Senior Security Software Engineer, v0
Vercel · San Francisco, CA · Yesterday
Engineering$208k–$312k/yrFull-time
About the role
v0 turns natural language into working, deployed applications. An agent writes code, executes it, and ships it on a user's behalf. This role involves:
- Proactively hunting for vulnerabilities across v0, from code review to system testing.
- Building and implementing security features directly into the product.
- Reviewing all new v0 features and launches before they go live.
- Owning the HackerOne relationship for v0, triaging, validating, and driving fixes for reports.
- Understanding and refining the v0 threat model, including sandboxing, isolation, permission boundaries, and defenses against prompt injection and tool misuse.
- Harden code execution boundaries and create patterns, libraries, and checks for quick, secure development.
- Partnering with the broader security team while making the final call on v0-specific tradeoffs.
- Thinking like an attacker and an agent to reason about potential misuse of v0.
Requirements
You should have:
- 5+ years of experience building and shipping production web applications, operating independently (IC4/Senior).
- Comfortable in TypeScript, React, and Node, and able to work in the same codebase and velocity as the v0 team.
- A strong understanding of authN/authZ design, sandboxing and isolation, injection vulnerability classes, and the unique attack surface of an AI agent writing and running code.
- The ability to influence through code rather than just process, and to fix root causes in PRs rather than writing policies.
- Experience with sandboxing, container isolation, or multi-tenant systems.
- Hands-on experience with prompt injection, jailbreak, or LLM application security research.
- Previous experience shipping a coding agent, dev tool, or code-generation product end-to-end.
- Relevant security certifications (OSCP, OSWE) or notable bug bounty / CTF history.
Qualifications
Additional qualifications include:
- Enjoy building content and talking publicly about your work, such as through blog posts, conference talks, or research writeups.
- Already a v0 user or familiar with how it and Vercel's broader product line work.
Skills
Key skills include:
- Strong full-stack fundamentals in TypeScript, React, and Node.
- Experience with sandboxing, container isolation, or multi-tenant systems.
- Hands-on experience with prompt injection, jailbreak, or LLM application security research.
- Previous experience shipping a coding agent, dev tool, or code-generation product end-to-end.
Benefits
Benefits include:
- Competitive compensation package, including equity.
- Inclusive Healthcare Package.
- Learn and Grow - mentorship and event attendance.
- Flexible Time Off.
- Company-provided gear and a WFH budget.