Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Product Security Engineer

$208k - $312k

Vercel Corp

About Vercel:

Vercel is the agentic infrastructure company. We free people and agents to ship what's next.

For more than a decade, Vercel has shaped how the web is built. As the team behind Next.js, v0, and AI SDK, we create products that help builders move from idea to production with speed, security, and exceptional developer experience.

Now, software is entering a new era, and the next generation of products will not just be used by people. They will be built, extended, and operated by agents.

We are building the platform for that future, trusted by companies like OpenAI, PayPal, Ramp, Supreme, and millions of developers worldwide . Whether you're building our products, supporting our customers, growing our community, or shaping our story, you'll help define what comes next.

About the Role:

We are looking for a Product Security Engineer to join our security team to drive critical product security initiatives across Vercel's products and platform. Your core focus will be on threat modeling, open-source software security, secure code review, SDLC tooling, and bug bounty program management. You will support both our internal product engineering teams and customer-facing security programs, ensuring that security is embedded throughout our development lifecycle and that our platform earns the trust of developers and end-users alike.

As a senior member of the team, you will lead cross-organizational security projects and champion a security-first culture within Vercel's engineering organization. This is a high-impact role with broad scope - your work will not only secure Vercel's core infrastructure and products (built with Next.js, Node.js, and serverless architecture), but also influence the security of the open-source ecosystems we contribute to.

If you're based within a pre-determined commuting distance of one of our offices (SF, NY, London, or Berlin), the role includes in-office anchor days on Monday, Tuesday, and Friday. If you're located beyond that distance, the role is fully remote. For location-specific details, please connect with our recruiting team.
What You Will Do:
  • Threat Modeling & Design Review: Partner with engineering and product teams to perform threat modeling for new and existing features. Identify potential risks early in the design phase and recommend security controls or design changes to mitigate threats. You will ensure security concerns are addressed from the inception of features through deployment.
  • Secure Code Review: Conduct secure code reviews and security assessments on products and services built with Next.js, Node.js, and our serverless backend. You'll uncover code-level vulnerabilities, provide actionable remediation guidance to developers, and establish best practices for secure coding across the engineering team.
  • Open Source Security Management: Oversee Vercel's open-source security efforts. This includes monitoring and coordinating fixes for vulnerabilities in third-party open-source packages we use (as a consumer) and ensuring the security of the open-source projects we maintain and publish (as a contributor/publisher, e.g. Next.js). You will work with maintainers and the community on responsible disclosure and patching of security issues in open-source code.
  • SDLC Tooling & Automation: Evaluate, select, and integrate security tools into our Software Development Life Cycle. You will drive the implementation of automated security checks - for example, using GitHub Advanced Security (GHAS) and other static analysis, dependency scanning, and secret detection tools - directly in our CI/CD pipelines and GitHub workflows. By embedding security tooling into developer workflows, you will help catch issues early and reduce manual effort.
  • Bug Bounty Program Management: Own and expand Vercel's bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues are promptly addressed, and coordinate cross-team efforts to remediate and learn from reported vulnerabilities. You'll also work on making our bug bounty a world-class, researcher-friendly program, including refining policies, scope, and engagement to encourage high-quality submissions.
  • Cross-Organizational Security Initiatives: Lead and contribute to security projects that span multiple teams and disciplines. For example, you might drive a company-wide upgrade to a more secure framework, implement a new authentication/authorization mechanism in collaboration with product teams, or roll out a security awareness program for engineers. You will act as a security champion across the org, aligning stakeholders from Engineering, DevOps, Product, and other groups to implement lasting security improvements.
  • Customer-Facing Security Support: Work closely with customer success and product marketing on security-related initiatives that impact our users. This may involve contributing to security documentation and whitepapers, assisting with customer security questionnaires or audits by providing product security expertise, and communicating our security features and best practices to build customer trust in the platform.
About You:
  • Experienced Security Engineer: You have 5+ years of experience in an Product Security or Product Security role (or related field), with a track record of securing web products and services. You're well-versed in the fundamentals of product security and have hands-on experience finding and fixing vulnerabilities.
  • Web Tech Stack Proficiency: Strong familiarity with JavaScript/TypeScript and Node.js runtime security. Experience with modern web frameworks (ideally Next.js or React and Node-based frameworks) and understanding of their security considerations. You can read and review code in these technologies to spot security flaws.
  • Threat Modeling & SDLC Expertise: Demonstrated ability to perform threat modeling and architectural risk analysis for complex product. You understand how to integrate security into a fast-paced SDLC without slowing it down. Experience implementing or working with secure development lifecycle practices (secure design, code review, pentesting, etc.) is required.
  • Security Tools & Automation: Hands-on experience with product security tooling such as static product security testing (SAST), dynamic testing (DAST), dependency vulnerability scanners, and CI/CD pipeline security integration. Familiarity with GitHub Advanced Security or similar tools for code scanning and secret detection is a strong plus.
  • Open Source and Supply Chain Security: Knowledge of open-source security best practices. You have experience dealing with open-source dependencies and package management security (e.g., handling vulnerability advisories, using tools like Dependabot or Snyk). Bonus if you have contributed to or maintained open-source projects, especially security-related ones.
  • Bug Bounty & Vulnerability Management: Exposure to running or participating in a bug bounty program or vulnerability disclosure process. You know how to assess externally reported issues, reproduce and validate vulnerabilities, and coordinate fixes. You stay up-to-date on the latest vulnerabilities (OWASP Top 10, emerging threats) and methods to mitigate them.
  • Cloud & Serverless Security Understanding: Solid understanding of cloud architecture and serverless environments from a security perspective. You are familiar with securing products on cloud platforms (e.g., securing serverless functions, protecting APIs, managing secrets and keys). Experience with related cloud security concepts or tools is a plus.
  • Technical Leadership: Proven ability to drive security initiatives and influence engineering teams to adopt best practices. You can work cross-functionally to achieve security goals - for example, rolling out a new security tool or standard across many engineers. (While we emphasize technical skills, this senior role requires you to effectively communicate and lead within the organization to get things done.)
Bonus If You:
  • Have prior software development experience beyond security (e.g. as a frontend or backend engineer). Being able to empathize with developers and write or contribute code will help you integrate security seamlessly into development.
  • Hold relevant security certifications or recognitions (for example, OSCP, OSWE, CISSP, or notable bug bounty hall of fame entries). These demonstrate your depth of knowledge, though they are not required.
  • Experience with security policy-as-code or infrastructure as code security (for instance, using tools like Open Policy Agent, Terraform security checks, etc.). This shows you can bring security into the automation and infrastructure realm.
  • Have built or implemented security features in a product (such as authentication systems, encryption, secure CI/CD pipelines) or contributed to security community projects/tools.
  • Are an active participant in the security community (e.g., contributing to open source security projects, writing blog posts or research, attending or speaking at security conferences). A passion for continuous learning and sharing knowledge is always a plus on our team.
Benefits:
  • Competitive compensation package, including equity.
  • Inclusive Healthcare Package.
  • Learn and Grow - we provide mentorship and send you to events that help you build your network and skills.
  • Flexible Time Off.
  • We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed.

