Vercel
Strengthen web application security by researching vulnerabilities, developing tailored WAF rules, and educating customers on best practices using Vercel's tools. Collaborate with teams to enhance product security and represent Vercel in the industry.
Avara
Enhance smart contract security at Avara by conducting audits, researching vulnerabilities, and implementing secure protocols across blockchain systems. Join a diverse team dedicated to building a people- powered internet.
Nethermind
Join our research team to explore blockchain protocols, including coordination mechanisms, composability, and on-chain AI integration. Contribute to groundbreaking research in a distributed environment with remote flexibility and equity opportunities.
Kueski
Lead complex UX research projects at Kueski, a technology company in Mexico improving financial lives through innovative services.
AffiniPay
Lead user experience research initiatives, develop methodologies, and guide a team to create products that meet customer needs. Collaborate with cross-functional teams to drive strategic projects impacting long-term success.
Contentsquare
UX Researcher for Growth line, leading strategic research end-to-end and enabling tactical research within product teams.
Twilio
Lead telecom network security at Twilio, collaborating with senior teams to ensure secure-by-design principles across products and services while adhering to compliance standards.
ElevenLabs
Join ElevenLabs as an ML Researcher and contribute to shaping the future of voice technology with cutting-edge research and innovative solutions.
WorkOS
Join WorkOS as a Security Engineer to enhance our security infrastructure, ensuring the safety of authentication and identity solutions for thousands of SaaS customers. Lead security projects, mentor teams, and implement best practices using tools like SCA, SAST, DAST, and CNAPP.
Wealthfront
Join Wealthfront's Security Engineering team as a security-minded engineer to build and mature security solutions in a fast-growing fintech organization.
Binance
Quantitative Researcher (Convert) at Binance: design and implement pricing strategies for agency trading, risk management, and more.
Grow Therapy
Lead end-to-end user research, collaborate with cross-functional teams, analyze data, present findings, and support product development as a User Researcher at Grow.
CoinsPaid
Join CoinsPaid as Security Infrastructure Engineer and enhance secure development practices with logging systems, Hashicorp Vault, and DevSecOps tools.
GuidePoint Security
Security Engineer for medium to very large environments with expertise in firewalls, IDS/IPS solutions, malware prevention, routing & switching architectures, cloud edge security, and more.
Curai
Lead Security Engineer at Curai Health: Drive security initiatives, implement frameworks like ISO 27001/2 and NIST CSF, ensure HIPAA/SOC-2 compliance. Collaborate with engineering teams to maintain secure infrastructure in a remote-first environment.
Kitware
Research and Development Engineer position at Kitware, utilizing AI approaches to national security problems, with opportunities for collaboration and publication.
Seedify
Join Seedify.Fund as Junior Market Research Analyst & contribute to mid- & long-term actionable insights on crypto market trends & blockchain tech.
Gradient AI
Staff Security Engineer at Gradient AI: Manage overall security posture, lead risk assessments, cloud security, and implement best practices.
HackerRank
Support HackerRank's security by monitoring tools, conducting assessments, ensuring compliance, collaborating with teams, and maintaining documentation. Stay updated on emerging threats and maintain robust security practices.
Gusto, Inc.
Security Engineering role at Gusto, designing safe features with safety & privacy in mind, building security tools & services, 12+ yrs info sec exp reqd.
Vercel
Vercel is seeking a Security Researcher to enhance their security posture through vulnerability research in open-source projects like Next.js. The role involves developing WAF rule packs, creating educational materials, collaborating with cross-functional teams, and representing Vercel at industry events. Benefits include competitive compensation, healthcare, flexible time off, remote work options, and professional development opportunities.
Vercel’s Frontend Cloud provides the developer experience and infrastructure to build, scale, and secure a faster, more personalized web. Customers like Under Armour, eBay, The Washington Post, Johnson & Johnson, and Zapier use Vercel to build dynamic user experiences on the web.
At Vercel, our mission is to enable the world to ship the best products and that goes hand in hand with creating an environment where you can do the best work of your life.
