Product Security Engineer (Bug Bounty) at Webriy

About the Role

Webriy is seeking a skilled and passionate Product Security Engineer to lead and grow our Bug Bounty and Responsible Disclosure Program. This role is pivotal in making sure our products are resilient, secure, and trusted by our global customers. You'll collaborate with researchers around the world, manage vulnerability reports, and work alongside engineering teams to ship secure code.

This is a remote position open to candidates worldwide.

What You’ll Do

• Own and evolve Webriy's bug bounty and responsible disclosure program.

• Triage, reproduce, and assess reported vulnerabilities.

• Collaborate with internal engineering and product teams to prioritize and remediate security findings.

• Communicate effectively with external researchers and security partners.

• Design tools and infrastructure to enhance researcher testing capabilities.

• Research and stay ahead of product security trends and share insights internally.

• Identify patterns in vulnerabilities to make systemic improvements across the codebase.

• Build internal tooling and documentation to streamline secure development workflows.

What We’re Looking For

Education & Experience

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field—or equivalent practical experience.

• 3+ years in application security, bug bounty triage, or vulnerability management.

Skills & Qualifications

• Deep understanding of modern web application security concepts and common vulnerabilities (OWASP Top 10, etc.).

• Proven experience triaging bug bounty reports or working on platforms like HackerOne or Bugcrowd.

• Strong communication skills to work with both technical teams and external researchers.

• Familiarity with tools like Burp Suite, Nmap, or custom security scripts.

• Hands-on experience performing manual and automated penetration tests.

• Code review experience in one or more of the following languages: JavaScript, TypeScript, Python, Go, C++, or Node.js.

• Experience working with cloud environments such as AWS or Azure.

• Passion for building safer products and creating a culture of security.

Nice to Have

• Contributions to open source security tools or research.

• Publicly disclosed vulnerabilities or bug bounty acknowledgments.

• Prior experience building secure development lifecycle (SDL) processes.

What You'll Get

• Competitive salary range of $100K - $190K / year, depending on experience and location.

• Remote-first culture—work from anywhere.

• Equity and performance-based bonuses.

• Generous health, dental, and vision benefits.

• Paid time off, including volunteer days to support causes you care about.

• Opportunities to attend and speak at security conferences.

• A strong security-minded culture with leadership support.

About Webriy

At Webriy, we’re building secure, scalable solutions for the digital age. Trusted by companies around the globe, our mission is to empower businesses with technology that’s safe, transparent, and future-ready. Security isn’t an afterthought here—it’s embedded into everything we do.

We believe diversity, curiosity, and continuous learning are key to doing great work. Join us and help shape the future of product security from wherever you are.