Senior Security Software Engineer, V0

Vercel Vercel · Enterprise · United States · Remote · Security

Senior Security Software Engineer for Vercel's v0 product, which turns natural language into deployed applications by an agent writing and executing code. The role focuses on end-to-end security ownership, including finding/fixing vulnerabilities, building security features, reviewing new features, and managing the HackerOne relationship for v0. Requires strong software engineering and security judgment, with a focus on securing agentic infrastructure.

What you'd actually do

  1. Find and fix issues yourself: Proactively hunt for vulnerabilities across v0, from code you're reviewing to systems you're actively poking at, and ship the fix, not just the finding.
  2. Build security features directly into the product: Design and implement the security-facing functionality itself (sandboxing/isolation controls, permission boundaries, abuse detection, safe defaults for generated apps) as a normal part of the v0 roadmap, not a side project.
  3. Review all new v0 features and launches: Be the security reviewer of record for everything the team ships (new capabilities, generated-app patterns, integrations) before it goes out the door.
  4. Own the HackerOne relationship for v0: Triage, validate, and drive fixes for reports from Vercel's HackerOne researcher community that touch v0, and work directly with researchers on reproduction and remediation.
  5. Own the v0 threat model: Understand and continuously refine how v0 generates, executes, and deploys code, including sandbox/runtime isolation, permission boundaries between agent actions and user intent, and defenses against prompt injection and tool-use abuse.

Skills

Required

  • 5+ years building and shipping production web applications
  • TypeScript
  • React
  • Node
  • authN/authZ design
  • sandboxing and isolation
  • injection vulnerability classes
  • reason about 'an AI agent writing and running code' as a novel attack surface

Nice to have

  • security background

What the JD emphasized

  • security judgment
  • security background
  • security surface
  • security outcomes
  • security reviewer
  • security-facing functionality
  • security conscience
  • security reports
  • security tradeoffs

Other signals

  • AI agent writing code
  • sandboxed code execution
  • multi-tenant isolation
  • prompt injection
  • tool misuse