Vercel

Product Security Engineer

9.0/10
Vercel
$208,000 – $312,000 USD117.6% above market
Remote
mid
about 5 hours ago
AI SummaryVerified by Aipplify AI

The vacancy is well-structured and informative, making it appealing to qualified applicants.

AI quality score8.6 / 10

Check Match — Just drop your CV

See your fit for Product Security Engineer in seconds.

Overview

Join Vercel as a Product Security Engineer to drive critical security initiatives across our products and platform, ensuring security is embedded throughout the development lifecycle. About Vercel: Vercel is the agentic infrastructure company. We free people and agents to ship what’s next. For more than a decade, Vercel has shaped how the web is built. As the team behind Next.js, v0, and AI SDK, we create products that help builders move from idea to production with speed, security, and exceptional developer experience. Now, software is entering a new era, and the next generation of products will not just be used by people. They will be built, extended, and operated by agents. We are building the platform for that future, trusted by companies like OpenAI, PayPal, Ramp, Supreme, and millions of developers worldwide.

What You Will Do

  • Threat Modeling & Design Review: Partner with engineering and product teams to perform threat modeling for new and existing features. Identify potential risks early in the design phase and recommend security controls or design changes to mitigate threats.
  • Secure Code Review: Conduct secure code reviews and security assessments on products and services built with Next.js, Node.js, and our serverless backend.
  • Open Source Security Management: Oversee Vercel’s open-source security efforts, including monitoring and coordinating fixes for vulnerabilities in third-party open-source packages.
  • SDLC Tooling & Automation: Evaluate, select, and integrate security tools into our Software Development Life Cycle.
  • Bug Bounty Program Management: Own and expand Vercel’s bug bounty program, triaging and validating incoming vulnerability reports.
  • Cross-Organizational Security Initiatives: Lead and contribute to security projects that span multiple teams and disciplines.
  • Customer-Facing Security Support: Work closely with customer success and product marketing on security-related initiatives that impact our users.

Benefits

  • Competitive compensation package, including equity.
  • Inclusive Healthcare Package.
  • Learn and Grow - mentorship and events to build your network and skills.
  • Flexible Time Off.
  • WFH budget to outfit your space as needed.

About You

  • Experienced Security Engineer: 5+ years of experience in a Product Security or related role, with a track record of securing web products and services.
  • Web Tech Stack Proficiency: Strong familiarity with JavaScript/TypeScript and Node.js runtime security.
  • Threat Modeling & SDLC Expertise: Demonstrated ability to perform threat modeling and architectural risk analysis for complex products.
  • Security Tools & Automation: Hands-on experience with product security tooling such as SAST, DAST, and CI/CD pipeline security integration.
  • Open Source and Supply Chain Security: Knowledge of open-source security best practices.
  • Bug Bounty & Vulnerability Management: Exposure to running or participating in a bug bounty program.
  • Cloud & Serverless Security Understanding: Solid understanding of cloud architecture and serverless environments from a security perspective.
  • Technical Leadership: Proven ability to drive security initiatives and influence engineering teams.
Loading similar jobs...