Freelance elite hackers can make more than $500,000 a year searching for security flaws and reporting those issues at big companies like Tesla and organizations like the Department of Defense, according to new data released by ethical hacking platform Bugcrowd.
The company, founded in 2012, is one of a handful of so-called "bug bounty" firms that provide a platform for hackers to safely chase security flaws at companies that want to be tested.
Hackers work on a clearly defined contract for a specific company and get paid a bounty when they are able to find a flaw in a company's infrastructure. How much they're paid depends on how serious the problem is.
Companies are increasingly looking for alternatives for cybersecurity testing as millions of jobs in the field go vacant, said Bugcrowd CTO Casey Ellis. By some estimates, as many as 3.5 million cyber jobs may be left open by 2021.
Last year, the company saw it's largest payout for a single exploit — $113,000 for a bug found at a large tech hardware company, Ellis said. Payouts rose 37 percent year over year in 2018, according to the data.