Some freelance elite hackers are making more than $500,000 a year by detecting security flaws and reporting the issues to big companies, such as Tesla and organizations like the Department of Defense, according to new data provided by ethical hacking platform Bugcrowd.

The company, founded in 2012, is one of few so-called “bug bounty” firms that provide a platform for hackers to safely monitor security flaws for companies that desire to be tested. These freelance hackers are employed on a clearly defined contract for a specific company, in which they get paid a bounty when they are able to discover a flaw within a company’s infrastructure. The payment they receive is typically based on how serious the problem is.

Bugcrowd CEO Casey Ellis says companies are seeking alternatives for cybersecurity testing as millions of jobs in the field are going vacant. According to some estimates, as many as 3.5 million cyber jobs may be left open by 2021.

Ellis reports that the company witnessed its largest payout for a singly exploit last year – $113,000 for a bug discovered at a large tech hardware company. According to the data provided, payouts rose 37 percent year after year in 2018.

“They found a particular vulnerability class and they go after that over and over again at different companies. They will go all around cyberspace and try to find as many opportunities to exploit that vulnerability as they can,” Ellis said.

“They also have good reconnaissance skills and are able to operate on an understanding of what might cause the most damage to an organization. A good sense of how businesses work, or how their infrastructure is built, is really helpful,” he added.

94 percent of Bugcrowd’s hunters are ages 18 to 44,  though there are several that are still in high school or middle school. According to Ellis, the cost of entry is low and based on skills. Nearly a quarter of these hackers on the platform do not even have a college degree.