They are seeking a Product Security Engineer to support their Bug Bounty program on a 6-month contract engagement, where the engineer will be responsible for triaging vulnerability reports and ...
They are seeking a Product Security Engineer to support their Bug Bounty program on a 6-month contract engagement, where the engineer will be responsible for triaging vulnerability reports and ...
The development of the AWS researcher community is paramount to ensuring the success of our program ... Bug Bounty Program into the best on planet Earth. Key job responsibilities - Researching ...
New
The development of the AWS researcher community is paramount to ensuring the success of our program ... Bug Bounty Program into the best on planet Earth. Key job responsibilities - Researching ...
New
Technical Program Manager, Bug Bounty
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Technical Program Manager, Bug Bounty
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
The development of the AWS researcher community is paramount to ensuring the success of our program ... Bug Bounty Program into the best on planet Earth. Key job responsibilities - Researching ...
New
The development of the AWS researcher community is paramount to ensuring the success of our program ... Bug Bounty Program into the best on planet Earth. Key job responsibilities - Researching ...
New
Technical Program Manager, Bug Bounty
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Technical Program Manager, Bug Bounty
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Technical Program Manager, Bug Bounty
Seattle, WA · On-site
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Technical Program Manager, Bug Bounty
Seattle, WA · On-site
$146K - $190K/yr
Amazon's Bug Bounty team is looking for a Technical Program Manager (TPM) to help us secure the services and applications that Amazon customers rely on every day. In this role, you'll drive complex ...
Technical Program Manager, Security Vulnerability Management
Seattle, WA · Remote
$146K - $178K/yr
Manage the Bug Bounty Program from intake through remediation and disclosure. Manage the bug bounty tool and vendor relationship. * Measure and improve upon the Bug Bounty Program effectiveness ...
Technical Program Manager, Security Vulnerability Management
Seattle, WA · Remote
$146K - $178K/yr
Manage the Bug Bounty Program from intake through remediation and disclosure. Manage the bug bounty tool and vendor relationship. * Measure and improve upon the Bug Bounty Program effectiveness ...
Technical Program Manager, Security Vulnerability Management
Seattle, WA · On-site +1
$146K - $178K/yr
Manage the Bug Bounty Program from intake through remediation and disclosure. Manage the bug bounty tool and vendor relationship. * Measure and improve upon the Bug Bounty Program effectiveness ...
Technical Program Manager, Security Vulnerability Management
Seattle, WA · On-site +1
$146K - $178K/yr
Manage the Bug Bounty Program from intake through remediation and disclosure. Manage the bug bounty tool and vendor relationship. * Measure and improve upon the Bug Bounty Program effectiveness ...
Product Security Engineer
Lehi, UT · On-site
$67.61 - $84.51/hr
You will work closely with internal engineering and security stakeholders to drive remediation and improve the bug bounty program's effectiveness. This is a contract engagement expected to backfill a ...
New
Quick apply
Product Security Engineer
Lehi, UT · On-site
$67.61 - $84.51/hr
You will work closely with internal engineering and security stakeholders to drive remediation and improve the bug bounty program's effectiveness. This is a contract engagement expected to backfill a ...
New
Product Security Engineer
Lehi, UT · On-site
$45 - $50/hr
Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for ...
Product Security Engineer
Lehi, UT · On-site
$45 - $50/hr
Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for ...
Product Security Engineer
Lehi, UT · On-site
We are seeking a Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for external ...
Product Security Engineer
Lehi, UT · On-site
We are seeking a Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for external ...
Product Security Engineer
Lehi, UT · On-site
$45 - $50/hr
Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for ...
Product Security Engineer
Lehi, UT · On-site
$45 - $50/hr
Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for ...
Senior Application Security Engineer
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Bug Bounty & Vulnerability Disclosure Program Management * Design and evolve the bug bounty program, including scope, rules, and reward structures. * Manage platform selection, private vs. public ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
Bug Bounty & Vulnerability Disclosure Program Management * Design and evolve the bug bounty program, including scope, rules, and reward structures. * Manage platform selection, private vs. public ...
Bug Bounty Program Management: Own and expand Vercel's bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues ...
Bug Bounty Program Management: Own and expand Vercel's bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Quick apply
Senior Application Security Engineer
Broomfield, CO · On-site
$59.25 - $79/hr
You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments ...
Senior Application Security & DevSecOps Engineer
Chicago, IL · On-site
$60.50 - $80.75/hr
Bug Bounty Program * Own and operate our bug bounty program (e.g., HackerOne / Bugcrowd): scope definition, researcher communication, triage, deduplication, severity, and payout coordination. * Close ...
Senior Application Security & DevSecOps Engineer
Chicago, IL · On-site
$60.50 - $80.75/hr
Bug Bounty Program * Own and operate our bug bounty program (e.g., HackerOne / Bugcrowd): scope definition, researcher communication, triage, deduplication, severity, and payout coordination. * Close ...
Staff+ Application Security Engineer
San Francisco, CA · On-site +1
$320K - $485K/yr
Evolve a public bug bounty program where automation handles routine triage and root-cause work, and engineers handle escalations and corner cases * Partner with Product, Infrastructure, and Research ...
Staff+ Application Security Engineer
San Francisco, CA · On-site +1
$320K - $485K/yr
Evolve a public bug bounty program where automation handles routine triage and root-cause work, and engineers handle escalations and corner cases * Partner with Product, Infrastructure, and Research ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure What We're Looking For * You've found and fixed real vulnerabilities in production ...
