Remote
$208k–$312k
middle
5 days ago
full-time
quality 8.6/10
What You Will Do:
- Threat Modeling & Design Review: Partner with engineering and product teams to perform threat modeling for new and existing features. Identify potential risks early in the design phase and recommend security controls or design changes to mitigate threats.
- Secure Code Review: Conduct secure code reviews and security assessments on products and services built with Next.js, Node.js, and our serverless backend.
- Open Source Security Management: Oversee Vercel’s open-source security efforts, including monitoring and coordinating fixes for vulnerabilities in third-party open-source packages.
- SDLC Tooling & Automation: Evaluate, select, and integrate security tools into our Software Development Life Cycle.
- Bug Bounty Program Management: Own and expand Vercel’s bug bounty program, triaging and validating incoming vulnerability reports.
- Cross-Organizational Security Initiatives: Lead and contribute to security projects that span multiple teams and disciplines.
- Customer-Facing Security Support: Work closely with customer success and product marketing on security-related initiatives that impact our users.
About You:
- Experienced Security Engineer: 5+ years of experience in a Product Security or related role, with a track record of securing web products and services.
- Web Tech Stack Proficiency: Strong familiarity with JavaScript/TypeScript and Node.js runtime security.
- Threat Modeling & SDLC Expertise: Demonstrated ability to perform threat modeling and architectural risk analysis for complex products.
- Security Tools & Automation: Hands-on experience with product security tooling such as SAST, DAST, and CI/CD pipeline security integration.
- Open Source and Supply Chain Security: Knowledge of open-source security best practices.
- Bug Bounty & Vulnerability Management: Exposure to running or participating in a bug bounty program.
- Cloud & Serverless Security Understanding: Solid understanding of cloud architecture and serverless environments from a security perspective.
- Technical Leadership: Proven ability to drive security initiatives and influence engineering teams.
Benefits:
- Competitive compensation package, including equity.
- Inclusive Healthcare Package.
- Learn and Grow - mentorship and events to build your network and skills.
- Flexible Time Off.
- WFH budget to outfit your space as needed.
Similar jobs
Software Engineer I - AI and ML
Zinnia · Remote
$100k–$160k
2 months ago
View →
Design Engineer
Polymarket · Remote
$200k–$280k
27 days ago
View →
Senior Infrastructure Engineer
MoonPay · Remote
$170k–$220k
28 days ago
View →
Crypto Trading Platform Engineer
Rather Labs · Remote
$120k–$120k
1 month ago
View →
Manager, Brand Design Engineering
Gemini · Remote
$151k–$215k
1 month ago
View →
Operations Reliability Engineer - Automations
Alpaca · Remote
$105k–$175k
2 months ago
View →