Bug Bounty Hunter

Bug bounty hunters are individuals who know the nuts and bolts of cybersecurity and are well-versed in finding flaws and vulnerabilities. There are various bug bounty platforms that allow them to be paid to find vulnerabilities in applications and software.

The job description of a Bug Bounty Hunter can include the following:


  • Examine target subdomains, subdomains of subdomains, and flaws. 
  • Implement tools such as Sublister, Aquatone/HostileSubBruteForcer, Nikto, Dig, Nessus, etc. 
  • Formulate vulnerability findings with reproducible proof-of-concept steps.
  • Engage with the security community on trends related to common vulnerabilities exploited in new or innovative ways.
  • Expand and improve existing processes and tooling used for vulnerability validation. 
  • Contribute to the creation of signatures used in automated vulnerability detection products. 
  • Have the opportunity to contribute to vulnerability identification in programs.
  • Report writing.

 Selection Criteria:

  • Degree in Computer Science or Information technology or in a related field
  • Proficient in web application languages like HTML, JavaScript, PHP, SQL, Python, etc.
  • Familiarity with Cross-Site Scripting, Open Redirect, and Insecure Direct Object References (IDOR) 
  • Familiarity with vulnerability analysis tools like Veracode, Nikto, etc.
  • Tested real targets on websites like Facebook, Twitter, Spotify, etc.
  • Knows about the ‘Dark web’, CSRF, SSRF, and the latest vulnerabilities.