Vercel is seeking a Security Engineer focused on open source frameworks to enhance the security of their widely used projects like Turborepo, Nuxt, Svelte/SvelteKit, SWR, Workflow, and Nitro. This role offers a high-leverage opportunity to identify and eliminate entire classes of vulnerabilities at the framework level, rather than addressing individual bugs. The engineer will conduct in-depth security assessments, drive framework-level fixes and design changes, and manage the handling of externally reported vulnerabilities, including coordinated disclosure and CVEs. A key responsibility will be owning Vercel's open source bug bounty program for these projects, involving triage, validation, and coordination of fixes with maintainers. The role also emphasizes integrating security early in the design process, building preventive tooling, and ensuring supply chain security for these open source projects. Collaboration with the open source community, including maintainers and researchers, is crucial, with a focus on pragmatic security recommendations and transparent operation.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed