Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Product Security Engineer

$208k - $312k

Vercel Corp

About the Role: We are looking for a Product Security Engineer to join our security team to drive critical product security initiatives across Vercel’s products and platform. Your core focus will be on threat modeling, open-source software security, secure code review, SDLC tooling, and bug bounty program management. You will support both our internal product engineering teams and customer-facing security programs, ensuring that security is embedded throughout our development lifecycle and that our platform earns the trust of developers and end-users alike. As a senior member of the team, you will lead cross-organizational security projects and champion a security-first culture within Vercel’s engineering organization. This is a high-impact role with broad scope – your work will not only secure Vercel’s core infrastructure and products (built with Next.js, Node.js, and serverless architecture), but also influence the security of the open-source ecosystems we contribute to. If you’re based within a pre-determined commuting distance of one of our offices (SF, NY, London, or Berlin), the role includes in-office anchor days on Monday, Tuesday, and Friday. If you're located beyond that distance, the role is fully remote. For location-specific details, please connect with our recruiting team. What You Will Do: Threat Modeling & Design Review: Partner with engineering and product teams to perform threat modeling for new and existing features. Identify potential risks early in the design phase and recommend security controls or design changes to mitigate threats. You will ensure security concerns are addressed from the inception of features through deployment. Secure Code Review: Conduct secure code reviews and security assessments on products and services built with Next.js, Node.js, and our serverless backend. You’ll uncover code-level vulnerabilities, provide actionable remediation guidance to developers, and establish best practices for secure coding across the engineering team. Open Source Security Management: Oversee Vercel’s open-source security efforts. This includes monitoring and coordinating fixes for vulnerabilities in third-party open-source packages we use (as a consumer) and ensuring the security of the open-source projects we maintain and publish (as a contributor/publisher, e.g. Next.js). You will work with maintainers and the community on responsible disclosure and patching of security issues in open-source code. SDLC Tooling & Automation: Evaluate, select, and integrate security tools into our Software Development Life Cycle. You will drive the implementation of automated security checks – for example, using GitHub Advanced Security (GHAS) and other static analysis, dependency scanning, and secret detection tools – directly in our CI/CD pipelines and GitHub workflows. By embedding security tooling into developer workflows, you will help catch issues early and reduce manual effort. Bug Bounty Program Management: Own and expand Vercel’s bug bounty program. You will triage and validate incoming vulnerability reports from the security researcher community, ensure critical issues are promptly addressed, and coordinate cross-team efforts to remediate and learn from reported vulnerabilities. You’ll also work on making our bug bounty a world‑class, researcher‑friendly program, including refining policies, scope, and engagement to encourage high‑quality submissions. Cross‑Organizational Security Initiatives: Lead and contribute to security projects that span multiple teams and disciplines. For example, you might drive a company‑wide upgrade to a more secure framework, implement a new authentication/authorization mechanism in collaboration with product teams, or roll out a security awareness program for engineers. You will act as a security champion across the org, aligning stakeholders from Engineering, DevOps, Product, and other groups to implement lasting security improvements. Customer‑Facing Security Support: Work closely with customer success and product marketing on security‑related initiatives that impact our users. This may involve contributing to security documentation and whitepapers, assisting with customer security questionnaires or audits by providing product security expertise, and communicating our security features and best practices to build customer trust in the platform. About You: Experienced Security Engineer: You have 5+ years of experience in a Product Security or related role, with a track record of securing web products and services. You’re well‑versed in the fundamentals of product security and have hands‑on experience finding and fixing vulnerabilities. Web Tech Stack Proficiency: Strong familiarity with JavaScript/TypeScript and Node.js runtime security. Experience with modern web frameworks (ideally Next.js or React and Node‑based frameworks) and understanding of their security considerations. You can read and review code in these technologies to spot security flaws. Threat Modeling & SDLC Expertise: Demonstrated ability to perform threat modeling and architectural risk analysis for complex product. You understand how to integrate security into a fast‑paced SDLC without slowing it down. Experience implementing or working with secure development lifecycle practices (secure design, code review, pentesting, etc.) is required. Security Tools & Automation: Hands‑on experience with product security tooling such as static product security testing (SAST), dynamic testing (DAST), dependency vulnerability scanners, and CI/CD pipeline security integration. Familiarity with GitHub Advanced Security or similar tools for code scanning and secret detection is a strong plus. Open Source and Supply Chain Security: Knowledge of open‑source security best practices. You have experience dealing with open‑source dependencies and package management security (e.g., handling vulnerability advisories, using tools like Dependabot or Snyk). Bonus if you have contributed to or maintained open‑source projects, especially security‑related ones. Bug Bounty & Vulnerability Management: Exposure to running or participating in a bug bounty program or vulnerability disclosure process. You know how to assess externally reported issues, reproduce and validate vulnerabilities, and coordinate fixes. You stay up‑to‑date on the latest vulnerabilities (OWASP Top 10, emerging threats) and methods to mitigate them. Cloud & Serverless Security Understanding: Solid understanding of cloud architecture and serverless environments from a security perspective. You are familiar with securing products on cloud platforms (e.g., securing serverless functions, protecting APIs, managing secrets and keys). Experience with related cloud security concepts or tools is a plus. Technical Leadership: Proven ability to drive security initiatives and influence engineering teams to adopt best practices. You can work cross‑functionally to achieve security goals – for example, rolling out a new security tool or standard across many engineers. (While we emphasize technical skills, this senior role requires you to effectively communicate and lead within the organization to get things done.) Bonus If You: Have prior software development experience beyond security (e.g. as a frontend or backend engineer). Being able to empathize with developers and write or contribute code will help you integrate security seamlessly into development. Hold relevant security certifications or recognitions (for example, OSCP, OSWE, CISSP, or notable bug bounty hall of fame entries). These demonstrate your depth of knowledge, though they are not required. Experience with security policy‑as‑code or infrastructure as code security (for instance, using tools like Open Policy Agent, Terraform security checks, etc.). This shows you can bring security into the automation and infrastructure realm. Have built or implemented security features in a product (such as authentication systems, encryption, secure CI/CD pipelines) or contributed to security community projects/tools. Are an active participant in the security community (e.g., contributing to open source security projects, writing blog posts or research, attending or speaking at security conferences). A passion for continuous learning and sharing knowledge is always a plus on our team. Benefits: Competitive compensation package, including equity. Inclusive Healthcare Package. Learn and Grow – we provide mentorship and send you to events that help you build your network and skills. Flexible Time Off. We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed. The San Francisco, CA base pay range for this role is $208,000.00 – $312,000.00. Actual salary will be based on job‑related skills, experience, and location. Compensation outside of San Francisco may be adjusted based on employee location. The total compensation package may include benefits, equity‑based compensation, and eligibility for a company bonus or variable pay program depending on the role. Your recruiter can share more details during the hiring process. Vercel is committed to fostering and empowering an inclusive community within our organization. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Vercel encourages everyone to apply for our available positions, even if they don't necessarily check every box on the job description. #J-18808-Ljbffr Vercel Corp

Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the Product Security Engineer in San Francisco, CA vacancy
  •  ...identity verification infrastructure where security isn't a layer we add later, it's core to...  ...compromised. As AI tooling expands what engineers can build and how fast they can build it...  ...scale security across every team and product. Partner with product engineers to shape... 
    Suggested
    Full time
    For contractors
    Internship
    Relocation package

    Persona

    San Francisco, CA
    2 days ago
  •  ...identity verification infrastructure where security isn't a layer we add later, it's core to...  ...compromised. As AI tooling expands what engineers can build and how fast they can build it...  ...problem. What you'll work on This is a product security role embedded in a generalist... 
    Suggested
    Full time
    For contractors
    Internship
    Relocation package

    Persona

    San Francisco, CA
    1 day ago
  • $160k - $240k

     ...Astranis satellites provide dedicated, secure networks to highly-sophisticated customers...  ...and Fidelity, and employs a team of 450 engineers and entrepreneurs. Astranis designs,...  ...in Northern California, USA. Senior Product Security Engineer As a Senior Product... 
    Suggested
    Permanent employment
    Flexible hours

    Astranis

    San Francisco, CA
    4 days ago
  • $188k - $282k

     ...inflection point. With 1500+ customers in 60+ countries, strong product-market fit, and world-class investor support, we’re...  ...just getting started. Role Overview As a Senior Software Engineer on the Product Security team at Harvey, you'll be a key technical contributor... 
    Suggested
    Work experience placement

