Product Security Engineer driving threat modeling, secure code review, open-source security, SDLC tooling, and bug bounty management for Vercel's web platform built on Next.js and Node.js. Requires 5+ years securing web products with strong JavaScript/Node.js and cloud security expertise.
Threat Modeling & Design Review: Partner with engineering and product teams to perform threat modeling for new and existing features. Identify potential risks early in the design phase and recommend security controls or design changes to mitigate threats.
Secure Code Review: Conduct secure code reviews and security assessments on products and services built with Next.js, Node.js, and serverless backend. Uncover code-level vulnerabilities, provide actionable remediation guidance to developers, and establish best practices for secure coding.
Open Source Security Management: Oversee Vercel’s open-source security efforts. Monitor and coordinate fixes for vulnerabilities in third-party open-source packages. Ensure the security of open-source projects maintained and published (e.g., Next.js). Work with maintainers and the community on responsible disclosure and patching.
SDLC Tooling & Automation: Evaluate, select, and integrate security tools into the Software Development Life Cycle. Drive implementation of automated security checks using GitHub Advanced Security (GHAS), static analysis, dependency scanning, and secret detection tools in CI/CD pipelines and GitHub workflows.
Bug Bounty Program Management: Own and expand Vercel’s bug bounty program. Triage and validate incoming vulnerability reports, ensure critical issues are promptly addressed, and coordinate cross-team remediation efforts. Refine policies, scope, and engagement to encourage high-quality submissions.
Cross-Organizational Security Initiatives: Lead and contribute to security projects spanning multiple teams. Drive company-wide upgrades to secure frameworks, implement new authentication/authorization mechanisms, or roll out security awareness programs. Act as a security champion across the organization.
Customer-Facing Security Support: Work with customer success and product marketing on security-related initiatives. Contribute to security documentation and whitepapers, assist with customer security questionnaires or audits, and communicate security features to build customer trust.
IT Security Operations Engineer responsible for implementing DLP, email security, endpoint protection, Okta/Google Workspace hardening, automation, compliance evidence collection, and incident response in a hybrid healthcare AI startup.
Build and maintain security automation pipelines, AI agents, SOAR/SIEM integrations, vulnerability management, and IAM systems for a sports prediction market platform.
Security Engineer II responsible for monitoring security alerts, responding to incidents, administering enterprise security tools, and supporting cloud and identity security initiatives. Requires 3+ years in cybersecurity or related fields with strong scripting and troubleshooting skills.
Security Engineer II responsible for monitoring and responding to security alerts, administering enterprise security tools, supporting vulnerability and IAM programs, and securing cloud environments. Requires 3+ years in cybersecurity or related fields and scripting experience.