Vercel
Senior Product Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Vercel
Vercel is a cloud-based Frontend Cloud platform founded in 2015, originally known as Zeit until its rebranding in 2020. The company focuses on enhancing the front-end developer experience by providing tools for building, previewing, deploying, scaling, and securing high-performance web applications and websites. Vercel's core offering includes the open-source React framework Next.js, which supports both static and dynamic sites, and a cloud platform for deploying front-end applications. The platform emphasizes ease of use with single-tap deployment, global speed, and accessibility. Vercel also offers AI-powered tools, such as v0, which generates unique user interfaces. The company serves a diverse range of clients, from individual developers to large enterprises like Walmart and Netflix, and has experienced significant growth, reaching a $200 million annual recurring revenue target by 2025. Vercel is backed by notable investors, including Accel and BlackRock, and aims to provide a comprehensive web development solution from idea to production.
Security at Vercel
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Vercel emphasizes a "purpose-built"secure development environment where security is embedded into developer workflows to enable speed without sacrificing safety.
- They operate on a shared responsibility model. **Stated AppSec Mission:** - "Purpose-built for secure development"– Security (https://vercel.com/security) - "A comprehensive security strategy requires active protection, robust policies, and compliance frameworks"– Vercel security overview (https://vercel.com/docs/security) **Developer Enablement vs. Gatekeeping:** - "The platform-wide firewall is fully managed by Vercel and requires no configuration"– Life of a Vercel request blog (https://vercel.com/blog/life-of-request-securing-your-apps-traffic-with-vercel) ⚠️ - "By embedding security tooling into developer workflows, you will help catch issues early"– Senior Product Security Engineer job posting **Risk Philosophy:** - "shared responsibility model"– Vercel security overview (https://vercel.com/docs/security) - "Threat Modeling & Design Review: Partner with engineering and product teams to perform threat modeling"– Senior Product Security Engineer job posting **Stated Pain Points or Goals:** - "automating remediation"– Senior Product Security Engineer job posting: mentions "SDLC Tooling & Automation" - "own and expand Vercel's bug bounty program"– Senior Product Security Engineer job posting.
Security Team
- Vercel's security organization is led by a Chief Information Security Officer (CISO) and a CTO of Security.
- The team includes roles such as Senior Product Security Engineers and Staff Cloud Security Engineers, with an estimated size of 20-50 members globally. **Org Structure & Reporting Line:** - "I joined Vercel as its first Chief Information Security Officer"– Ty Sbano LinkedIn post (https://www.linkedin.com/posts/tysbano_i-joined-vercel-as-its-first-chief-information-activity-7354213589244641283-yHcE) - "Talha Tariq joins Vercel as CTO (Security)"– Vercel blog (https://vercel.com/blog/talha-tariq-joins-vercel-as-cto-security) **Key Public-Facing Leaders:** - Ty Sbano, Chief Information Security Officer – https://www.linkedin.com/in/tysbano - Talha Tariq, CTO (Security) – https://www.linkedin.com/in/talhatariq - Kalyani Pawar, Product Security at Vercel – https://www.linkedin.com/in/kalyani-pawar5 **Team Size Estimate (as_of:):** - LinkedIn Search Query: "site:linkedin.com Vercel product security OR application security OR security engineer"(geo: Global) - Result: ~20-50 (Estimate based on multiple LinkedIn profiles and job postings) **Active AppSec Job Postings (as_of:):** - Count: 3+ (Senior Product Security Engineer.
- Staff Cloud Security Engineer.
- Senior Software Engineer, Trust & Safety) (E-010, E-011, E-012) **Common Skill/Tool Patterns:** - "using GitHub Advanced Security"– Senior Product Security Engineer job posting (Job ID: senior-product-security-engineer-us-5787232004), - "static analysis checks"– Vercel security compliance page (https://vercel.com/docs/security/compliance) - "dependency scanning"– Senior Product Security Engineer job posting - "secret detection"– Senior Product Security Engineer job posting.
Key Initiatives
Vercel focuses on "shifting left"by embedding security tools into the SDLC and maintaining a robust vulnerability management process through bug bounties and automated scanning. **Security Champions Program:** - Status: No Evidence Found (Information not publicly available) **"Shift Left"in Practice:** - "embedding security tooling into developer workflows"– Senior Product Security Engineer job posting - "evaluate, select, and integrate security tools into our Software Development Life Cycle"– Senior Product Security Engineer job posting **Vulnerability Management Process:** - **Intake:** "You will triage and validate incoming vulnerability reports from the security researcher community"– Senior Product Security Engineer job posting - **Bug Bounty:** "own and expand Vercel's bug bounty program"– Senior Product Security Engineer job posting - **Triage/Remediation:** "daily code reviews and static analysis checks"– Security & Compliance Measures page (https://vercel.com/docs/security/compliance) **Secure SDLC Artifacts:** - "Threat Modeling & Design Review: Partner with engineering and product teams to perform threat modeling"– Senior Product Security Engineer job posting - "regular penetration testing through third-party penetration testers"– Security & Compliance Measures page **Recent Initiatives (Last 6 Months):** - "Talha Tariq joins Vercel as CTO (Security)"– Vercel blog announcement ⚠️ - "Agent now detects vulnerable (to React2Shell) packages... automatically generates pull requests"– LinkedIn post by Talha Tariq
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.