    Harvey

    San Francisco, CA
    1 day ago
  • $130k - $215k

     ...Astranis satellites provide dedicated, secure networks to highly-sophisticated customers...  ...and Fidelity, and employs a team of 450 engineers and entrepreneurs. Astranis designs,...  ...headquarters in Northern California, USA. Product Security Engineer As a Product... 
    Suggested
    Permanent employment
    Flexible hours

    Astranis

    San Francisco, CA
    3 days ago
  • $144.8k - $261.45k

     ...one of the world's most innovative software companies whose products touch billions of people around the world, Adobe empowers everyone...  ...big idea could be yours. The Opportunity The Adobe Security Engineering Partnerships (SEP) team is seeking a Senior Product Security... 
    Temporary work
    Local area
    Worldwide

    Adobe

    San Francisco, CA
    4 days ago
  • $168k - $280k

     ...only be sent from @Rippling.com addresses. About The Role We're looking for a hands-on staff security engineer to play a key role in building Rippling's Product Security program. Rippling's product's scope provides a unique set of security challenges, but our management... 
    Work at office
    Relocation
    3 days per week
    1 day per week

    Rippling

    San Francisco, CA
    1 day ago
  • $130k - $180k

     ...About the role We are looking for an early-career Security Engineer to join our Product Security team, someone who has a builder's mindset, is eager to learn, and is excited to contribute to both planned initiatives and dynamic, real-time security needs with enough... 
    Full time
    Work at office
    Local area
    Remote work
    Night shift

    Chime Financial, Inc

    San Francisco, CA
    2 days ago
  • $187k - $260k

     ...organizations, including 80% of the Fortune 100, rely on Airtable to transform how work gets done. Join Airtable as a Product Security Engineer and play a pivotal role in shaping the security of our rapidly evolving platform as we expand our AI and LLM-powered offerings... 
    For contractors
    Live in
    Remote work

    Airtable

    San Francisco, CA
    26 days ago
  • $175k - $215k

     ...and we're looking for someone to make sure it's built securely from the ground up. As part of the Product Security team, you won't just be securing the future, you'll be building it, working closely with engineering teams, shipping production code, designing secure architectures... 
    Temporary work

    Crusoe

    San Francisco, CA
    1 day ago
  • $180k - $258k

     ...more about our story? Check out this blog post written by our founders. Role Overview We are looking for a Product Security Engineer to join our team and act as a champion for security within our product engineering organization. You will be responsible for... 
    Shift work

    Candid Health

    San Francisco, CA
    2 days ago
  • $125.64k

     ...Product Security Engineer Chime is looking for an early-career Security Engineer to join their Product Security team. This role requires someone with a builder's mindset, eager to learn and excited to contribute to both planned initiatives and dynamic, real-time security... 
    Full time

    Softbank Investment Advisers

    San Francisco, CA
    2 hours ago
  • $225k - $275k

     ...hidden fees or compounding interest. Affirm values information security as a critical part of the company’s continued success. Our mission...  ..., enabling the company to succeed in building honest financial products. The Security team posture increases security and reduces risk... 
    Casual work
    Work at office
    Remote work
    Flexible hours

    Affirm

    San Francisco, CA
    2 days ago
  • $50 per hour

     ...computational biology. About This Role Crusoe Security & Compliance is hiring a Senior/Staff Application Security Engineer to play a critical role in ensuring the security...  ...of our security posture, making our products safer and our customers' data more secure. A Day... 
    Temporary work

    ProducePay

    San Francisco, CA
    1 day ago
  • $276k - $320k

     ...real human while preserving privacy. Our products make this possible: the Orb verifies...  ...hardware, software, AI, cryptography, mobile engineering, and global operations. Our teams come...  ...Unwrapped event. About The Team The Security team at Tools for Humanity operates at a... 
    Flexible hours

    Tools for Humanity

    San Francisco, CA
    2 days ago
  • $235k - $275k

     ...Code Red is partnered with a unicorn FinTech in SF to bring on a Staff Product Security Engineer . This will be a foundational hire within a small, high‑impact security org that supports a global organization in hypergrowth mode. Base Pay Range $235,000.00/yr -... 
    Full time

    Code Red Partners

    San Francisco, CA
    1 day ago
  • $272k - $320k

     ...empower, and be owned by everyone. About the Security team: Well beyond “regular company...  ...and software security. The team of 15+ engineers helps guide, blockchain, device, cloud,...  ...complex security challenges throughout our product lifecycle. As a key architect of our security... 
    Flexible hours

