Vercel · 8 hours ago
Senior Product Security Engineer
United States
Full-time
Remote
Senior Level
$196K/yr - $294K/yr
5+ years expVercel is a company that provides tools and cloud infrastructure for developers to build, scale, and secure web applications. They are seeking a Senior Product Security Engineer to drive critical product security initiatives, focusing on threat modeling, secure code review, and bug bounty program management, while ensuring security is embedded throughout the development lifecycle.
Artificial Intelligence (AI)Cloud InfrastructureDeveloper PlatformSoftwareWeb Development
Responsibilities
Partner with engineering and product teams to perform threat modeling for new and existing features
Identify potential risks early in the design phase and recommend security controls or design changes to mitigate threats
Conduct secure code reviews and security assessments on products and services built with Next.js, Node.js, and our serverless backend
Uncover code-level vulnerabilities, provide actionable remediation guidance to developers, and establish best practices for secure coding across the engineering team
Oversee Vercel’s open-source security efforts
Monitor and coordinate fixes for vulnerabilities in third-party open-source packages we use (as a consumer) and ensure the security of the open-source projects we maintain and publish (as a contributor/publisher, e.g. Next.js)
Work with maintainers and the community on responsible disclosure and patching of security issues in open-source code
Evaluate, select, and integrate security tools into our Software Development Life Cycle
Drive the implementation of automated security checks – for example, using GitHub Advanced Security (GHAS) and other static analysis, dependency scanning, and secret detection tools – directly in our CI/CD pipelines and GitHub workflows
Own and expand Vercel’s bug bounty program
Triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues are promptly addressed, and coordinate cross-team efforts to remediate and learn from reported vulnerabilities
Drive a company-wide upgrade to a more secure framework, implement a new authentication/authorization mechanism in collaboration with product teams, or roll out a security awareness program for engineers
Work closely with customer success and product marketing on security-related initiatives that impact our users
Qualification
Required
5+ years of experience in a Product Security or Product Security role (or related field), with a track record of securing web products and services
Strong familiarity with JavaScript/TypeScript and Node.js runtime security
Experience with modern web frameworks (ideally Next.js or React and Node-based frameworks) and understanding of their security considerations
Demonstrated ability to perform threat modeling and architectural risk analysis for complex product
Experience implementing or working with secure development lifecycle practices (secure design, code review, pentesting, etc.) is required
Hands-on experience with product security tooling such as static product security testing (SAST), dynamic testing (DAST), dependency vulnerability scanners, and CI/CD pipeline security integration
Knowledge of open-source security best practices
Exposure to running or participating in a bug bounty program or vulnerability disclosure process
Solid understanding of cloud architecture and serverless environments from a security perspective
Proven ability to drive security initiatives and influence engineering teams to adopt best practices
Preferred
Prior software development experience beyond security (e.g. as a frontend or backend engineer)
Hold relevant security certifications or recognitions (for example, OSCP, OSWE, CISSP, or notable bug bounty hall of fame entries)
Experience with security policy-as-code or infrastructure as code security (for instance, using tools like Open Policy Agent, Terraform security checks, etc.)
Have built or implemented security features in a product (such as authentication systems, encryption, secure CI/CD pipelines) or contributed to security community projects/tools
Active participant in the security community (e.g., contributing to open source security projects, writing blog posts or research, attending or speaking at security conferences)
Benefits
Competitive compensation package, including equity.
Inclusive Healthcare Package.
Learn and Grow - we provide mentorship and send you to events that help you build your network and skills.
Flexible Time Off.
We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed.
Company
Vercel
Vercel is a developer platform that provides cloud infrastructure services for the web.
501-1000 employees
H1B Sponsorship
Vercel has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (4)
2024 (2)
2023 (5)
2022 (5)
Funding
Current Stage
Late StageTotal Funding
$863MKey Investors
AccelBedrockGoogle Ventures
2025-09-30Series F· $300M
2024-05-16Series E· $250M
2021-11-23Series D· $150M
Leadership Team
Guillermo Rauch
CEO
Malte Ubl
CTO
Recent News
The New Stack
2026-01-24
Company data provided by crunchbase