Vercel: Senior Product Security Engineer

About the Role

Vercel is at the forefront of the modern web, empowering developers with the infrastructure to build, scale, and secure high-performance applications. We are seeking a Senior Product Security Engineer to lead critical security initiatives across our platform and open-source ecosystem, ensuring that our products—including Next.js and the AI SDK—remain the gold standard for secure, AI-native development. In this high-impact role, you will champion a security-first culture, bridging the gap between innovative feature development and robust defense-in-depth strategies.

As a senior member of our security team, your influence will extend beyond internal infrastructure to the broader open-source community. You will work closely with engineering and product teams to integrate security into every stage of the software development lifecycle, ensuring that Vercel continues to earn the trust of global brands like PayPal, Supreme, and Under Armour. This role offers the opportunity to solve complex security challenges in a serverless, fast-paced environment while helping to shape the future of the web.

• Threat Modeling & Design Review: Partner with engineering and product teams to identify potential risks early in the design phase. You will recommend security controls and design modifications to mitigate threats from inception through deployment.
• Secure Code Review: Conduct rigorous security assessments on products built with Next.js, Node.js, and serverless architectures. You will uncover code-level vulnerabilities and provide actionable remediation guidance to maintain high coding standards.
• Open Source Security Management: Oversee the security of Vercel’s open-source contributions and third-party dependencies. You will coordinate vulnerability fixes for packages we use and ensure the security integrity of the projects we maintain, such as Next.js.
• SDLC Tooling & Automation: Evaluate and integrate advanced security tools like GitHub Advanced Security (GHAS) into our CI/CD pipelines. You will drive the implementation of static analysis, dependency scanning, and secret detection to catch issues early.
• Bug Bounty Program Leadership: Own and expand Vercel’s bug bounty program. You will triage researcher reports, coordinate cross-team remediation efforts, and refine policies to foster a world-class, researcher-friendly environment.
• Cross-Organizational Initiatives: Act as a security champion, leading projects that span multiple disciplines. This includes implementing company-wide security frameworks, rolling out awareness programs, and collaborating with DevOps on platform-wide hardening.
• Customer-Facing Security Support: Collaborate with customer success and marketing to produce security documentation, whitepapers, and responses to security questionnaires, building long-term trust with our enterprise users.

• Experience: 5+ years of dedicated experience in Product Security or Application Security, with a proven track record of securing high-traffic web products.
• Technical Proficiency: Expert-level understanding of JavaScript, TypeScript, and Node.js security. You should be comfortable performing deep-dive reviews of modern web frameworks like React and Next.js.
• Security Tooling: Hands-on expertise with SAST, DAST, and SCA tools. Experience integrating security checks into GitHub workflows and CI/CD pipelines is highly preferred.
• Architecture Knowledge: Solid understanding of cloud security, specifically regarding serverless functions, API protection, and secrets management within cloud-native environments (AWS/GCP).
• Leadership Skills: Ability to influence engineering teams and drive security adoption without sacrificing development velocity. Excellent communication skills are essential for cross-functional collaboration.
• Vulnerability Management: Experience managing bug bounty programs and a deep understanding of the OWASP Top 10 and emerging web threat vectors.

• Comprehensive Compensation: Competitive salary package including equity and eligibility for company bonus programs.
• Health & Wellness: Inclusive healthcare package covering medical, dental, and vision insurance.
• Professional Growth: Access to mentorship and a dedicated budget for attending industry events, conferences, and networking opportunities.
• Remote Flexibility: A remote-first culture with a work-from-home budget to outfit your workspace and the latest hardware to ensure your success.
• Work-Life Balance: Flexible Time Off policy and a mission-driven environment where everyone is empowered to do their best work.

Required Skills