red Teaming engagements.
• Perform threat modeling exercises (e.g., PASTA methodology)
• Conduct cloud security assessments across AWS, Azure, and GCP
• Perform mobile application security testing (Android and iOS)
• Develop custom payloads and exploitation techniques
• Produce detailed technical reports including proof-of-concept exploitation scenarios
• Communicate technical findings and risk to client stakeholders
• Mentor junior consultants during engagements
• Contribute to internal research initiatives and security methodology improvements
Required Qualifications
• 7+ years of experience in offensive security or penetration testing
• Strong experience in web application, API penetration testing, external and internal network assessments. Experience testing Active Directory environments.
• Experience leading Red Teaming engagements.
• Strong experience writing penetration testing reports and technical documentation
• Ability to communicate security risks to technical and non-technical stakeholders
• Strong communication skills both written and spoken.
• Experience working in consulting or client-facing environments
Nice to Have
• Offensive security certifications such as OSCP, OSWE, OSEP, CRTO, or similar
• Experience performing hardware / product security testing.
• Public vulnerability disclosures
• Participation in bug bounty programs
• Security research publications or blog posts
• Contributions to open-source security tools
• Active participation in the security community (CTFs, conferences, etc.)
Benefits
We offer a competitive compensation package where you'll be recognized for the value you bring to our business, along with:
If this seems intriguing to you, please apply! We will reach out promptly to discuss your fit and additional job details.
VerSprite is an Inc. 5000 2020 fastest growing company and industry leader in PASTA threat modeling. Founded in 2007, VerSprite is a private cybersecurity consulting firm helping organizations tighten their risk-gaps with evolved security solutions and advanced threat intel tools.
VerSprite has a 97% client retention rate providing organizations with services like penetration tests, evolved red teaming engagements, vCISO, vSOC and VerSprite's advanced security tools Cloud Security Assessment Platform and Cyber Threat Intelligence Portal.
Sr. Offensive Security Consultant (Alpha Group)
Location: Remote (U.S.) - Georgia preferred
This is a fully remote role. Candidates must be authorized to work in the United States. While remote, candidates located in Georgia or nearby states are strongly preferred to facilitate collaboration with internal teams and clients.
Overview
VerSprite is seeking an experienced Sr. Offensive Security Consultant to lead complex security assessments across modern enterprise environments.
This role focuses on advanced penetration testing and application security engagements while working closely with clients to identify real-world attack paths and security risks.
The ideal candidate combines strong technical expertise with consulting experience and the ability to clearly communicate security risk to both technical and executive audiences.
Responsibilities
• Lead penetration testing engagements across web applications, APIs, and enterprise infrastructure
• Perform advanced application security testing including business logic flaws and authentication weaknesses
• Conduct internal and external network penetration testing
• Lead Red Teaming engagements.
• Perform threat modeling exercises (e.g., PASTA methodology)
• Conduct cloud security assessments across AWS, Azure, and GCP
• Perform mobile application security testing (Android and iOS)
• Develop custom payloads and exploitation techniques
• Produce detailed technical reports including proof-of-concept exploitation scenarios
• Communicate technical findings and risk to client stakeholders
• Mentor junior consultants during engagements
• Contribute to internal research initiatives and security methodology improvements
Required Qualifications
• 7+ years of experience in offensive security or penetration testing
• Strong experience in web application, API penetration testing, external and internal network assessments. Experience testing Active Directory environments.
• Experience leading Red Teaming engagements.
• Strong experience writing penetration testing reports and technical documentation
• Ability to communicate security risks to technical and non-technical stakeholders
• Strong communication skills both written and spoken.
• Experience working in consulting or client-facing environments
Nice to Have
• Offensive security certifications such as OSCP, OSWE, OSEP, CRTO, or similar
• Experience performing hardware / product security testing.
• Public vulnerability disclosures
• Participation in bug bounty programs
• Security research publications or blog posts
• Contributions to open-source security tools
• Active participation in the security community (CTFs, conferences, etc.)
Benefits
We offer a competitive compensation package where you'll be recognized for the value you bring to our business, along with:
- Opportunities to develop new skills and progress your career;
- The freedom and flexibility to handle your role in a way that's right for you; and
- A collaborative environment where everyone works together to create a better working world
If this seems intriguing to you, please apply! We will reach out promptly to discuss your fit and additional job details.