Senior Application Security Engineer

Job Description

Vercel is seeking a Senior Application Security Engineer to join their security team. This role involves driving critical application security initiatives across Vercel’s products and platform. The ideal candidate will focus on threat modeling, open-source software security, secure code review, SDLC tooling, and bug bounty program management. This hybrid role is based in Vercel's San Francisco office, requiring three days per week in the office.

The Senior Application Security Engineer will support both internal product engineering teams and customer-facing security programs, ensuring security is embedded throughout the development lifecycle. They will lead cross-organizational security projects and champion a security-first culture within Vercel’s engineering organization. This role secures Vercel’s core infrastructure and applications and influences the security of the open-source ecosystems Vercel contributes to.

What this role involves:

• Threat Modeling & Design Review
• Secure Code Review
• Open Source Security Management
• SDLC Tooling & Automation
• Bug Bounty Program Management
• Cross-Organizational Security Initiatives
• Customer-Facing Security Support

Requirements:

• 5+ years of experience in Application Security or Product Security
• Proficiency in JavaScript/TypeScript and Node.js runtime security
• Experience with modern web frameworks (Next.js or React)
• Ability to perform threat modeling and architectural risk analysis
• Hands-on experience with application security tooling (SAST, DAST)
• Knowledge of open-source security best practices
• Exposure to bug bounty programs or vulnerability disclosure processes
• Understanding of cloud architecture and serverless environments
• Proven ability to drive security initiatives and influence engineering teams

What Vercel offers:

• Competitive compensation package, including equity
• Inclusive Healthcare Package
• Flexible Time Off