Vercel: Senior Product Security Engineer

Related keywords: remote job san franciscofully remote jobremote job software engineer

Overview

Vercel, a company dedicated to providing developers tools and cloud infrastructure for building, securing, and scaling web applications, is on the lookout for a Senior Product Security Engineer. This role is geared towards individuals with a strong background in product security and offers a comprehensive, flexible, and fully remote working environment.

Company Profile

Vercel is well-known for its contributions to projects like Next.js, which is pivotal to modern web development. Their client base includes prominent names such as Ramp, Supreme, PayPal, and Under Armour. The company strives to empower its team members to create the best products, instilling a culture where every employee can contribute positively to the organization.

Job Role

As a Senior Product Security Engineer at Vercel, your primary responsibility will be to lead and enhance critical security initiatives. This includes:

Responsibilities

• Threat Modeling & Design Review: Work closely with engineering and product teams to carry out threat modeling on both new and existing features, ensuring potential risks are identified and effective security measures are put in place.

• Secure Code Review: Conduct thorough reviews and assessments of code written for products and services utilizing technologies like Next.js and Node.js, focusing on identifying vulnerabilities and promoting best practices within the engineering team.

• Open Source Security Management: Lead efforts in overseeing open-source security, addressing vulnerabilities in third-party packages, and maintaining security in the open-source projects Vercel contributes to.

• SDLC Tooling & Automation: Integrate security measures into the Software Development Life Cycle (SDLC), leveraging tools such as GitHub Advanced Security and promoting automated security checks.

• Bug Bounty Program Management: Manage and enhance Vercel’s bug bounty program, ensuring timely responses to vulnerabilities and fostering a positive relationship with security researchers.

• Cross-Organizational Security Initiatives: Lead collaborative projects across different departments to enhance the company’s security framework and practices.

• Customer-Facing Security Support: Assist with security-related efforts that impact users, contributing to documentation and providing insights during security assessments.

Qualifications

To succeed in this role, candidates must possess:

Required Skills

• A minimum of 5 years in a product security-related role with verifiable experience in securing web products.

  

• Proficiency in JavaScript/TypeScript and Node.js security and experience with modern web frameworks, preferably Next.js.

• Strong skills in threat modeling, architectural risk analysis for complex products, and integration of security into fast-paced SDLC.

• Experience with security tools such as SAST, DAST, and dependency vulnerability scanners, and familiarity with CI/CD security integration.

• Knowledge of open-source security considerations and experience managing open-source dependencies.

Preferred Qualifications

• Previous experience interacting with bug bounty programs and a solid understanding of vulnerability management processes.

• Familiarity with cloud and serverless security, and the capability to manage security across various cloud platforms.

• Technical leadership qualities that can influence engineering teams to adopt best security practices.

• Bonus credentials may include relevant security certifications, prior software development experience, or contributions to security community projects.

Benefits

Vercel offers a competitive benefits package that includes:

• A competitive compensation package with equity options.

• An inclusive healthcare plan.

• Opportunities for professional growth such as mentorship and access to skill-building events.

• Flexible time-off policies to support work-life balance.

• Necessary work-from-home equipment and a budget to optimize the workspace.

Salary Information

The salary range for this role based in San Francisco, CA varies from $196,000 to $294,000, depending on the candidate's skills and experience. This salary range might be adjusted based on locations outside of San Francisco.

Application Process

Candidates interested in applying for this role are encouraged to connect with Vercel's recruiting team for specific location details or any inquiries about the job. With an emphasis on security and a culture of innovation, Vercel presents an exceptional opportunity for experienced security professionals looking to make a significant impact in a fully remote position. As digital security remains a paramount concern in today’s technological landscape, Vercel seeks proactive individuals who are driven to lead security initiatives and foster a culture of safety within software development.

This job offer was originally published on weworkremotely.com