← all jobs

[Remote] Product Security Engineer

Work from home Full-time role Hiring

Note: The job is a remote job and is open to candidates in USA. Vercel is an agentic infrastructure company that shapes how the web is built. They are seeking a Product Security Engineer to drive critical product security initiatives, focusing on threat modeling, secure code review, and bug bounty program management, while ensuring security is embedded throughout the development lifecycle.

Responsibilities

  • Threat Modeling & Design Review: Partner with engineering and product teams to perform threat modeling for new and existing features. Identify potential risks early in the design phase and recommend security controls or design changes to mitigate threats. You will ensure security concerns are addressed from the inception of features through deployment
  • Secure Code Review: Conduct secure code reviews and security assessments on products and services built with Next.js, Node.js, and our serverless backend. You’ll uncover code-level vulnerabilities, provide actionable remediation guidance to developers, and establish best practices for secure coding across the engineering team
  • Open Source Security Management: Oversee Vercel’s open-source security efforts. This includes monitoring and coordinating fixes for vulnerabilities in third-party open-source packages we use (as a consumer) and ensuring the security of the open-source projects we maintain and publish (as a contributor/publisher, e.g. Next.js). You will work with maintainers and the community on responsible disclosure and patching of security issues in open-source code
  • SDLC Tooling & Automation: Evaluate, select, and integrate security tools into our Software Development Life Cycle. You will drive the implementation of automated security checks – for example, using GitHub Advanced Security (GHAS) and other static analysis, dependency scanning, and secret detection tools – directly in our CI/CD pipelines and GitHub workflows. By embedding security tooling into developer workflows, you will help catch issues early and reduce manual effort
  • Bug Bounty Program Management: Own and expand Vercel’s bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues are promptly addressed, and coordinate cross-team efforts to remediate and learn from reported vulnerabilities. You’ll also work on making our bug bounty a world-class, researcher-friendly program, including refining policies, scope, and engagement to encourage high-quality submissions
  • Cross-Organizational Security Initiatives: Lead and contribute to security projects that span multiple teams and disciplines. For example, you might drive a company-wide upgrade to a more secure framework, implement a new authentication/authorization mechanism in collaboration with product teams, or roll out a security awareness program for engineers. You will act as a security champion across the org, aligning stakeholders from Engineering, DevOps, Product, and other groups to implement lasting security improvements
  • Customer-Facing Security Support: Work closely with customer success and product marketing on security-related initiatives that impact our users. This may involve contributing to security documentation and whitepapers, assisting with customer security questionnaires or audits by providing product security expertise, and communicating our security features and best practices to build customer trust in the platform

Skills

  • 5+ years of experience in a Product Security or Product Security role (or related field), with a track record of securing web products and services
  • Strong familiarity with JavaScript/TypeScript and Node.js runtime security
  • Demonstrated ability to perform threat modeling and architectural risk analysis for complex product
  • Hands-on experience with product security tooling such as static product security testing (SAST), dynamic testing (DAST), dependency vulnerability scanners, and CI/CD pipeline security integration
  • Knowledge of open-source security best practices
  • Exposure to running or participating in a bug bounty program or vulnerability disclosure process
  • Solid understanding of cloud architecture and serverless environments from a security perspective
  • Proven ability to drive security initiatives and influence engineering teams to adopt best practices
  • Have prior software development experience beyond security (e.g. as a frontend or backend engineer). Being able to empathize with developers and write or contribute code will help you integrate security seamlessly into development
  • Hold relevant security certifications or recognitions (for example, OSCP, OSWE, CISSP, or notable bug bounty hall of fame entries). These demonstrate your depth of knowledge, though they are not required
  • Experience with security policy-as-code or infrastructure as code security (for instance, using tools like Open Policy Agent, Terraform security checks, etc.). This shows you can bring security into the automation and infrastructure realm
  • Have built or implemented security features in a product (such as authentication systems, encryption, secure CI/CD pipelines) or contributed to security community projects/tools
  • Are an active participant in the security community (e.g., contributing to open source security projects, writing blog posts or research, attending or speaking at security conferences). A passion for continuous learning and sharing knowledge is always a plus on our team

Benefits

  • Competitive compensation package, including equity.
  • Inclusive Healthcare Package.
  • Learn and Grow - we provide mentorship and send you to events that help you build your network and skills.
  • Flexible Time Off.
  • We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed.

Company Overview

  • Vercel is a developer platform that provides cloud infrastructure services for the web. It was founded in 2015, and is headquartered in Covina, California, USA, with a workforce of 501-1000 employees. Its website is https://vercel.com.
  • Company H1B Sponsorship

  • Vercel has a track record of offering H1B sponsorships, with 5 in 2026, 4 in 2025, 2 in 2024, 5 in 2023, 5 in 2022. Please note that this does not guarantee sponsorship for this specific role.
  • More open positions

    [Remote] Security Engineer, Cloud

    Work from home Full-time role

    [Remote] Business Development Representative

    Work from home Full-time role

    [Remote] Sr Application Engineer Machine Tool Industry

    Work from home Full-time role

    [Remote] Senior DevOps Engineer (Go)

    Work from home Full-time role

    [Remote] Program Manager

    Work from home Full-time role

    SBA Product Business Development Officer Sr.

    Work from home Full-time role

    Experienced Customer Service Representative – Frontline Support for careerzynith's Bureau of Motor Vehicles

    Work from home Full-time role

    Senior Partner Manager - German & English speaking (REF5475E)

    Work from home Full-time role

    Business Development Director - Europe

    Work from home Full-time role

    Remote Data Entry & Virtual Assistant – Precision Data Management for careerzynith’s Global Entertainment Operations

    Work from home Full-time role

    Remote Entry-Level Online Customer Service Specialist – Customer Experience & Support Excellence at careerzynith

    Work from home Full-time role

    Senior Solutions Engineer Enterprise

    Work from home Full-time role

    Oasis Specialist/ICD-10 Coder (57727)

    Work from home Full-time role

    Experienced Part-time Customer Service Representative – Remote Opportunity with careerzynith

    Work from home Full-time role

    Insurance Agent - Kent, OH

    Work from home Full-time role

    Network/System Administrator (Specialist)

    Work from home Full-time role

    Hiring Now: Fully Remote ESL Teacher - West Virginia (Full-Time)

    Work from home Full-time role

    Intake Specialist - 1353 - Lima, Peru

    Work from home Full-time role

    IT Sales/Managed Services Sr Sales Executive - Healthcare Payer (Remote Seattle)

    Work from home Full-time role

    Financial Services Entrepreneur (Work Remote)(1099 Contractor)

    Work from home Full-time role

    Internal Communications & Strategic Alignment Specialist

    Work from home Full-time role