Bug bounty hunters are individuals who know the nuts and bolts of cybersecurity and are well-versed in finding flaws and vulnerabilities. There are various bug bounty platforms that allow them to be paid to find vulnerabilities in applications and software.

The job description of a Bug Bounty Hunter can include the following:

Responsibilities:

• Examine target subdomains, subdomains of subdomains, and flaws. 
• Implement tools such as Sublister, Aquatone/HostileSubBruteForcer, Nikto, Dig, Nessus, etc. 
• Formulate vulnerability findings with reproducible proof-of-concept steps.
• Engage with the security community on trends related to common vulnerabilities exploited in new or innovative ways.
• Expand and improve existing processes and tooling used for vulnerability validation. 
• Contribute to the creation of signatures used in automated vulnerability detection products. 
• Have the opportunity to contribute to vulnerability identification in programs.
• Report writing.

 Selection Criteria:

• Degree in Computer Science or Information technology or in a related field
• Proficient in web application languages like HTML, JavaScript, PHP, SQL, Python, etc.
• Familiarity with Cross-Site Scripting, Open Redirect, and Insecure Direct Object References (IDOR) 
• Familiarity with vulnerability analysis tools like Veracode, Nikto, etc.
• Tested real targets on websites like Facebook, Twitter, Spotify, etc.
• Knows about the ‘Dark web’, CSRF, SSRF, and the latest vulnerabilities.