Jobs / Ver***

Security Software Engineer, Open Source Frameworks

Ver*** · Berlin, NY, United States
Visa sponsorship details are locked. Unlock company name and apply link with .
Berlin, NY, United States208,000-312,000 USD/yearlyRemote
Remuneration
208,000-312,000 USD/yearly
Location
Berlin, NY, United States
Visa sponsorship
Sponsors visa

Job summary

Security & IT Berlin, London, New York City, San Francisco Full Time About Ver***: Ver*** is the agentic infrastructure company. We free people and agents to ship what’s next. For more than a decade, Ver*** has shaped how the web is built.

Benefits

Competitive compensation package, including equity.Inclusive Healthcare Package.Learn and Grow - we provide mentorship and send you to events that help you builEquity-based compensation, and eligibility for a company bonus or variable pay pYour recruiter can share more details during the hiring process.Vercel is committed to fostering and empowering an inclusive community within ouVercel encourages everyone to apply for our available positions, even if they do

Qualifications

  • As the team behind Next.js, v0, and AI SDK, we create products that help builders move from idea to production with speed, security, and exceptional developer experience.

Responsibilities

  • You'll also own how these projects handle externally reported vulnerabilities, coordinated disclosure, and CVEs, working directly with maintainers and the open source security community.
  • Drive root-cause framework fixes: Push design changes upstream that eliminate a category of vulnerability across every application built on the framework, rather than patching individual instances as they're reported.
  • Own vulnerability disclosure and CVEs: Triage security reports from the community and researchers across Turborepo, Nuxt, Svelte/SvelteKit, SWR, Workflow, Nitro, and other maintained OSS projects.
  • Coordinate embargoed fixes, write and publish advisories, and manage the CVE/CNA process end to end.
  • Run the OSS bug bounty program for these projects: Own triage and validation of incoming reports to Ver***'s open source bug bounty program for Turborepo, Nuxt, Svelte/SvelteKit, SWR, Workflow, and Nitro.
  • Reproduce findings, assess severity, and coordinate fixes with the right maintainers and researchers.
  • Get security into design early: Partner with framework maintainers and core teams during RFCs and design review, so new features ship with security considered from the first draft, not bolted on after a report comes in.
  • Build preventive tooling: Contribute linters, codemods, and CI checks that catch regressions of previously-fixed vulnerability classes before they land again.
  • Own supply chain security for these projects: Harden how dependencies, releases, and published packages for Turborepo, Nuxt, Svelte/SvelteKit, SWR, Workflow, and Nitro are built, signed, and distributed.
  • As more contributions and dependency updates are generated or assisted by AI agents, build the review and provenance practices that keep that increased volume safe.
  • Work with the community, not around it: Engage directly with maintainers, contributors, and external researchers as peers.
  • About you

Degrees

Associate

Languages

Arabic

Industry

EnergyHealthcareLogisticsMedia