Seasonal Bug Bounty Program information
See salary details
$16.35 - $22.01
6% of jobs
$22.01 - $27.67
14% of jobs
$31.30 is the 25th percentile. Wages below this are outliers.
$27.67 - $33.33
7% of jobs
$33.33 - $38.99
1% of jobs
$38.99 - $44.65
13% of jobs
The median wage is $47.88 / hr.
$44.65 - $50.31
15% of jobs
$50.31 - $55.97
3% of jobs
$55.97 - $61.63
9% of jobs
$65.30 is the 75th percentile. Wages above this are outliers.
$61.63 - $67.29
11% of jobs
$67.29 - $72.95
15% of jobs
$72.95 - $78.61
6% of jobs
$16
$49
$78
How much do seasonal bug bounty program jobs pay per hour?
Is AI killing bug bounty?
How much do bug bounty hunters get paid?
Is bug bounty worth it in 2026?
What is the difference between Seasonal Bug Bounty Program vs Penetration Tester?
| Aspect | Seasonal Bug Bounty Program | Penetration Tester |
|---|---|---|
| Credentials | None required, but cybersecurity knowledge helpful | Certifications like OSCP, CEH often required |
| Work Environment | Remote, project-based, crowdsourced | Typically in-house or consulting, on-site or remote |
| Employer & Industry | Tech companies, open to public participation | Security firms, corporate IT teams |
| Search & Comparison Intent | Understanding crowdsourced security testing | Professional security assessment |
While both involve identifying security vulnerabilities, a Seasonal Bug Bounty Program is a crowdsourced, often remote initiative open to the public, focusing on discovering bugs for rewards. A Penetration Tester is a professional, often employed or contracted, conducting in-depth security assessments using specialized skills and certifications.
Will Facebook pay $500 if you find a bug in their code?
- Remote Cybersecurity Penetration Tester
- Pen International
- Remote Network Penetration Testing
- Remote International Penetration Tester
- Freelance Network Penetration Testing
- Red Team Cyber Security
- Cis Secure Computing
- Overnight International Penetration Tester
- Cyber Security Entry Level Remote
- Entry Level Internship Physics

Job description
Ursus, Inc. is a staffing agency representing a global leader in creative software, offering innovative tools for digital media creation, design, and marketing. They are seeking a Product Security Engineer to support their Bug Bounty program on a 6-month contract engagement, where the engineer will be responsible for triaging vulnerability reports and coordinating with internal teams for remediation.
Responsibilities:
• Triage incoming vulnerability reports submitted via the bug bounty platform, assessing validity, impact, and scope.
• Assign CVSS scores and severity ratings accurately, following internal severity guidelines and industry standards.
• Reproduce proof-of-concept (PoC) exploits to validate reported vulnerabilities across web, API, and mobile surfaces.
• Communicate clearly and professionally with external researchers: request clarifications, provide status updates, and manage expectations.
• Coordinate with product engineering teams to route confirmed vulnerabilities for remediation.
• Identify duplicate, out-of-scope, or informational reports and close them with clear, respectful explanations.
• Contribute to internal documentation, triage runbooks, and severity calibration guidelines.
• Flag systemic or critical findings to Bug Bounty team for escalation as needed.
Qualifications:
Required:
• 3+ years of experience in application security, penetration testing, or a bug bounty/vulnerability disclosure role.
• Strong understanding of CVSS v3.1 scoring and hands-on experience applying it to real-world vulnerabilities.
• Proficiency in common web vulnerability classes: XSS, SQL injection, SSRF, IDOR, authentication flaws, and business logic issues.
• Ability to reproduce and validate PoC exploits using tools such as Burp Suite, browser DevTools, curl, and custom scripts.
• Familiarity with bug bounty platforms (e.g., HackerOne, Bugcrowd) and responsible disclosure processes.
• Solid written communication skills — able to write clear, constructive responses to researchers of all skill levels.
• Familiarity with attacker techniques used by external researchers against LLM systems and generative AI products.
• Knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.
Preferred:
• Experience with cloud environments (AWS, Azure, GCP) and API security testing.
• Hands-on experience in penetration testing of AI/ML and LLM-powered products, including chat interfaces, agentic workflows, and inference APIs.
• Prior participation in bug bounty programs as a researcher.
• Familiarity with OWASP Top 10, CWE taxonomy, and CVE assignment processes.
• Background working within a large enterprise or SaaS security organization.
Company:
Ursus, Inc., has been recognized by Staffing Industry Analysts (SIA) for four consecutive years as the fastest-growing technical and creative staffing firm in the United States. Founded in 2015, the company is headquartered in San Francisco, USA, with a team of 201-500 employees. The company is currently Growth Stage.
About Ursus
Sourced by ZipRecruiter
Ursus is a recognized leader in providing technical and creative staffing solutions. Hyper - focused on you - ( the candidate, the client, the partner, the employee ) and how to make your engagement with us the best possible experience it can be while delivering results. Whether you are looking for your next career move, scaling a growing team, adding a trusted partner to your staffing program or completing a project, we’re here for U!
Industry
Recruiting and staffing services
Company size
11 - 50 Employees
Headquarters location
Morgan Hill, CA, US
Year founded
2015