Vercel at a glance
vercel-villedieu-le-camp.fr- Founded 1962
SEC filings mentioning "Vercel": 11 — search EDGAR
Source: Wikipedia
Vercel
About Vercel:
Vercel is the agentic infrastructure company. We free people and agents to ship what’s next.
For more than a decade, Vercel has shaped how the web is built. As the team behind Next.js, v0, and AI SDK, we create products that help builders move from idea to production with speed, security, and exceptional developer experience.
Now, software is entering a new era, and the next generation of products will not just be used by people. They will be built, extended, and operated by agents.
We are building the platform for that future, trusted by companies like OpenAI, PayPal, Ramp, Supreme, and millions of developers worldwide. Whether you’re building our products, supporting our customers, growing our community, or shaping our story, you’ll help define what comes next.
About the Role:
We are looking for a Product Security Engineer to join our security team to drive critical product security initiatives across Vercel’s products and platform. Your core focus will be on threat modeling, open-source software security, secure code review, SDLC tooling, and bug bounty program management. You will support both our internal product engineering teams and customer-facing security programs, ensuring that security is embedded throughout our development lifecycle and that our platform earns the trust of developers and end-users alike.
As a senior member of the team, you will lead cross-organizational security projects and champion a security-first culture within Vercel’s engineering organization. This is a high-impact role with broad scope – your work will not only secure Vercel’s core infrastructure and products (built with Next.js, Node.js, and serverless architecture), but also influence the security of the open-source ecosystems we contribute to.
If you’re based within a pre-determined commuting distance of one of our offices (SF, NY, London, or Berlin), the role includes in-office anchor days on Monday, Tuesday, and Friday. If you’re located beyond that distance, the role is fully remote. For location-specific details, please connect with our recruiting team.
What You Will Do:
- Threat Modeling & Design Review: Partner with engineering and product teams to perform threat modeling for new and existing features. Identify potential risks early in the design phase and recommend security controls or design changes to mitigate threats. You will ensure security concerns are addressed from the inception of features through deployment.
- Secure Code Review: Conduct secure code reviews and security assessments on products and services built with Next.js, Node.js, and our serverless backend. You’ll uncover code-level vulnerabilities, provide actionable remediation guidance to developers, and establish best practices for secure coding across the engineering team.
- Open Source Security Management: Oversee Vercel’s open-source security efforts. This includes monitoring and coordinating fixes for vulnerabilities in third-party open-source packages we use (as a consumer) and ensuring the security of the open-source projects we maintain and publish (as a contributor/publisher, e.g. Next.js). You will work with maintainers and the community on responsible disclosure and patching of security issues in open-source code.
- SDLC Tooling & Automation: Evaluate, select, and integrate security tools into our Software Development Life Cycle. You will drive the implementation of automated security checks – for example, using GitHub Advanced Security (GHAS) and other static analysis, dependency scanning, and secret detection tools – directly in our CI/CD pipelines and GitHub workflows. By embedding security tooling into developer workflows, you will help catch issues early and reduce manual effort.
- Bug Bounty Program Management: Own and expand Vercel’s bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues are promptly addressed, and coordinate cross-team efforts to remediate and learn from reported vulnerabilities. You’ll also work on making our bug bounty a world-class, researcher-friendly program, including refining policies, scope, and engagement to encourage high-quality submissions.
- Cross-Organizational Security Initiatives: Lead and contribute to security projects that span multiple teams and disciplines. For example, you might drive a company-wide upgrade to a more secure framework, implement a new authentication/authorization mechanism in collaboration with product teams, or roll out a security awareness program for engineers. You will act as a security champion across the org, aligning stakeholders from Engineering, DevOps, Product, and other groups to implement lasting security improvements.
- Customer-Facing Security Support: Work closely with customer success and product marketing on security-related initiatives that impact our users. This may involve contributing to security documentation and whitepapers, assisting with customer security questionnaires or audits by providing product security expertise, and communicating our security features and best practices to build customer trust in the platform.
About You:
- Experienced Security Engineer: You have 5+ years of experience in an Product Security or Product Security role (or related field), with a track record of securing web products and services. You’re well-versed in the fundamentals of product security and have hands-on experience finding and fixing vulnerabilities.
- Web Tech Stack Proficiency: Strong familiarity with JavaScript/TypeScript and Node.js runtime security. Experience with modern web frameworks (ideally Next.js or React and Node-based frameworks) and understanding of their security considerations. You can read and review code in these technologies to spot security flaws.
- Threat Modeling & SDLC Expertise: Demonstrated ability to perform threat modeling and architectural risk analysis for complex product. You understand how to integrate security into a fast-paced SDLC without slowing it down. Experience implementing or working with secure development lifecycle practices (secure design, code review, pentesting, etc.) is required.
- Security Tools & Automation: Hands-on experience with product security tooling such as static product security testing (SAST), dynamic testing (DAST), dependency vulnerability scanners, and CI/CD pipeline security integration. Familiarity with GitHub Advanced Security or similar tools for code scanning and secret detection is a strong plus.
