Security Engineer, Cloud

## About the Role The Security Engineer, Cloud position at Vercel is a crucial role that focuses on strengthening the security of the company's platform by designing and implementing scalable security controls. This involves working closely with various teams to integrate security best practices into architecture and workflows, ensuring the platform's security and resilience. The ideal candidate will have a deep understanding of secure cloud infrastructure and the ability to balance engineering realities with principled security practices.

As part of the Cloud Security Engineering team, the successful candidate will report to the Security Operations Manager. The role is fully remote within the United States, with the option for in-office anchor days for those based near Vercel's SF or NY offices. This position is key to Vercel's mission to free people and agents to ship what's next, by ensuring the security and integrity of the platform.

The role entails a mix of strategic planning, technical implementation, and collaboration with cross-functional teams. The Security Engineer will be responsible for staying ahead of cloud security trends and adopting cutting-edge technologies to enhance platform resilience. This includes conducting threat modeling, risk analysis, and mitigation planning for critical systems, as well as driving improvements in monitoring, detection, and incident response at the platform level.

## What You Will Do - Design and implement scalable security controls across Vercel's cloud-native platform - Harden infrastructure components using infrastructure-as-code, policy enforcement, and service isolation - Build secure by default infrastructure and code CI/CD pipelines - Collaborate with platform and infrastructure teams to integrate security best practices into architecture and workflows - Stay ahead of cloud security trends and adopt cutting-edge technologies to enhance platform resilience - Conduct threat modeling, risk analysis, and mitigation planning for critical systems - Drive improvements in monitoring, detection, and incident response at the platform level - Build, deploy, and maintain relevant tooling - Participate in the development of security automation pipelines - Contribute to the security community through open-source projects or tools

## What We Are Looking For - 8+ years of experience in infrastructure or platform security roles - Deep understanding of secure cloud infrastructure (AWS/GCP), identity and access management, and system hardening - Proficient with tools like Terraform, CDK, Kubernetes, and CI/CD security - Skilled at balancing engineering realities with principled security practices - Proven track record of shipping secure, resilient systems at scale - Experience with threat modeling and risk analysis - Strong understanding of security best practices and compliance requirements - Excellent communication and collaboration skills

## Nice to Have - Experience with building or scaling security automation pipelines - Contributions to open-source security projects or tools - Certifications such as GCP Security Engineer, AWS certifications, CISSP, or OSCP - A bachelor's or master's degree in Cybersecurity or similar disciplines - Experience with cloud security architectures and designs

## Benefits and Perks - Competitive compensation package, including equity - Inclusive Healthcare Package - Learn and Grow - we provide mentorship and send you to events that help you build your network and skills - Flexible Time Off - WFH budget for you to outfit your space as needed - Access to the latest tools and technologies - Opportunities for professional growth and advancement - Collaborative and dynamic work environment - Recognition and rewards for outstanding performance

- To stand out, make sure your resume and cover letter highlight specific examples of cloud security projects you've led or contributed to, including any open-source projects.

• Be prepared to discuss your experience with security automation pipelines and how you've implemented them in previous roles.
• When preparing for the interview, review the latest cloud security trends and be ready to discuss how you stay current with industry developments.
• Consider creating a portfolio that showcases your security projects, including any code repositories or certifications you've obtained.
• During salary negotiations, be prepared to discuss your expectations based on industry standards and your level of experience.
• Pay attention to the company culture and values during the interview process, and be sure to ask about opportunities for professional growth and development.