FreeHire

Vercel

Product Security Engineer

Show

You will partner with engineering and product teams to perform threat modeling for new and existing features, conduct secure code reviews on Next.js Node.js and serverless backends, oversee open source security including third party packages, and drive security tooling across the SDLC. You will lead cross organizational security initiatives and support customer facing security efforts to help protect the platform.

Responsibilities

  • Threat modeling and design review for new and existing features
  • Secure code reviews and security assessments on products and services built with Next.js, Node.js, and serverless backend; provide actionable remediation guidance
  • Open source security management including monitoring fixes for vulnerabilities in third party packages and contributing to/open source projects we publish
  • SDLC tooling and automation to drive automated security checks in CI/CD pipelines and GitHub workflows
  • Bug bounty program management including triage, validation, remediation coordination, and policy/scope refinement
  • Cross-organizational security initiatives to drive security improvements across Engineering DevOps Product and other groups
  • Customer facing security support including security documentation questionnaires and audits

Requirements

  • 5+ years of experience in Product Security or related field
  • Strong proficiency with JavaScript TypeScript and Node.js runtime security with experience in Next.js or React
  • Experience performing threat modeling and architectural risk analysis and integrating secure development lifecycle practices
  • Hands on experience with security tooling such as SAST DAST dependency scanners and CI/CD security integration; familiarity with GitHub Advanced Security
  • Knowledge of open source security best practices and experience with vulnerability advisories and tools like Dependabot or Snyk; contributing to or maintaining open source security projects is a plus
  • Experience with bug bounty programs and vulnerability management
  • Solid understanding of cloud and serverless security
  • Technical leadership ability to drive security initiatives and influence engineering teams cross-functionally

Benefits

  • Competitive compensation package, including equity
  • Inclusive Healthcare Package
  • Learn and Grow - mentorship and events to build your network and skills
  • Flexible Time Off
  • WFH gear budget to outfit your space as needed