Top Bug Bounty Jobs (NOW HIRING)

About the Company:
Tools for Humanity (TFH) designs and builds technology behind World. World is building a real human network designed to accelerate people in the age of AI. As bots and autonomous agents reshape the internet, people, institutions, and applications need a trusted way to confirm who is a real human while preserving privacy. The TFH and World tech stacks make this possible: the Orb verifies real, unique people, World ID proves it privately, and World App puts these capabilities, and more, in people's hands. Together, they add a human layer to an AI-driven internet.
World is already running at a global scale. More than 17 million people across 160 countries have verified with World ID, and more new Orb verifications take place each week. World App is already among the most used wallets globally. Developers are integrating World ID to build safer online experiences and create spaces where real people can participate, earn, and be recognized in ways AI simply can't replicate.
Founded in 2019, TFH has more than 400 people across hardware, software, AI, cryptography, mobile engineering, and global operations. Our teams come from OpenAI, Tesla, SpaceX, Apple, Google, Stripe, Meta, Coinbase, Palantir and MIT Media Lab. We're backed by leading investors, including a16z, Khosla Ventures, Bain Capital Crypto, Blockchain Capital, Variant, Tiger Global, and Coinbase Ventures, as well as prominent operators and founders across fintech and AI.
TFH and World have been featured on the cover of TIME Magazine, highlighted in Fast Company's Next 5 in Fintech, and explored in a Bloomberg deep dive. The New York Times, Bankless and TechCrunch have all recognized our collective progress in identity, cryptography, AI, and global-scale hardware deployment. Our leadership is also named to the Time AI 100. Learn more about the newest product launches from our Liftoff event.
About the Team
The Security team at Tools for Humanity operates at a level far beyond a regular company. Our objective is not just to secure an organization, but to build the trusted, foundational infrastructure for the world's largest identity and financial network. We are a team of over 15 seasoned engineers who are central to the success of the World protocol. We tackle a unique and complex threat landscape that spans state-of-the-art hardware security for the Orb , advanced cryptography including new zero-knowledge proofs, and the security of a global, distributed cloud and mobile ecosystem. Our work is critical to enabling the protocol to scale to billions of users while upholding an unwavering commitment to fail-safe security and privacy.
About the Opportunity
As a Product Security Engineer, you will be a hands-on technical leader responsible for safeguarding the products and services that power the World project. You will be "In the Driver's Seat," proactively embedding security into every stage of the development lifecycle. This is not a role for box-tickers; you will be expected to think from first principles to solve novel security challenges at a global scale. Your work will directly protect our users and ensure the integrity of a protocol designed for the majority of humanity.
You will:

• Lead secure architecture reviews and threat modeling sessions for new application and cloud services.
• Engineer and implement automated security guardrails and reusable libraries to make the secure path the easy path for developers.
• Perform deep-dive, security-focused code and infrastructure reviews in languages like Rust, Go, and Python.
• Own the vulnerability management process, from triaging bug bounty submissions to driving remediation efforts with engineering teams.
• Mature and scale our Secure SDLC and bug bounty programs to keep pace with a rapidly growing engineering organization.

About You
You are a pragmatic and deeply technical security engineer who thrives on solving complex problems. You have a builder's mindset and are passionate about shipping secure products with "Extreme Urgency." You are comfortable with ambiguity and are driven by the opportunity to secure systems with world-changing potential.

• You have 12+ years of hands-on experience in Product Security, Application Security, or Cloud Security.
• You are proficient in code review and development in languages like Rust, Go, and Python.
• You have extensive experience securing modern AWS architectures and developing secure infrastructure-as-code (e.g., Terraform and CDK).
• You are an expert in leading threat modeling sessions and providing actionable guidance to engineering teams.
• You have a strong background in implementing and managing security tooling (SAST, DAST, SCA) and embedding security into CI/CD pipelines.
• You have a deep understanding of web and API security principles (OWASP Top 10) and have experience securing distributed, mobile-first systems.
• Nice to have: Experience scaling a security champions program, expertise in Kubernetes (EKS) and container security or a particular interest in securing mobile applications or smart contracts.

What we offer
The reasonably estimated salary for this role at Tools for Humanity ranges from $276,000 - $320,000 plus a competitive long-term incentive package. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, Tools for Humanity offers a wide range of best-in-class, comprehensive, and inclusive employee benefits for this role, including healthcare, dental, vision, 401(k) plan and match, life insurance, flexible time off, commuter benefits, professional development stipend, and much more.
By submitting your application, you consent to the processing and internal sharing of your CV within the company, in compliance with the GDPR.
If you don't think you meet all of the criteria but are still interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.