jobloom

JobLoom finds jobs directly from company career sites before many job boards, then routes you into detailed role pages like this one.

engineering

Posted 3 hours ago

Senior Security Software Engineer, v0

at Vercel

New York City, United StatesHybrid

Responsibilities

  • Build security features directly into the product: Design and implement the security-facing functionality itself (sandboxing/isolation controls, permission boundaries, abuse detection, safe defaults for generated apps) as a normal part of the v0 roadmap, not a side project.
  • Review all new v0 features and launches: Be the security reviewer of record for everything the team ships (new capabilities, generated-app patterns, integrations) before it goes out the door.
  • Own the HackerOne relationship for v0: Triage, validate, and drive fixes for reports from Vercel's HackerOne researcher community that touch v0, and work directly with researchers on reproduction and remediation.
  • Own the v0 threat model: Understand and continuously refine how v0 generates, executes, and deploys code, including sandbox/runtime isolation, permission boundaries between agent actions and user intent, and defenses against prompt injection and tool-use abuse.
  • Build guardrails that don't slow the team down: Create patterns, libraries, and checks that let v0 engineers ship new generated-app capabilities quickly without reintroducing known bug classes (auth, SSRF, injection) each time.

Requirements

  • As the team behind Next.js, v0, and AI SDK, we create products that help builders move from idea to production with speed, security, and exceptional developer experience.
  • Strong full-stack fundamentals: Comfortable in TypeScript, React, and Node, and able to work in the same codebase, PR flow, and velocity as the rest of the v0 team.
  • Real security judgment: You understand authN/authZ design, sandboxing and isolation, injection vulnerability classes, and can reason about "an AI agent writing and running code" as a novel attack surface, even if your background so far has been primarily software engineering rather than a security title.
  • experience with sandboxing, container isolation, or multi-tenant systems.
  • Done prompt injection / jailbreak / LLM application security research on an agentic or AI-powered product.
  • Relevant security certifications (OSCP, OSWE) or notable bug bounty / CTF history. Nice to have, not required for this role.

Experience

  • You're a software engineer first: 5+ years building and shipping production web applications, at a level where you operate independently (IC4/Senior).

Benefits

  • We are building the platform for that future, trusted by companies like OpenAI, PayPal, Ramp, Supreme, and millions of developers worldwide .
  • You can pick up a normal feature ticket and ship it end to end, this is not a pure audit/review role.
  • Willing to build with v0, not just secure it: You're happy to actually go use v0 to build things and understand how our products work end to end, not just read the code from the outside. Bonus if you have
  • Competitive compensation package, including equity.
  • Inclusive Healthcare Package.
  • Learn and Grow - we provide mentorship and send you to events that help you build your network and skills. Flexible Time Off.
  • The San Francisco, CA base pay range for this role is $208,000.00 - $312,000.00.
  • Actual salary will be based on job-related skills, experience, and location.
  • Compensation outside of San Francisco may be adjusted based on employee location.
  • The total compensation package may include benefits, equity-based compensation, and eligibility for a company bonus or variable pay program depending on the role.

Additional details

  • Vercel is the agentic infrastructure company. We free people and agents to ship what’s next.
  • For more than a decade, Vercel has shaped how the web is built.
  • Now, software is entering a new era, and the next generation of products will not just be used by people. They will be built, extended, and operated by agents.
  • Whether you’re building our products, supporting our customers, growing our community, or shaping our story, you’ll help define what comes next. About the role
  • v0 turns natural language into working, deployed applications.
  • An agent writes code, executes it, and ships it on a user's behalf.
  • That makes v0 one of the most interesting and highest-stakes security surfaces at Vercel: sandboxed code execution, multi-tenant isolation, permission boundaries between what a user asked for and what the agent actually did, and resistance to prompt injection and tool misuse.
  • That means finding and fixing vulnerabilities yourself, building security features directly into the product, reviewing every new feature and launch before it goes out, and running the relationship with our HackerOne researcher community for anything v0-related.
  • You'll spend real time being a great generalist engineer: building features, fixing bugs, shipping to production alongside the rest of the team.
  • The difference is that you bring security judgment and hands-on ownership to everything the team builds, and you're the one who catches the sandbox escape, the auth gap, or the injection vector before it ships, rather than after.

Find more real-time jobs on JobLoom.