    Multicoin

    San Francisco, CA
    2 days ago
  •  ...the workplace. The Role Maintaining the security and privacy of our users is paramount. As...  ...role offers an opportunity to apply engineering and security skills to make a direct impact...  ...compliance posture. This role is part of the Product Security (ProdSec) team, reports to the... 
    Full time
    Remote work
    Flexible hours

    Modern Health

    San Francisco, CA
    2 days ago
  • $180k - $247k

     ...Secure Every Identity, from AI to Human Identity is the key to unlocking the potential of AI. Okta secures AI by building...  ...building a world where Identity belongs to you. The Staff Product Security Engineer Opportunity The Security team's mission is to... 
    Local area
    Remote work
    Worldwide
    Flexible hours

    Okta, Inc.

    San Francisco, CA
    4 days ago
  • $250k - $285k

     ...Staff Product Security Engineer Crusoe is on a mission to accelerate the abundance of energy and intelligence. As the only vertically integrated AI infrastructure company built from the ground up, we own and operate each layer of the stack — from electrons to tokens... 
    Temporary work

    Crusoe

    San Francisco, CA
    3 days ago
  • $220k - $330k

     ...inflection point. With 1500+ customers in 60+ countries, strong product-market fit, and world-class investor support, we’re...  ...just getting started. ROLE OVERVIEW As a Staff Software Engineer on the Product Security team at Harvey, you'll play a critical role in shaping how... 
    Work experience placement

    Harvey

    San Francisco, CA
    20 hours ago
  •  ...Staff Product Security Engineer at Airwallex Airwallex is the only unified payments and financial platform for global businesses. Powered by our unique combination of proprietary infrastructure and software, we empower over 200,000 businesses worldwide – including Brex... 
    Worldwide

    Airwallex

    San Francisco, CA
    20 hours ago
  • Rippling is looking for a hands-on staff security engineer based in San Francisco, CA. You will play a key role in building the Product Security program and will work closely with engineering partners to ensure the application’s security. The ideal candidate has over 5... 

    Rippling

    San Francisco, CA
    1 day ago
  • A leading tech organization is seeking a Product Security Engineer to lead security initiatives and safeguard its innovative products. This hands-on role involves embedding security throughout the development lifecycle, performing in-depth code reviews, and managing vulnerability... 

    Tools for Humanity

    San Francisco, CA
    3 days ago
  • A leading mental health solutions company is seeking a security engineer to enhance product security and compliance. The role involves analyzing application vulnerabilities, integrating security practices across development, and collaborating with engineering teams. Candidates... 
    Remote work

    Modern Health

    San Francisco, CA
    2 days ago
  •  ...identity verification infrastructure where security isn't a layer we add later, it's core to...  .... As AI tooling expands what engineers can build and how fast they can build it...  ...that scale security across every team and product. Partner with product engineers to shape... 
    Full time
    For contractors
    Internship
    Relocation package

    Persona

    San Francisco, CA
    2 days ago
  • $300 per month

     ...energy and intelligence. We’re crafting the engine that powers a world where people can...  ...infrastructure. About This Role At Crusoe, the AI Security Engineer is central to ensuring the...  ..., moving from proof‑of‑concept to production at scale. Secure MLOps & Governance: Establish... 
    Temporary work

    Crusoe Energy Systems LLC

    San Francisco, CA
    2 days ago
  • A leading identity verification company in San Francisco seeks a skilled Product Security Engineer. In this role, you'll drive the vulnerability lifecycle, design scalable security systems, and partner with engineers to ensure secure product development. Candidates should... 
    Relocation package

    Persona

    San Francisco, CA
    2 days ago
  • $189k - $315k

    Rippling in San Francisco is looking for a hands-on staff security engineer to build their Product Security program. You will address a variety of security challenges in a supportive and collaborative environment as a vital team member. With a focus on eliminating vulnerabilities... 

    Rippling

    San Francisco, CA
    1 day ago
  • Airwallex Pty Ltd. is looking for a Staff Product Security Engineer in San Francisco to join the Information Security team. This hands-on role involves designing and managing security controls to protect our infrastructure and systems against cybersecurity threats. The... 

    Airwallex Pty Ltd.

    San Francisco, CA
    5 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Product Security Engineer. Be the first to apply!