Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs ... Bug bounty program or triaging security vulnerability reports * Knowledge of Stripe products and ...
Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs ... Bug bounty program or triaging security vulnerability reports * Knowledge of Stripe products and ...
Familiarity with OWASP Top 10 and security best practices. * Experience with Agile (Scrum, Kanban). * Strong problem-solving and communication skills. * Professional penetration testing or Bug Bounty ...
Familiarity with OWASP Top 10 and security best practices. * Experience with Agile (Scrum, Kanban). * Strong problem-solving and communication skills. * Professional penetration testing or Bug Bounty ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
... bug bounty programs (HackerOne ideally). * Strong ability to triage, validate, and reproduce vulnerabilities independently. * Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, ...
Product Security Engineer (PSIRT - Product Security Incident Response Team)
Foster City, CA · On-site
$180K - $325K/yr
... bug bounty programs (HackerOne ideally). * Strong ability to triage, validate, and reproduce vulnerabilities independently. * Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, ...
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of ... In-depth knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of ... In-depth knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of ... In-depth knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.
Product Security Engineer
San Jose, CA · On-site
Define AI testing scope for penetration testing and bug bounty programs. Drive resolution of ... In-depth knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.
Senior Product Security Engineer
OR · On-site +1
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ... Strong understanding of modern application security principles, OWASP Top 10, and secure SDLC ...
Senior Product Security Engineer
OR · On-site +1
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ... Strong understanding of modern application security principles, OWASP Top 10, and secure SDLC ...
Senior Product Security Engineer
$117K - $160K/yr
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ... Strong understanding of modern application security principles, OWASP Top 10, and secure SDLC ...
Senior Product Security Engineer
$117K - $160K/yr
Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ... Strong understanding of modern application security principles, OWASP Top 10, and secure SDLC ...
Penetration Tester
San Francisco, CA · On-site
Strong knowledge of OWASP Top 10 , SANS 25 , and NIST standards * Hands-on with secure coding reviews and CICD DevSecOps integration * Experience in Red Teaming and bug bounty programs preferred ...
Quick apply
Penetration Tester
San Francisco, CA · On-site
Strong knowledge of OWASP Top 10 , SANS 25 , and NIST standards * Hands-on with secure coding reviews and CICD DevSecOps integration * Experience in Red Teaming and bug bounty programs preferred ...
General Application
San Francisco, CA · On-site
Collectively, we've led security at some of the world's largest companies and published AI research at Stanford. * CEO Jack Cable is a top-ranked bug bounty hunter who previously led Secure by Design ...
General Application
San Francisco, CA · On-site
Collectively, we've led security at some of the world's largest companies and published AI research at Stanford. * CEO Jack Cable is a top-ranked bug bounty hunter who previously led Secure by Design ...
SOC Engineer
Foster City, CA · On-site
$180K - $250K/yr
In this role, you will stay on top of emerging threats-from 0-days and active exploitation campaigns to bug bounty findings and customer-reported issues-and rapidly determine their relevance and ...
SOC Engineer
Foster City, CA · On-site
$180K - $250K/yr
In this role, you will stay on top of emerging threats-from 0-days and active exploitation campaigns to bug bounty findings and customer-reported issues-and rapidly determine their relevance and ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $500K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes ... OWASP Top 10 is baseline, you think in terms of attack chains and business logic flaws * Strong in ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $500K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes ... OWASP Top 10 is baseline, you think in terms of attack chains and business logic flaws * Strong in ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes ... OWASP Top 10 is baseline, you think in terms of attack chains and business logic flaws * Strong in ...
Security Engineer, Application Security
New York, NY · On-site
$130K - $400K/yr
Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes ... OWASP Top 10 is baseline, you think in terms of attack chains and business logic flaws * Strong in ...
Software Engineer
San Francisco, CA · On-site
$150K - $300K/yr
About Us * CEO Jack Cable is a top-ranked bug bounty hunter who previously led Secure by Design at CISA. * CTO Ashwin Ramaswami is an engineer who has built large-scale systems at Skiff, Caldera, and ...
Software Engineer
San Francisco, CA · On-site
$150K - $300K/yr
About Us * CEO Jack Cable is a top-ranked bug bounty hunter who previously led Secure by Design at CISA. * CTO Ashwin Ramaswami is an engineer who has built large-scale systems at Skiff, Caldera, and ...
About Us * CEO Jack Cable is a top-ranked bug bounty hunter who previously led Secure by Design at CISA. * CTO Ashwin Ramaswami is an engineer who has built large-scale systems at Skiff, Caldera, and ...
About Us * CEO Jack Cable is a top-ranked bug bounty hunter who previously led Secure by Design at CISA. * CTO Ashwin Ramaswami is an engineer who has built large-scale systems at Skiff, Caldera, and ...
Application Security Engineer
New York, NY · On-site
$180K - $250K/yr
Manage the external penetration testing program and own the bug bounty program end-to-end: triage ... Strong proficiency identifying and exploiting OWASP Top 10 vulnerabilities; experience assessing ...
Application Security Engineer
New York, NY · On-site
$180K - $250K/yr
Manage the external penetration testing program and own the bug bounty program end-to-end: triage ... Strong proficiency identifying and exploiting OWASP Top 10 vulnerabilities; experience assessing ...
