xelys jobs xelys jobs

Senior Product Security Engineer

Vercel

full-remoteseniorpermanentsecuritybackend Anywhere in the World 2 days ago via WWR

See how well this job matches your profile

Sign up to get an AI match score and generate a tailored application in seconds.

Get your match score

Tags

Product SecurityThreat ModelingSecure Code ReviewOpen Source SecuritySDLCCI/CDGitHub Advanced Security (GHAS)Dependency ScanningSecret DetectionBug Bounty

About the role

Role Overview

Senior Product Security Engineer on Vercel’s security team, leading product security initiatives across Vercel’s products and platform. The role focuses on embedding security into the SDLC, securing core infrastructure and products, and influencing the security posture of the open-source ecosystems Vercel contributes to.

Responsibilities

  • Threat Modeling & Design Review: Partner with product and engineering teams to perform threat modeling for new and existing features; recommend security controls/design changes to mitigate risks.
  • Secure Code Review: Conduct security-focused code reviews and assessments for products/services built with Next.js and Node.js (including serverless backends). Provide actionable remediation guidance and establish secure coding best practices.
  • Open Source Security Management: Monitor and coordinate fixes for vulnerabilities in third-party open-source dependencies and manage security for open-source projects Vercel maintains/publishes. Work with maintainers/community on responsible disclosure and patching.
  • SDLC Tooling & Automation: Select and integrate security tools into the software development lifecycle; implement automated security checks (e.g., using GitHub Advanced Security (GHAS)), including static analysis, dependency scanning, and secret detection in CI/CD and GitHub workflows.
  • Bug Bounty Program Management: Own and expand Vercel’s bug bounty program—triage/validate reports, ensure prompt remediation of critical issues, coordinate cross-team fixes, and refine policies/scope/engagement.

Requirements / Qualifications

  • Strong experience with threat modeling and security design review.
  • Experience performing secure code reviews and vulnerability remediation for application code.
  • Demonstrated capability in open-source security practices (responsible disclosure, patch coordination).
  • Proven experience integrating security tooling/automation into CI/CD and developer workflows.
  • Ability to triage and manage vulnerability reports and coordinate remediation.

Nice-to-Haves

  • Familiarity with Next.js, Node.js, and serverless architectures.
  • Experience supporting both internal product engineering teams and external/customer-facing security programs.
  • Prior experience running or improving a bug bounty program.

About Vercel

Vercel provides developers with tools and cloud infrastructure to build, scale, and secure a faster, more personalized web. The company is behind v0, Next.js, and the AI SDK, helping customers ship products for the AI-native web.

View original listing Generate application

Scraped 4/19/2026

xelys jobs xelys jobs

Built for remote job seekers. Powered by AI.