The San Francisco, CA base pay range for this role is $208,000.00 - $312,000.00. Actual salary will be based on job-related skills, experience, and location. Compensation outside of San Francisco may be adjusted based on employee location. The total compensation package may include benefits, equity-based compensation, and eligibility for a company bonus or variable pay program depending on the role. Your recruiter can share more details during the hiring process.


Vercel is committed to fostering and empowering an inclusive community within our organization. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Vercel encourages everyone to apply for our available positions, even if they don't necessarily check every box on the job description.
Vacancy posted 3 days ago
Similar jobs that could be interesting for youBased on the Product Security Engineer in United States vacancy
  • $140k - $165k

     ...fuels. Our solutions accelerate the transition to clean energy and save money for energy customers. We are seeking a Senior Product Security Engineer to join our team and help us achieve our ambitious goals for our business and the planet. How you will make an impact:... 
    Suggested
    Local area
    Flexible hours
    Shift work

    upLIGHT

    New York, NY
    2 days ago
  •  ...Join Hologic's mission to drive a Secure by Design culture within our Breast&Skeletal Health Connected Health products. As a Senior Product Security Engineer , you will play a pivotal role in ensuring the security and integrity of our innovative healthcare solutions. If... 
    Suggested
    Remote work

    Stryker

    Marlborough, MA
    1 day ago
  • $180k - $258k

     ...Curious to learn more about our story? Check out this blog post written by our founders. Role Overview We are looking for a Product Security Engineer to join our team and act as a champion for security within our product engineering organization. You will be responsible... 
    Suggested
    Shift work

    Candid Group

    New York, NY
    3 days ago
  • $150k - $200k

     ...compounding interest. Affirm values information security as a critical part of the company’s...  ...to succeed in building honest financial products. The Security team posture increases...  ...who need it! The Senior Product Security Engineer candidate will have experience building... 
    Suggested
    Work at office
    Remote work
    Flexible hours

