PB✓
PBridge
Log inSign up free
Full-timeDevelopmentWorldwide

Product Security Engineer

at Vercel

Vercel seeks a Product Security Engineer to drive critical product security initiatives across its products and platform, focusing on threat modeling, open-source security, secure code review, SDLC tooling, and bug bounty program management.

Job Description

About Vercel

Vercel is the agentic infrastructure company. We free people and agents to ship what’s next.

For more than a decade, Vercel has shaped how the web is built. As the team behind Next.js, v0, and AI SDK, we create products that help builders move from idea to production with speed, security, and exceptional developer experience.

Now, software is entering a new era, and the next generation of products will not just be used by people. They will be built, extended, and operated by agents.

We are building the platform for that future, trusted by companies like OpenAI, PayPal, Ramp, Supreme, and millions of developers worldwide. Whether you’re building our products, supporting our customers, growing our community, or shaping our story, you’ll help define what comes next.

About the Role

We are looking for a Product Security Engineer to join our security team to drive critical product security initiatives across Vercel’s products and platform. Your core focus will be on threat modeling, open-source software security, secure code review, SDLC tooling, and bug bounty program management. You will support both our internal product engineering teams and customer-facing security programs, ensuring that security is embedded throughout our development lifecycle and that our platform earns the trust of developers and end-users alike.

As a senior member of the team, you will lead cross-organizational security projects and champion a security-first culture within Vercel’s engineering organization. This is a high-impact role with broad scope – your work will not only secure Vercel’s core infrastructure and products (built with Next.js, Node.js, and serverless architecture), but also influence the security of the open-source ecosystems we contribute to.

If you’re based within a pre-determined commuting distance of one of our offices (SF, NY, London, or Berlin), the role includes in-office anchor days on Monday, Tuesday, and Friday. If you're located beyond that distance, the role is fully remote. For location-specific details, please connect with our recruiting team.

What You Will Do

  • Threat Modeling & Design Review: Partner with engineering and product teams to perform threat modeling for new and existing features. Identify potential risks early in the design phase and recommend security controls or design changes to mitigate threats. You will ensure security concerns are addressed from the inception of features through deployment.
  • Secure Code Review: Conduct secure code reviews and security assessments on products and services built with Next.js, Node.js, and our serverless backend. You’ll uncover code-level vulnerabilities, provide actionable remediation guidance to developers, and establish best practices for secure coding across the engineering team.
  • Open Source Security Management: Oversee Vercel’s open-source security efforts. This includes monitoring and coordinating fixes for vulnerabilities in third-party open-source packages we use (as a consumer) and ensuring the security of the open-source projects we maintain and publish (as a contributor/publisher, e.g. Next.js). You will work with maintainers and the community on responsible disclosure and patching of security issues in open-source code.
  • SDLC Tooling & Automation: Evaluate, select, and integrate security tools into our Software Development Life Cycle. You will drive the implementation of automated security checks – for example, using GitHub Advanced Security (GHAS) and other static analysis, dependency scanning, and secret detection tools – directly in our CI/CD pipelines a

Responsibilities & Requirements

Responsibilities

  • Partner with engineering and product teams to perform threat modeling for new and existing features
  • Identify potential risks early in the design phase and recommend security controls or design changes to mitigate threats
  • Ensure security concerns are addressed from the inception of features through deployment
  • Conduct secure code reviews and security assessments on products and services built with Next.js, Node.js, and serverless backend
  • Uncover code-level vulnerabilities and provide actionable remediation guidance to developers
  • Establish best practices for secure coding across the engineering team
  • Oversee Vercel's open-source security efforts
  • Monitor and coordinate fixes for vulnerabilities in third-party open-source packages
  • Ensure the security of open-source projects Vercel maintains and publishes
  • Work with maintainers and the community on responsible disclosure and patching of security issues in open-source code
  • Evaluate, select, and integrate security tools into the Software Development Life Cycle
  • Drive implementation of automated security checks using GitHub Advanced Security and other static analysis, dependency scanning, and secret detection tools in CI/CD pipelines
  • Lead cross-organizational security projects
  • Champion a security-first culture within Vercel's engineering organization

Skills

threat modelingsecure code reviewopen source securitySDLC toolingvulnerability managementNext.jsNode.jsserverless architecturesecurity automationbug bounty
More Development Jobs
Browse all active remote development positions →
More Remote Jobs
Browse all remote & freelance roles →