More and more organizations are putting in place bug bounty programs. A bug bounty is where you can get cash or swag for discovering security issues in an organization’s website or software. Make sure to read the details of the specific bug bounty program to make sure you understand the rules and stay in scope. Going outside of the scope could present legal issues. This is not by any means an all encompassing list of bug bounty programs. Many large companies have bug bounty programs, so do some searching and keep an ear to the ground to here about new programs starting up.
Also of note is that as of May 2021, Google Cloud Platform and Microsoft Azure have very open bug bounty programs in terms of scope. This could change, but if you want to find issues in a major cloud provider these are the two that allow the most freedom in bug bounties.