    Affirm

    New York, NY
    2 days ago
  • $188k - $282k

     ...inflection point. With 1500+ customers in 60+ countries, strong product-market fit, and world-class investor support, we’re...  ...just getting started. Role Overview As a Senior Software Engineer on the Product Security team at Harvey, you'll be a key technical contributor... 
    Suggested
    Work experience placement

    Harvey

    San Francisco, CA
    3 days ago
  • $170k - $200k

     ...capabilities essential for mission success. Overland AI has secured funding from prominent defense tech investors including 8VC...  .... Role Summary We are looking for a mission‑driven Product Security Engineer to embed security into the entire lifecycle of our cutting‑... 
    Contract work

    Overland AI Inc

    Seattle, WA
    19 hours ago
  • $168k - $280k

     ...one of America’s best startup employers by Forbes. About the Role We’re looking for a hands‑on staff security engineer to play a key role in building Rippling’s Product Security program. As an early member of the team, you’ll have a meaningful impact on the security program... 
    Work at office
    Relocation
    3 days per week
    1 day per week

    Rippling

    San Francisco, CA
    1 day ago
  • $123.55k - $142k

     ...Location Indianapolis, IN Responsibilities Serve as security point of contact for software, firmware, and physical product development teams across the enterprise,...  ...modern technologies. College degree in Computer Engineering, Computer Science, Software Engineering,... 
    Temporary work
    Flexible hours

    Interflex Datensysteme GesmbH

    Golden, CO
    4 days ago
  •  ...Provide consulting and advisory services to engineering teams heavily focused on automotive...  ..., and reproduce vulnerabilities, design secure protocols and systems, and write tests and...  ...new and novel attack vectors against products and services Review, develop and document... 
    Work experience placement

    National Asset Mgmt Incorporated

    Phoenix, AZ
    3 days ago
  •  ...At 7AI, security is foundational to everything we build. Our customers trust us with some of their most sensitive data, and...  ...platform must earn that trust every day. We are seeking a Senior Product Security Engineer to join our Platform team. In this role, you will help... 

    Seven AI

    Boston, MA
    4 days ago
  • $100k - $110k

     ...Product Security Engineer Full Time Indirect Labor Dallas, TX, US 5 days ago Requisition ID: 2188 Salary Range: $100,000.00 To $110,000.00 Annually We are seeking an experienced Product Security Engineer to safeguard the confidentiality and integrity of intellectual property... 
    Full time
    Temporary work
    For subcontractor
    Local area
    Flexible hours

    Cartamundi -Dallas,TX

    Dallas, TX
    19 hours ago
  •  ...SR. PRODUCT SECURITY ENGINEER (STARLINK) the company was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today the company is actively developing the technologies to make this possible... 
    Permanent employment
    Worldwide
    Flexible hours
    Weekend work

    United States Digital Space LLC

    Bastrop, TX
    2 days ago
  • $122.9k - $216.3k

     ...The Opportunity Adobe’s Security Partnership Product Engineering (SPPE) team is hiring a mid-level engineer to build the AI-powered platforms that help secure our products. The team’s tools include a threat modeling capability that delivers analysis in seconds and a new... 

    Adobe Systems Inc

    New York, NY
    3 days ago
  •  ...without the need for current or future sponsorship. Come join the Exposure Defense & Monitoring team within Navy Federal's Product Security Group. In this role, you will deliver on a dynamic team responsible for security testing, continuous threat discovery and... 
    Internship
    Monday to Friday
    Shift work

    Navy Federal Credit Union

    Vienna, VA
    11 hours ago
  •  ...Building and operating a modern security tooling pipeline, the full-time Senior Product Security Engineer will establish and maintain SDLC security infrastructure while ensuring seamless integration and automation within engineering workflows in a remote environment. Key... 
    Full time
    Remote work

    BeyondTrust

    New York, NY
    1 day ago
  • $117k - $146k

     ...Overview As an Offensive Product Security Engineer, you will play a critical role in safeguarding our products by identifying and mitigating security vulnerabilities. You will conduct comprehensive security assessments, including penetration testing, threat modeling, and... 
    Full time
    Temporary work
    Work experience placement
    Remote work
    Flexible hours

    Origami Risk

    New York, NY
    19 hours ago
  •  ...identity verification infrastructure where security isn't a layer we add later, it's core to...  ...compromised. As AI tooling expands what engineers can build and how fast they can build it...  ...problem. What you'll work on This is a product security role embedded in a generalist... 
    Full time
    For contractors
    Internship
    Relocation package

