1

Top Bug Bounty Jobs (NOW HIRING)

Prior participation in bug bounty programs as a researcher. Familiarity with OWASP Top 10, CWE taxonomy, and CVE assignment processes. Background working within a large enterprise or SaaS security ...

Prior participation in bug bounty programs as a researcher. Familiarity with OWASP Top 10, CWE taxonomy, and CVE assignment processes. Background working within a large enterprise or SaaS security ...

Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ... Strong understanding of modern application security principles, OWASP Top 10, and secure SDLC ...

Strong knowledge of OWASP Top 10 , SANS 25 , and NIST standards * Hands-on with secure coding reviews and CICD DevSecOps integration * Experience in Red Teaming and bug bounty programs preferred ...

Senior Product Security Engineer

$117K - $160K/yr

Contribute to our vulnerability management program, including triaging bug bounty and vulnerability ... Strong understanding of modern application security principles, OWASP Top 10, and secure SDLC ...

Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes ... OWASP Top 10 is baseline, you think in terms of attack chains and business logic flaws * Strong in ...

Software Engineer

San Francisco, CA · On-site

$150K - $300K/yr

About Us * CEO Jack Cable is a top-ranked bug bounty hunter who previously led Secure by Design at CISA. * CTO Ashwin Ramaswami is an engineer who has built large-scale systems at Skiff, Caldera, and ...

Application Security Engineer

$60.25 - $80.25/hr

Triage vulnerabilities from the bug bounty program, collaborating with external researchers and ... Comprehensive understanding of common web vulnerabilities (e.g., OWASP Top 10) and their practical ...

Background in bug bounty programs or red teaming * Familiarity with AI or machine learning evaluation workflows Why Join Us * Work directly on cutting-edge AI projects with top research labs * Fully ...

Application Security Engineer

Pittsburgh, PA · On-site

$110K - $120K/yr

Apply and promote secure coding standards aligned to OWASP and SANS CWE Top 25, and contribute to ... Driving additional Bug Bounty submissions and improve bot management turning & protections prior to ...

Senior Security Engineer

San Francisco, CA · On-site

$160K - $240K/yr

Best in Business, and LinkedIn Top Startups. Your Role The Security team at Zip is responsible for ... Validate, triage, and coordinate security findings from bug bounty, third-party pentests, and cloud ...

Application Security Engineer

Pittsburgh, PA · On-site

$110K - $120K/yr

Apply and promote secure coding standards aligned to OWASP and SANS CWE Top 25, and contribute to ... Driving additional Bug Bounty submissions and improve bot management turning & protections prior to ...

Application Security Engineer

Pittsburgh, PA · On-site

$110K - $120K/yr

Description About Wolfe Recognized among Pittsburgh's 2024 Top Workplaces and Fastest-Growing ... Driving additional Bug Bounty submissions and improve bot management turning & protections prior to ...

Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming ... top organizations. HackerOne Values HackerOne is dedicated to fostering a strong and inclusive ...

next page

Showing results 1-20

Top Bug Bounty information

What is the highest paying bounty?

In bug bounty programs, the highest payouts can reach up to $1 million or more for critical vulnerabilities in major software or hardware systems. Rewards depend on the severity, impact, and complexity of the security flaw, with some programs offering large bonuses for zero-day exploits or highly impactful findings.

Is bug bounty worth it in 2026?

Bug bounty programs remain a valuable opportunity for security researchers and ethical hackers, including those pursuing roles like Top Bug Bounty hunters, as they offer potential monetary rewards and skill development. The industry continues to grow with increasing demand for cybersecurity expertise, making bug bounty hunting a relevant and potentially profitable activity in 2026. Success depends on technical skills, knowledge of security tools, and understanding of program rules.

Will Facebook pay $500 if you find a bug in their code?

As a bug bounty hunter working with Facebook's bug bounty program, rewards vary depending on the severity and impact of the vulnerability discovered. While some bugs may earn hundreds or thousands of dollars, a $500 payout is not guaranteed and depends on the program's criteria and the quality of the report. Participants should review Facebook's bug bounty policies on platforms like HackerOne for specific payout details.

Which bug bounty pays the most?

