At Vercel, we believe that liberating the frontend unlocks creativity and open-source is the best way forward.
We are building a next-generation internet where developers can create freely and execute new ideas, guaranteeing a more vibrant, personalized internet. Vercel’s platform provides the speed and reliability to create at the moment of inspiration. In other words, our friction-less, real-time deployment makes it possible to start working on projects immediately — anywhere in the world.
Our globally-distributed team works asynchronously to lead the React ecosystem and serve developers at large companies. We pride ourselves on our diversity, shared urgency to iterate, team-oriented decision making, and drive to dig deep.
About the Role:
In this role you will get the opportunity to work with a small but mighty security team to continue building out the nascent security program at Vercel! If you like greenfields and challenges, in a supportive environment, Vercel is the place for you!
The Application Security Manager will be responsible for ensuring that applications are designed and deployed in alignment with our InfoSec Policy standards and industry best practices. This includes performing security assessments, conducting risk analysis, and recommending corrective actions to relevant teams.
You will work across the organization with developers, architects, product managers, and others to determine security requirements for projects and ensure that these requirements are met as part of the software development lifecycle (SDLC).
- We want you to feel like part of the team early on - Our team will help integrate you into the company with explanations on our product, policies, processes, team structure and roadmap.
- We are excited for you to learn, grow, and contribute right away - We trust that you’ll bring experience and knowledge that will uplift and up-level the team, but we don’t expect you to know everything on Day 1.
What You Will Do:
- Partner with engineering to perform threat modeling of new and existing applications, as well as conducting secure design and code reviews
- Identify, assess, and mitigate security risks throughout the software development life cycle
- Develop and implement security controls to guard the Vercel application and its platform from attack
- Help define the Vercel Application Security strategy and program,
- Work with security researchers to grow the Vercel Bug Bounty program into a world-class, researcher-friendly program
- 5+ years of experience in an application security role (or relevant software engineering experience + 1-2 years in application security)
- Experience supporting and guiding technical programs in the area of application security
- Sharp eye for issue-spotting and figuring out how to exploit or defend against them. You don't like to let issues go unfixed.
- Seek out opportunities to effectively collaborate across teams and develop security processes. You can explain technical concepts without jargon, and keep security relatable.
- Willing to find creative ways to improve security without blocking others. You are thoughtful about finding the right balance between security and enabling the company to grow.
- Passionate about all things security - tooling, hacking, breaking, and a desire to enable others to do the same
- Have guided engineering teams to perform threat modeling, and recommended remediations to address discovered gaps
Bonus If You:
- Worked as a software engineer delivering code
- Existing security related certifications: CEH, OSCP, etc.
- Familiarity with a variety of software development & automation tools (e.g., Jenkins, CircleCI, Git, GitHub, etc.)
- Are an avid learner with an insatiable curiosity, leading you to novel approaches
- Competitive compensation and stock options
- Inclusive Healthcare Package
- Flexible working style - 100% remote, with teammates located throughout the globe
- Learn and Grow - we provide mentorship and send you to events that help you build your network and skills
- Unlimited PTO - 4 weeks recommended per year. Take time when you need it.
- We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed
Vercel is committed to fostering and empowering an inclusive community within our organization. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Vercel encourages everyone to apply for our available positions, even if they don't necessarily check every box on the job description.