1. Finding one security problem is not necessarily enough to qualify for a job offer

2. They sent him a trophy. It wasn't just any ball pen with the company logo but a nice, topical t-shirt

As someone else pointed out - he disclosed the vulnerability publicly before informing LinkedIn. Most companies wouldn't have given him anything.