Senior Application Security Engineer
San Francisco, CA · On-site
$160K - $240K/yr
Best in Business, and LinkedIn Top Startups. The Security team at Zip is responsible for protecting ... Validate, triage, and coordinate security findings from bug bounty and third party pentests.
Senior Application Security Engineer
San Francisco, CA · On-site
$160K - $240K/yr
Best in Business, and LinkedIn Top Startups. The Security team at Zip is responsible for protecting ... Validate, triage, and coordinate security findings from bug bounty and third party pentests.
$45.25 - $60.50/hr
Hands-on experience in security testing through bug bounty programs, CTFs, or penetration testing activities. * Strong understanding of common application security vulnerabilities (e.g., OWASP Top ...
$45.25 - $60.50/hr
Hands-on experience in security testing through bug bounty programs, CTFs, or penetration testing activities. * Strong understanding of common application security vulnerabilities (e.g., OWASP Top ...
Senior Application Security Engineer (Offensive / Red Team)
$117K - $160K/yr
Bug Bounty Program Management: Manage the bug bounty program end to end - triage, impact assessment ... Serve as a top technical resource to engineers across the organization. Help them reproduce ...
Senior Application Security Engineer (Offensive / Red Team)
$117K - $160K/yr
Bug Bounty Program Management: Manage the bug bounty program end to end - triage, impact assessment ... Serve as a top technical resource to engineers across the organization. Help them reproduce ...
Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team's work demands ... OWASP Top 10, authentication and authorization patterns, secrets management, and common cloud ...
Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team's work demands ... OWASP Top 10, authentication and authorization patterns, secrets management, and common cloud ...
Senior AppSec Engineer
Atlanta, GA · On-site
$90K - $180K/yr
Help manage our bug bounty program by triaging submissions, working with researchers, and ... Familiarity with the OWASP Top 10 for LLMs. You understand the unique risks of integrating AI into ...
Senior AppSec Engineer
Atlanta, GA · On-site
$90K - $180K/yr
Help manage our bug bounty program by triaging submissions, working with researchers, and ... Familiarity with the OWASP Top 10 for LLMs. You understand the unique risks of integrating AI into ...
Top Bug Bounty information
What cities are hiring for Top Bug Bounty jobs? Cities with the most Top Bug Bounty job openings:
What states have the most Top Bug Bounty jobs? States with the most job openings for Top Bug Bounty jobs include:
What job categories do people searching Top Bug Bounty jobs look for? The top searched job categories for Top Bug Bounty jobs are:
Job description
Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
In this role, you'll join Stripe's Vulnerability Management team, whose mission is to "Surface vulnerabilities at scale across Stripe." Our vision is to create a culture of continuous excellence in managing vulnerabilities. The bug bounty program is an important pillar of this mission, acting as a critical line of defense in Stripe's security "immune system."
What you'll do
We seek a highly technical and detail-oriented Security Analyst to join our team, focusing on the front lines of bug bounty triage and researcher engagement. In this role, you'll be responsible for the end-to-end lifecycle of security vulnerability reports from our bug bounty program. You'll own the overall effectiveness of Stripe's bug bounty program with autonomy to implement continuous improvements (e.g., researcher campaigns, scoring transparency).
You'll play a key role in understanding the root cause of vulnerabilities, coordinating timely resolutions, and directly impacting the security posture of Stripe's products. A core aspect of this role is developing a deep understanding of Stripe and acquired company products, assets, and their configuration to effectively assess and prioritize vulnerabilities.
Responsibilities
- Analyze, assess, reproduce, and triage incoming security vulnerability reports from the bug bounty program
- Communicate clearly and effectively with security researchers to follow up on unclear reports, drive report clarity, and increase engagement with top hackers
- Understand the root cause of security vulnerabilities to help product and engineering teams fix them, and advise on the right mitigation strategies
- Drive the lifecycle of submissions through to resolution, coordinating with product and engineering stakeholders
- Act as the security bridge between external researchers and internal teams to facilitate rapid and effective remediation
- Conduct in-depth data analysis on bug reports and vulnerability patterns to identify systemic risks and inform new security initiatives
- Provide tactical support for vulnerability management triage processes to augment the team as needed
- Prepare and implement improvements to the overall bug bounty program
- Provide feedback and requirements for tool development to enhance triage and security workflows, leveraging opportunities for automation
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- Proven ability to follow bug reports and accurately triage security vulnerabilities
- Familiarity with web security issues and exploit methodologies (e.g., OWASP Top 10, CWEs)
- Competent in offensive security tools (e.g., Burp Suite, custom scripting)
- Ability to think like an attacker to understand the impact of vulnerabilities
- Proficient in clear communication, conveying technical concepts to various stakeholders
- Experience in one of the following areas
- Bug bounty program or triaging security vulnerability reports
- Knowledge of Stripe products and general security expertise
- Experience in technical support, operations, or similar roles with technical systems exposure
- Prior participation in or experience with bug bounty programs
- Experience analyzing source code for security vulnerabilities
- Proficiency in scripting languages (e.g., Python, Ruby) for automation
- Familiarity with cloud-based services (e.g., AWS, GCP)
- Certifications such as OSWA or BSCP
About Stripe
Sourced by ZipRecruiter
Industry
Software development
Company size
1,001 - 5,000 Employees
Headquarters location
San Francisco, CA, US
Year founded
2010