Synack
Synack runs a closed, vetted researcher network called the Synack Red Team. It's not a bounty platform in the traditional sense - you don't sign up and start hunting. You apply, get assessed, pass a background check, and if you clear the bar, you get mission-based work assigned to you. That model appeals to some researchers and puts others off entirely. Know which camp you're in before applying.
The SRT Model
The Synack Red Team is Synack's pool of vetted security researchers. Unlike H1 or Bugcrowd where anyone can register and start submitting, SRT membership requires:
- A formal application including your background, prior work, and security experience
- A technical assessment - practical testing challenges that gauge your real skill level
- A background check (standard criminal and identity verification)
- An interview in some cases, particularly for applicants with thinner public portfolios
The vetting process takes time. Some applicants hear back in a few weeks; others wait months. Synack is selective, and the population of active SRT members is much smaller than the researcher counts on open platforms. That's the point.
Mission-Based Work vs. Free-Form Hunting
This is the fundamental difference from every other platform in this guide.
On H1 or Bugcrowd, you pick a program, read the scope, and go hunting on your own schedule. You decide where to spend your time. You control your workflow entirely.
On Synack, you get missions. A mission defines:
- The target (which is always a Synack client's asset)
- The scope: specific URLs, IPs, or application features
- The testing window: when you can test and for how long
- The objectives: what you're being asked to assess
You work within that structure. You can't go hunting outside the assigned scope even if you spot something adjacent. You report within the mission parameters.
For researchers who like freedom and self-direction, this is restrictive. For researchers who want predictable, paid work without spending hours on program selection and reconnaissance groundwork, the structure is a feature.
Liquid Platinum and Payout Mechanics
Synack's primary currency for researchers is Liquid Platinum (LP). LP accrues based on the findings you submit and the missions you complete. It converts to cash payout and tracks your performance history on the platform.
Key points on LP:
- LP is awarded per validated finding, with amounts tied to severity
- Some engagements are paid per hour or per engagement rather than purely per finding - this varies by contract type and client
- LP history factors into which future missions you're offered. Consistent output gets you better assignments
- Payout rates for critical and high findings on Synack engagements can be competitive with the top end of open platform bounties, but the comparison isn't direct because the work model differs
The per-hour component, where it exists, is a meaningful differentiator. Most bug bounty work pays nothing for time spent on targets that yield nothing. Some Synack engagement types compensate for the assessment work itself, not just the findings.
What the Vetting Looks Like
The technical assessment is not trivial. Synack tests applied skills, not theoretical knowledge. Expect:
- Web application testing challenges
- Network-level assessment tasks
- Possibly mobile or API-focused challenges depending on your stated specialisation
- Time-pressured elements
The background check is real. Synack works with enterprise clients and government contractors. SRT members have access to sensitive client infrastructure. Anyone with significant criminal history, particularly around computer crime, won't pass. If that's a concern, don't waste your time applying.
Non-Disclosure
SRT members sign strict NDAs. You cannot:
- Publicly disclose findings from Synack engagements
- Name Synack clients you've worked on
- Reference specific vulnerabilities found on Synack missions
This has a direct consequence: Synack work doesn't build your public portfolio the way disclosed H1 reports do. You accumulate skills and income, but you can't point potential employers or other programs at your SRT work.
For researchers whose strategy includes building a visible public track record, this is a real cost. For researchers who prioritise income over visibility, it's a reasonable tradeoff.
Comparing to Private Programs on Open Platforms
Private programs on H1 or Bugcrowd are invitation-only but still operate on the open platform model: you hunt freely within scope, submit what you find, get paid per finding.
Synack missions differ in a few ways worth noting:
- Scope is defined by Synack and the client, not open to researcher interpretation
- Testing windows are finite; you're not continuously hunting the same asset
- Multiple SRT members may be assigned to the same mission simultaneously
- Synack handles client communication entirely; you don't interact with the target company
The experience feels closer to a scoped penetration test than a bug bounty program. That parallel is intentional. Synack positions its service to clients as continuous penetration testing, not a traditional bounty program.
Realistic Assessment
If you clear the SRT vetting, the work is consistent and the pay is real. The mission queue provides structure that self-directed bounty hunting lacks. Researchers who perform well on Synack tend to get more and better missions over time.
The downsides are also real: onboarding is slow, NDAs eliminate public portfolio building, and you trade autonomy for structure. The model doesn't suit every researcher temperament.
Apply if you have demonstrable technical skills, don't mind the non-disclosure constraints, and prefer structured work to open-ended hunting. Don't apply expecting a fast onboarding or a platform that rewards volume over quality.