Top bug bounty programs, such as those from major technology companies like Google, Facebook, and Microsoft, often offer the highest payouts, with rewards reaching hundreds of thousands of dollars for critical vulnerabilities. Bounty amounts depend on the severity of the bug, the program's budget, and the researcher’s skill level, with some programs providing additional recognition or bonuses for high-impact findings.
More about Top Bug Bounty jobs
What cities are hiring for Top Bug Bounty jobs? Cities with the most Top Bug Bounty job openings:
What states have the most Top Bug Bounty jobs? States with the most job openings for Top Bug Bounty jobs include:
What job categories do people searching Top Bug Bounty jobs look for? The top searched job categories for Top Bug Bounty jobs are:
Infographic showing various Top Bug Bounty job openings in the United States as of July 2026, with employment types broken down into 69% Locum Tenens, 27% Full Time, 2% Part Time, and 2% Summer. Highlights an 87% Physical, 1% Hybrid, and 12% Remote job distribution.
Product Security Engineer

$45 - $50/hr

Contractor

Medical, Dental, Vision, Life, Retirement, PTO

Posted 13 days ago


Job description

Description

About the Role

Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for external vulnerability reports submitted through the program, working closely with internal engineering and security teams to ensure timely, accurate triage and resolution.

Responsibilities

Triage incoming vulnerability reports submitted via the bug bounty platform, assessing validity, impact, and scope.

Assign CVSS scores and severity ratings accurately, following Adobe’s internal severity guidelines and industry standards.

Reproduce proof-of-concept (PoC) exploits to validate reported vulnerabilities across web, API, and mobile surfaces.

Communicate clearly and professionally with external researchers: request clarifications, provide status updates, and manage expectations.

Coordinate with product engineering teams to route confirmed vulnerabilities for remediation.

Identify duplicate, out-of-scope, or informational reports and close them with clear, respectful explanations.

Contribute to internal documentation, triage runbooks, and severity calibration guidelines.

Flag systemic or critical findings to Bug Bounty team for escalation as needed.

Required Qualifications

3+ years of experience in application security, penetration testing, or a bug bounty / vulnerability disclosure role.

Strong understanding of CVSS v3.1 scoring and hands-on experience applying it to real-world vulnerabilities.

Proficiency in common web vulnerability classes: XSS, SQL injection, SSRF, IDOR, authentication flaws, and business logic issues.

Ability to reproduce and validate PoC exploits using tools such as Burp Suite, browser DevTools, curl, and custom scripts.

Familiarity with bug bounty platforms (e.g., HackerOne, Bugcrowd) and responsible disclosure processes.

Solid written communication skills — able to write clear, constructive responses to researchers of all skill levels.

Familiarity with attacker techniques used by external researchers against LLM systems and generative AI products.

Knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.

Skills

Application security, cvss, hackerone, owasp 10 frameworks, security testing, ai vulnerabilities, ai expertise, owasp 10 LLM

Top Skills Details

Application security,cvss,hackerone,owasp 10 frameworks,security testing

Additional Skills & Qualifications

Experience with cloud environments (AWS, Azure, GCP) and API security testing.

Hands-on experience in penetration testing of AI/ML and LLM-powered products, including chat interfaces, agentic workflows, and inference APIs.

Prior participation in bug bounty programs as a researcher.

Familiarity with OWASP Top 10, CWE taxonomy, and CVE assignment processes.

Background working within a large enterprise or SaaS security organization.

Job Type & Location

This is a Contract position based out of Lehi, UT.

Pay and Benefits

The pay range for this position is $45.00 - $50.00/hr.

Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)

Workplace Type

This is a hybrid position in Lehi,UT.

Application Deadline

This position is anticipated to close on Jun 30, 2026.

About TEKsystems

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

About TEKsystems and TEKsystems Global Services

We’re a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We’re a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We’re strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We’re building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.

The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

San Francisco Fair Chance Ordinance: Pursuant to the San Francisco Fair Chance Ordinance, for all positions located in the city and county of San Francisco, we will consider for employment qualified applicants with arrest and conviction records.

Massachusetts Lie Detector: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Use of Artificial Intelligence (AI): We may use Artificial Intelligence (AI) to support parts of our hiring process, including sourcing, screening, and evaluating candidates. AI helps assess applications and qualifications, but final decisions are made by our hiring team. By applying, you acknowledge and agree that your application may be reviewed using AI tools.