Application Security Engineer - Vercel San Francisco, California, United States Bookmark Share Print 310 0 0

Listing Description

About Vercel:


At Vercel, we are building an open-source developer tools platform that enables developers to build and iterate on the web without sinking time and money into DevOps. We are a remote-first and globally distributed team, and we want to shape the future of the web by making cloud computing accessible to everyone. Our philosophy is based on the principles of learning, collaboration, transparency, experimentation, and passion.



  • We are goal-driven and dedicated

  • We use our own tools every day

  • We thrive together with our community

  • We are customer-obsessed

  • We believe in people's ability to grow


 


About the Role:


In this role you will get the opportunity to work with a small but mighty security team to continue building out the nascent security program at Vercel. If you like greenfields and challenges, in a supportive environment, Vercel is the place for you.


The Application Security Engineer will be responsible for ensuring that applications are designed and deployed in alignment with our InfoSec Policy standards and industry best practices. This includes performing security assessments, conducting risk analysis, and recommending corrective actions to relevant teams.


You will work across the organization with developers, architects, product managers, and others to determine security requirements for projects and ensure that these requirements are met as part of the software development lifecycle (SDLC).


 


Getting Started:



  • We want you to feel like part of the team early on! Our team will help integrate you into the company with explanations on our product, policies, processes, team structure and roadmap.

  • We’re excited for you to learn, grow, and contribute right away! We trust that you’ll bring experience and knowledge that will uplift and up-level the team, but we don’t expect you to know everything on Day 1.


 


What You Will Do:



  • Partner with engineering to perform threat modeling of new and existing applications, as well as conducting secure design and code reviews

  • Identify, assess, and mitigate security risks throughout the software development life cycle

  • Develop and implement security controls to guard the Vercel application and its platform from attack

  • Help define the Vercel Application Security strategy and program,

  • Work with security researchers to grow the Vercel Bug Bounty program into a world-class, researcher-friendly program


 


About You:



  • 5+ years of experience in an application security role

  • Hands-on experience with one or more scripting languages (e.g., JavaScript, Python, Perl, Bash)

  • Experience supporting and guiding technical programs in the area of application security

  • Sharp eye for issue-spotting and figuring out how to exploit or defend against them. You don't like to let issues go unfixed.

  • Seek out opportunities to effectively collaborate across teams and develop security processes.  You can explain technical concepts without jargon, and keep security relatable.

  • Willing to find creative ways to improve security without blocking others.  You are thoughtful about finding the right balance between security and enabling the company to grow.

  • Passionate about all things security - tooling, hacking, breaking, and a desire to enable others to do the same

  • Have guided engineering teams to perform threat modeling, and recommended remediations to address discovered gaps


 


Bonus If You:



  • Worked as a product engineer delivering code

  • Existing security related certifications: CEH, OSCP, etc.

  • Familiarity with a variety of software development & automation tools (e.g., Jenkins, CircleCI, Git, Github, etc.)

  • Are an avid learner with an insatiable curiosity, leading you to novel approaches


 


Benefits:



  • Competitive compensation and stock options

  • Inclusive Healthcare Package

  • Flexible working style - 100% remote, with teammates located throughout the globe

  • Learn and Grow - we provide mentorship and send you to events that help you build your network and skills

  • Unlimited PTO - 4 weeks recommended per year. Take time when you need it.

  • We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed


 


Vercel is committed to fostering and empowering an inclusive community within our organization. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Vercel encourages everyone to apply for our available positions, even if they don't necessarily check every box on the job description.


 

Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided

 

  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided

About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Useful Links

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765

requests@ninjajobs.org
www.ninjajobs.org
Chat with us!