Security Program Manager
Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.
Product Security Engineer driving threat modeling, secure code review, open-source security, SDLC tooling, and bug bounty management for Vercel's web platform built on Next.js and Node.js. Requires 5+ years securing web products with strong JavaScript/Node.js and cloud security expertise.
Threat Modeling & Design Review: Partner with engineering and product teams to perform threat modeling for new and existing features. Identify potential risks early in the design phase and recommend security controls or design changes to mitigate threats.
Secure Code Review: Conduct secure code reviews and security assessments on products and services built with Next.js, Node.js, and serverless backend. Uncover code-level vulnerabilities, provide actionable remediation guidance to developers, and establish best practices for secure coding.
Open Source Security Management: Oversee Vercel’s open-source security efforts. Monitor and coordinate fixes for vulnerabilities in third-party open-source packages. Ensure the security of open-source projects maintained and published (e.g., Next.js). Work with maintainers and the community on responsible disclosure and patching.
SDLC Tooling & Automation: Evaluate, select, and integrate security tools into the Software Development Life Cycle. Drive implementation of automated security checks using GitHub Advanced Security (GHAS), static analysis, dependency scanning, and secret detection tools in CI/CD pipelines and GitHub workflows.
Bug Bounty Program Management: Own and expand Vercel’s bug bounty program. Triage and validate incoming vulnerability reports, ensure critical issues are promptly addressed, and coordinate cross-team remediation efforts. Refine policies, scope, and engagement to encourage high-quality submissions.
Cross-Organizational Security Initiatives: Lead and contribute to security projects spanning multiple teams. Drive company-wide upgrades to secure frameworks, implement new authentication/authorization mechanisms, or roll out security awareness programs. Act as a security champion across the organization.
Customer-Facing Security Support: Work with customer success and product marketing on security-related initiatives. Contribute to security documentation and whitepapers, assist with customer security questionnaires or audits, and communicate security features to build customer trust.
Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.
Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.
Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.
Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.
Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.