    Persona

    San Francisco, CA
    3 days ago
  • $500 per month

     ...use data. Come be a part of our journey! About the team The Security Team is responsible for providing key security capabilities...  ...processes and tooling, with focus on supporting our engineering and product teams in improving the security posture of our platforms and... 
    Local area
    Remote work
    Home office
    Flexible hours

    ClickHouse

    New York, NY
    19 hours ago
  • $137.86k - $250k

     ...time - safely creating abundance for all. About the Team The Security Engineering team is responsible for protecting our robots,...  ...into how we build and operate humanoid robotics systems. The Product Security team focuses on the end-to-end security of NEO itself... 
    Temporary work
    Local area
    Remote work
    Work from home
    Flexible hours

    1x

    San Carlos, CA
    1 day ago
  • $106k - $135.9k

     ...Product Security Engineer – Hazelwood, MO Mid-tier Product Security Engineer supporting the Department of Navy Tomahawk Land-Attack Missile program. The role leads the development, implementation, and sustainment of product security and resiliency across the product lifecycle... 
    Work experience placement
    Relocation
    Visa sponsorship
    Work visa
    Relocation package
    Flexible hours
    Shift work

    Boeing

    Hazelwood, MO
    2 days ago
  • $156k - $253k

     ...ABOUT THE TEAM We\'re seeking a product security engineer to own security for assigned products in your technical domain, provide expert consultation on security architectures, guide implementation of security features, develop solutions engineering for complex security... 
    Full time
    Work experience placement
    Relocation package

    Slope

    Costa Mesa, CA
    4 days ago
  • $45 - $50 per hour

     ...Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for external vulnerability reports submitted through the program, working... 
    Contract work
    Temporary work

    TEKsystems

    Lehi, UT
    1 day ago
  • $215k - $230k

     ...the power to change our trajectory. The Security team is responsible for and committed to...  ...are looking for an Application Security Engineer to build mission-critical infrastructure...  ...performance, and application security at TRM for products as built and deployed. From designing... 
    Summer work
    Immediate start

    Crypto Pro Network

    New York, NY
    2 days ago
  •  ...identity verification infrastructure where security isn't a layer we add later, it's core to...  ...compromised. As AI tooling expands what engineers can build and how fast they can build it...  ...scale security across every team and product. Partner with product engineers to shape... 
    Full time
    For contractors
    Internship
    Relocation package

    Persona

    San Francisco, CA
    4 days ago
  •  ...The Product Security Engineer conducts comprehensive security assessments on mobile applications, IoT hardware/firmware, compiled software, and browser extensions. The role involves identifying vulnerabilities, developing mitigation strategies, and collaborating with cross... 

    Inmar

    Winston Salem, NC
    3 days ago
  • $156k - $253k

     ...computer vision, sensor fusion, and networking technology to the military in months, not years. ABOUT THE TEAM We're seeking a product security engineer to own security for assigned products in your technical domain, provide expert consultation on security architectures,... 
    Full time
    Work experience placement
    Immediate start

    Anduril Industries

    Seattle, WA
    4 days ago
  • $160k - $240k

     ...Astranis satellites provide dedicated, secure networks to highly-sophisticated customers...  ...and Fidelity, and employs a team of 450 engineers and entrepreneurs. Astranis designs,...  ...in Northern California, USA. Senior Product Security Engineer As a Senior Product... 
    Permanent employment
    Flexible hours

    Astranis

    San Francisco, CA
    1 day ago
  •  ...Thecentermemphis is seeking a Senior Cyber Security Analyst who will be a key technical contributor on the Product Security team. This role involves creating cyber-intelligence solutions to prevent attacks and drive security practices. The candidate must have a Bachelor... 

    Thecentermemphis

    Memphis, TN
    19 hours ago
  •  ...As an Experienced Product Security Engineer at Plaid, you'll be a trusted advisor, collaborating closely with engineering and product teams to ensure security is a cornerstone of every product. You'll partner with leadership to shape product strategy, advocate for strong... 
    Work experience placement
    Local area

    PLAID

    New York, NY
    3 days ago
  • $45 - $50 per hour

     ...Description About the Role Product Security Engineer to support our Bug Bounty program on a 6-month contract engagement, backfilling a team member on leave. You will be the frontline responder for external vulnerability reports submitted through the program, working closely... 
    Contract work
    Temporary work

    TEKsystems c/o Allegis Group

    Lehi, UT
    4 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Product Security Engineer. Be the first to apply!