Program decompiling, reading the code to get the bug, creating your own exploit for the bug, and also creating a report about the bug on how it can be exploited and the threats it poses to the system.
Companies invest so much for them to just get a software do what they want it to do. So putting a high price stake on it for bug hunting is just fair...and also a high price acts as a motivation to bug hunters to keep hunting.
Happy coding😉 Keep coding🙏🏾
What level? For understanding how to search a bug, you need to know generally as much as possible.
Why? Because companies need trust from their customers and because it costs less to pay bug bounty one time instead of losing money for cracked software
On why the pay so much. It is cheaper to reward bug bounty hunters for their efforts compared to the cost of their application being hacked by blackhats.
On what is needed: An tech background in software development is add advantage as you would need to be able to study/read source codes and find flaws in the. Networking, cryptography, command line and regex are some of the skills to support you too.
I found 4 bugs on huge companies with zero knowledge on programing. I just started to learn C. Bug hunting requires you to know basic networking and basic web vulnerabilities like OWASP top 10 to get you started. As for the huge bounties I don't think is enough in comparison to the economic damage one simple vulnerability could do to a company.