Product Security Engineer - Vercel

Key Responsibilities

• Design and integrate security controls into the product development lifecycle, ensuring secure defaults for cloud services, APIs, and serverless functions.
• Conduct threat modeling and risk assessments for new features, providing actionable mitigation strategies to engineering teams.
• Automate security testing and compliance checks within CI/CD pipelines using tools such as SAST, DAST, and container scanning.
• Collaborate with product, engineering, and infrastructure teams to define security requirements, review code, and respond to incidents.
• Maintain and evolve security policies, standards, and best‑practice documentation for the platform.

Requirements

• 5+ years of experience in application or product security, preferably in cloud‑native environments.
• Strong knowledge of AWS security services, IAM, networking, and encryption mechanisms.
• Proficiency with security tooling and automation (e.g., Snyk, CodeQL, OWASP ZAP, Terraform, GitHub Actions).
• Hands‑on experience in TypeScript/JavaScript development and modern web frameworks.
• Excellent communication skills and a track record of influencing cross‑functional teams on security best practices.