- Open Source and Supply Chain Security: Knowledge of open-source security best practices. You have experience dealing with open-source dependencies and package management security (e.g., handling vulnerability advisories, using tools like Dependabot or Snyk). Bonus if you have contributed to or maintained open-source projects, especially security-related ones.
- Bug Bounty & Vulnerability Management: Exposure to running or participating in a bug bounty program or vulnerability disclosure process. You know how to assess externally reported issues, reproduce and validate vulnerabilities, and coordinate fixes. You stay up-to-date on the latest vulnerabilities (OWASP Top 10, emerging threats) and methods to mitigate them.
- Cloud & Serverless Security Understanding: Solid understanding of cloud architecture and serverless environments from a security perspective. You are familiar with securing products on cloud platforms (e.g., securing serverless functions, protecting APIs, managing secrets and keys). Experience with related cloud security concepts or tools is a plus.
- Technical Leadership: Proven ability to drive security initiatives and influence engineering teams to adopt best practices. You can work cross-functionally to achieve security goals – for example, rolling out a new security tool or standard across many engineers. (While we emphasize technical skills, this senior role requires you to effectively communicate and lead within the organization to get things done.)
Bonus If You:
- Have prior software development experience beyond security (e.g. as a frontend or backend engineer). Being able to empathize with developers and write or contribute code will help you integrate security seamlessly into development.
- Hold relevant security certifications or recognitions (for example, OSCP, OSWE, CISSP, or notable bug bounty hall of fame entries). These demonstrate your depth of knowledge, though they are not required.
- Experience with security policy-as-code or infrastructure as code security (for instance, using tools like Open Policy Agent, Terraform security checks, etc.). This shows you can bring security into the automation and infrastructure realm.
- Have built or implemented security features in a product (such as authentication systems, encryption, secure CI/CD pipelines) or contributed to security community projects/tools.
- Are an active participant in the security community (e.g., contributing to open source security projects, writing blog posts or research, attending or speaking at security conferences). A passion for continuous learning and sharing knowledge is always a plus on our team.
Benefits:
- Competitive compensation package, including equity.
- Inclusive Healthcare Package.
- Learn and Grow – we provide mentorship and send you to events that help you build your network and skills.
- Flexible Time Off.
- We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed.
The San Francisco, CA base pay range for this role is $208,000.00 – $312,000.00. Actual salary will be based on job-related skills, experience, and location. Compensation outside of San Francisco may be adjusted based on employee location. The total compensation package may include benefits, equity-based compensation, and eligibility for a company bonus or variable pay program depending on the role. Your recruiter can share more details during the hiring process.
Vercel is committed to fostering and empowering an inclusive community within our organization. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Vercel encourages everyone to apply for our available positions, even if they don’t necessarily check every box on the job description.
To apply for this job please visit job-boards.greenhouse.io.
Terms used in this posting
- equity
- Ownership stake in the company, usually in the form of stock options or RSUs, offered in addition to salary.
Explore Vercel online
What people say about Vercel
- Did North Korea Really Attack Sony?
- Ask HN: Who wants to be hired? (July 2026)
- Better Auth is joining Vercel
- Ask HN: Who is hiring? (July 2026)
Recent news
- Vercel acquires Better Auth to give AI agents their own identity - The New Stack
- Vercel CEO Guillermo Rauch on the fight to split off models from agents - TechCrunch
- Vercel Now Lets You Deploy Any Dockerfile Straight to Production - Cloud Native Now
- Vercel's CEO said choosing one AI lab to partner with is a thing of the past - Business Insider
- Vercel CEO Calls Single-Lab Partnerships Obsolete - Let's Data Science
Aggregated from public discussions and news; opinions are the authors’ own.
Working in Remote - United States
Weather right now in Remote - United States: checking… · Local time: · Air quality: · Daylight: · UV index:
Oregon is a state in the Pacific Northwest region of the United States. It is a part of the Western United States, with the Columbia River delineating much of Oregon's northern boundary with Washington, while the Snake River delineates much of its eastern boundary with Idaho. The 42° north parallel delineates the southern boundary with California and Nevada. The western boundary is formed by the P
🇺🇸 Relocation safety for US: Exercise Normal Caution — via Warnely, CC BY 4.0
National unemployment rate in US: 4.2% — via World Bank
Recent seismic activity: 1 earthquake (M4.5+) within 200km in the last 6 months — largest M4.8 near 89 km WSW of Crescent City, CA. via USGS
- Elevation 75m (246 ft)
Source: Wikipedia (state)
Job details above are provided by the employer/source. The sections on this page are compiled from public data sources with AI assistance.
Accommodations: if you need a workplace accommodation to apply for or perform this job, see ADA.gov or EEOC.gov for guidance on your rights and how to request one.
Keep exploring on Get A Job.ai
Not quite the right fit? Your next opportunity is a click away.
- Browse all jobs
- More jobs by category
- Remote jobs you can do from anywhere
- Research typical pay for this role
- Set a job alert so new matches reach you first
- Upload your resume to apply faster
Hiring instead? Post a job and reach candidates searching right now.
