Senior Product Security Engineer

📋 Description

• Lead threat modeling and security design for features.
• Conduct secure code reviews for Next.js/Node.js/serverless apps.
• Oversee open-source security efforts, patching and disclosures.
• Drive SDLC tooling and automated security checks (GHAS, SAST/DAST).
• Manage Vercel’s bug bounty program; triage reports and fixes.
• Lead cross-organizational security initiatives.
• Support customers with security docs and audits.

🎯 Requirements

• 5+ years in product security or related field with web apps.
• Strong JavaScript/TypeScript and Node.js security; Next.js/React.
• Threat modeling and secure SDLC expertise.
• Experience with SAST/DAST, dependency scanners, CI/CD security; GitHub Advanced Security.
• Open source security and supply chain management (Dependabot/Snyk).
• Bug bounty or vulnerability management experience.
• Cloud and serverless security understanding.
• Technical leadership and cross-functional collaboration.

🎁 Benefits

• Competitive compensation and equity.
• Comprehensive healthcare coverage.
• Learning and mentorship opportunities.
• Flexible time off.
• Home office gear budget.