Dasha Korotkykh (Community Manager)
It’s actually interesting you’d say “developer or tester”. Bug bounty hunters are called different names: cybersec researchers, ethical hackers, infosec, “white hats”... but it doesn’t reflect any specific background. Among our community we have CS students, ex-web developers, QA, even hardware professionals who went and learned security tools and started applying them to bug hunting. There’s no wrong “backstory” for getting into cybersecurity, and the diversity of previous experiences often helps to obtain a fresh angle: someone well-versed in DevOps will notice flaws in API integrations, another hunter with past in the product team can find business logic issues, and so on. To put simply, all you need to do to start with bug bounties is register a profile, select any program with a tech stack that looks interesting, definitely check out the rules (scope of project, and what areas of the app are out of scope and won’t be rewarded), and then just explore it using curiosity and vulnerability research tools.