Vercel is seeking a Security Researcher to strengthen our security posture through vulnerability research, particularly focusing on Vercel-maintained open-source projects like Next.js. You'll spearhead efforts to discover, report, and mitigate new security threats, develop framework-specific WAF rule packs (for Next.js, Svelte, and others), and improve product security by providing tailored, actionable guidance to our customers.
In this role, you'll represent Vercel at industry conferences, share research findings to establish thought leadership, and work closely with engineering, marketing, and customer success teams. You'll create educational materials, publish insights, and align product improvements with customer needs. This work will help customers maximize their application security through Vercel's native features while strengthening our position as a leader in application security and proactive threat mitigation.
Customer-Centric WAF Rule Development
Design WAF rule packs tailored to specific frameworks, such as Next.js, prioritizing rules that address the most relevant and framework-specific vulnerabilities.
Continuously refine these rules using real-time threat data, research findings, and customer feedback to maintain strong protection against emerging attack patterns.
Enablement through Education and Documentation
Create clear documentation, guides, and best practices for Vercel's WAF to help customers understand and set up security rules that match their specific needs.
Create educational materials and host webinars or workshops that equip customers with practical knowledge on utilizing Vercel's WAF to its full potential.
Proactive Threat Intelligence for Customers
Share research-based threat intelligence with customers to alert them about potential risks and provide specific recommendations for rule updates and configurations.
Work with customer success teams to identify and address high-risk customer environments, ensuring WAF configurations match each customer's unique security needs.
Collaborate on Security Feature Enhancements
Work closely with Vercel’s product team to ensure that customer-facing security features align with industry standards and emerging threats, making Vercel’s WAF adaptable to various customer applications.
Share insights from vulnerability research and customer feedback to shape product roadmaps, focusing on features that improve WAF effectiveness and usability across different customer needs.
Develop Security Tooling and Self-Service Enablement
Build tools or dashboards that allow customers to self-assess and monitor the effectiveness of WAF configurations, offering insights into blocked threats, rule performance, and custom rule capabilities.
Explore opportunities for customer-driven customization of WAF rules, empowering customers to address unique vulnerabilities while maintaining a default layer of robust security.
Customer Advocacy and Success Collaboration
Partner with customer success and support teams to address WAF-related inquiries, share guidance, and resolve complex security configurations.
Collect and synthesize customer feedback to continuously improve the WAF experience and address emerging needs in Vercel’s customer base.
Vulnerability Research Expertise: Proven experience identifying, reporting, and mitigating security vulnerabilities in open-source projects.
WAF Knowledge: Hands-on experience with Web Application Firewalls, ideally with rule customization and framework-specific tuning.
Strong Communication Skills: Ability to convey complex security concepts to both technical and non-technical audiences, including conference presentations and blog writing.
Cross-Functional Collaboration: Experience working closely with engineering, marketing, and customer success teams to drive security initiatives.
Customer Enablement Focus: Skilled in creating educational materials and supporting documentation for customers to optimize WAF configurations.
Industry Awareness: Familiarity with current security trends and emerging threats, with a proactive approach to continuous learning and application.
Built a Web Application Firewall Security product directly as an engineer
Achieved an Offensive Security certification and or Advanced SANS certification.
Great compensation package and stock options.
Inclusive Healthcare Package.
Learn and Grow - we provide mentorship and send you to events that help you build your network and skills.
Flexible Time Off - Flexible vacation policy with a recommended 4-weeks per year, and paid holidays.
Remote Friendly - Work with teammates from different time zones across the globe.
We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed.
The San Francisco, CA base pay range for this role is $216,000-$300,000. This salary range is an estimate. Actual salary will be based on job related skills, experience and location. Pay ranges outside San Francisco may be adjusted based on employee location. The total compensation package also includes benefits and equity-based compensation. Your recruiter can share more about the specific pay range for your location during the hiring process.
Vercel is committed to fostering and empowering an inclusive community within our organization. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Vercel encourages everyone to apply for our available positions, even if they don't necessarily check every box on the job description.
#LI-LC1
