← BACK_TO_JOBS

Senior Security Software Engineer, v0

Vercel · Hybrid - San Francisco, New York City, London, Berlin · posted 1 day ago
FULL_TIME Software / IT
SeniorNext.js

About Vercel:

Vercel is the agentic infrastructure company. We free people and agents to ship what’s next.

For more than a decade, Vercel has shaped how the web is built. As the team behind Next.js, v0, and AI SDK, we create products that help builders move from idea to production with speed, security, and exceptional developer experience.

Now, software is entering a new era, and the next generation of products will not just be used by people. They will be built, extended, and operated by agents.

We are building the platform for that future, trusted by companies like OpenAI, PayPal, Ramp, Supreme, and millions of developers worldwide. Whether you’re building our products, supporting our customers, growing our community, or shaping our story, you’ll help define what comes next.

About the role

v0 turns natural language into working, deployed applications. An agent writes code, executes it, and ships it on a user's behalf. That makes v0 one of the most interesting and highest-stakes security surfaces at Vercel: sandboxed code execution, multi-tenant isolation, permission boundaries between what a user asked for and what the agent actually did, and resistance to prompt injection and tool misuse.

We're looking for a Senior (IC4) software engineer with a strong security background to sit fully embedded inside the v0 team, not as a rotating auditor who reviews designs and files tickets, but as a peer engineer who owns security end to end for everything v0 ships. That means finding and fixing vulnerabilities yourself, building security features directly into the product, reviewing every new feature and launch before it goes out, and running the relationship with our HackerOne researcher community for anything v0-related. You'll spend real time being a great generalist engineer: building features, fixing bugs, shipping to production alongside the rest of the team. The difference is that you bring security judgment and hands-on ownership to everything the team builds, and you're the one who catches the sandbox escape, the auth gap, or the injection vector before it ships, rather than after.

This role reports into the security organization but is deployed full-time with v0, and is evaluated as much on shipped product velocity as on security outcomes. As a senior (IC4) engineer, you're expected to operate independently, set the security bar for the team, and be trusted to make the final call on v0-specific tradeoffs.